llvm-project
llvm-project copied to clipboard
mgehre
Annotate some thirdparty libraries
We can start with LLVM, and add [[gsl::Pointer]] to the source code of StringRef (and others).
What are other much used libraries? boost? (boost::unique_ptr, boost::ranges, etc) folly?
I think Qt is also widely used and have a bunch of containers that could be marked as owner etc. And there is the abseil library from google. Should we open pull request against the upstream projects?
There are some list of libraries: https://stackoverflow.com/questions/777764/what-modern-c-libraries-should-be-in-my-toolbox
Maybe XML/JSON libraries also have containers/iterators over the format?
For starters, it would be nice to annotate some of those libraries locally, and see if we can find some true-positives that way. For the script that you are running, can you get a statistic on which third-party libraries those projects use?
Oh, if we want to do it "locally", instead of annotating thing ourselves we could somehow just infer the type categories and if we see useful results we can add the corresponding annotations later on. I might have access to some Microsoft telemetry on popular libraries, I will look into what info can I disclose.
We should annotate llvm::sys::path::append(Path, arg2, arg3) to invalidate Path. This would have caught the error fixed in 53bd7ce4.