================
@@ -6835,6 +6837,31 @@ the proper solution would be to create a different
function (possibly
an overload of ``baz()``) that accepts a safe container like ``bar()``,
and then use the attribute on the original ``baz()`` to help the users
update their code to use the new function.
+
+Attribute attached to fields:
+
+The attribute should only be attached to struct fields, if the fields can not
be
+updated to a safe type with bounds check, such as std::span. In other words,
the
+buffers prone to unsafe accesses should always be updated to use safe
containers/views
+and attaching the attribute must be last resort when such an update is
infeasible.
+
+The attribute can be placed on individual fields or a set of them as shown
below.
+.. code-block:: c++
+
+ struct A {
+ [[clang::unsafe_buffer_usage]]
+ int *ptr1;
+
+ [[clang::unsafe_buffer_usage]]
+ int *ptr2, buf[10];
+
+ [[clang::unsafe_buffer_usage]]
+ size_t sz;
+ };
+
+Here, every read/write to the fields ptr1, ptr2, buf and sz will trigger a
warning that the
+field has been explcitly marked as unsafe due to unsafe-buffer operations.
+
----------------
haoNoQ wrote:
Discussed offline - what I proposed is "a" solution but very much not
necessarily "the" solution so we probably shouldn't outright recommend it in a
document as low-level as compiler documentation.
https://github.com/llvm/llvm-project/pull/101585
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
