public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "redi at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/106926] string_view construction from literal string containing null/zero should warn
Date: Thu, 15 Sep 2022 20:21:46 +0000 [thread overview]
Message-ID: <bug-106926-4-FEp7v8h0tJ@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-106926-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106926
--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to John Zwinck from comment #2)
> I agree the same problem could happen with std::string. As for your idea to
> add an attribute, I assume you mean something like this:
>
> string_view(const char* s __attribute__((does_strlen)));
Yes.
> I think this would work but it seems like the attribute would have to be
> added in many places.
Why? I don't think there are that many places.
> Instead, the compiler could statically determine that
> the length of the string is lost in code like this:
>
> string_view foo("bad\0string");
How would it determine that? By inlining the eventual call to strlen (several
function calls down from the location of the literal)?
> And maybe even here:
>
> const char* bar = "another\0one";
>
> Though that may be a step too far because someone could hard-code the length
> 12 elsewhere, and there probably is code in the wild doing that.
I agree that's not a good idea.
> In general the diagnostic could apply wherever the compiler knows the
> contents will be copied.
But that doesn't apply to string_view, there's no copying. And such a warning
would require optimization and inlining to be effective. How would the compiler
know that? That's why I suggested an attribute, because the call site can give
a warning without having to know what happens inside the function, and
everything that it calls.
Relying on arbitrarily deep inlining doesn't sound like it will be very
effective, nor does expecting the compiler to just "know" which functions this
applies to.
> Since that's not always possible to know, maybe it
> could assume copying will happen when the literal is passed to an
> out-of-line function.
That seems like a bad idea too. Every function is "an out of line function" at
-O0.
next prev parent reply other threads:[~2022-09-15 20:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-13 12:27 [Bug c++/106926] New: " jzwinck at gmail dot com
2022-09-13 14:48 ` [Bug c++/106926] " redi at gcc dot gnu.org
2022-09-15 18:21 ` jzwinck at gmail dot com
2022-09-15 20:21 ` redi at gcc dot gnu.org [this message]
2022-09-16 14:24 ` jzwinck at gmail dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-106926-4-FEp7v8h0tJ@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).