Add -Wunsafe-buffer-usage to clang 16+ builds

[laurynas-biveinis]

Summary by CodeRabbit

• Chores
  • Added support for Clang 16+ compiler warnings with a new compiler-version gate and build logic to apply these warnings on non-Windows standalone builds.
  • Suppressed a specific Clang diagnostic around an object-span end() method to reduce noisy compiler warnings during builds.

[coderabbitai]

Walkthrough

Adds Clang 16+ warning support to CMake via a new version gate cxx_ge_16, a Clang-16 flag variable CLANG_GE_16_CXX_WARNING_FLAGS, and a platform/compiler gate is_clang_ge_16_not_windows; also suppresses a Clang warning around qsbr_ptr_span::end() in qsbr_ptr.hpp.

Changes

Cohort / File(s)	Summary
CMake: Clang 16 warning gating and propagation CMakeLists.txt	Added cxx_ge_16 generator-expression; introduced CLANG_GE_16_CXX_WARNING_FLAGS; added is_clang_ge_16_not_windows conditional; extended COMMON_TARGET_PROPERTIES with generator-expression $<$<AND:${is_standalone},${is_clang_ge_16_not_windows}>:${CLANG_GE_16_CXX_WARNING_FLAGS}> to apply Clang16+ warnings on non-Windows standalone builds.
Header: Clang warning suppression around end() include/.../qsbr_ptr.hpp	Wrapped qsbr_ptr_span::end() with Clang warning suppression macros (UNODB_DETAIL_DISABLE_CLANG_WARNING("-Wunsafe-buffer-usage") and UNODB_DETAIL_RESTORE_CLANG_WARNINGS()), adjusting warning restore ordering after MSVC macros; no API/logic changes.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer / CMake invocation
  participant CMake as CMake
  participant Targets as Build Targets

  Note over CMake: Configure phase evaluates compiler/version
  Dev->>CMake: run cmake configure
  CMake->>CMake: detect compiler, set cxx_ge_16
  CMake->>CMake: set is_clang_ge_16_not_windows
  CMake->>CMake: define CLANG_GE_16_CXX_WARNING_FLAGS
  CMake->>Targets: populate COMMON_TARGET_PROPERTIES
  Note over Targets: Generator-expression applies\nCLANG_GE_16_CXX_WARNING_FLAGS when\nis_standalone AND is_clang_ge_16_not_windows

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Review cxx_ge_16 generator-expression syntax and version threshold.
• Confirm is_clang_ge_16_not_windows correctly detects Clang >= 16 and excludes Windows.
• Verify CLANG_GE_16_CXX_WARNING_FLAGS formatting and consistency with existing flags.
• Check correct placement and pairing of the Clang warning suppression/restoration around qsbr_ptr_span::end() in qsbr_ptr.hpp.

Poem

Sixteen whispers to the build,
Flags gated, careful and fulfilled.
A quiet hush around an end,
Warnings tamed, no flow to bend.
Tiny changes, tidy yield.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly matches the primary change: adding Clang 16+ warning flag support and gating its application to non-Windows builds.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch clang-wunsafe-buffer-usage

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2332215 and dc17f7a.

📒 Files selected for processing (2)

• CMakeLists.txt (3 hunks)
• qsbr_ptr.hpp (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (1)

qsbr_ptr.hpp (1)

336-343: Warning suppression depends on unverified Clang version support.

The warning suppression logic is correct, but the past review claims -Wunsafe-buffer-usage isn't supported in Clang 16. If that's accurate, this suppression won't work for the intended Clang versions. See my comments on CMakeLists.txt for verification.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

CMakeLists.txt (3)

399-411: Missing is_gxx_ge_16 generator expression.

Line 717 references is_gxx_ge_16, but this variable is never defined. Compare with existing GCC version checks like is_gxx_ge_14 (line 411).

Add the missing generator expression after line 411:

 set(is_gxx_ge_12 "$<AND:${is_gxx_genex},${cxx_ge_12}>")
 set(is_gxx_ge_14 "$<AND:${is_gxx_genex},${cxx_ge_14}>")
+set(is_gxx_ge_16 "$<AND:${is_gxx_genex},${cxx_ge_16}>")

---

113-118: Missing GCC_GE_16_CXX_WARNING_FLAGS definition.

Line 717 references GCC_GE_16_CXX_WARNING_FLAGS, but this variable is never defined. The pattern shows GCC_GE_14_CXX_WARNING_FLAGS at line 117, and GCC_GE_11_CXX_WARNING_FLAGS at line 113.

Add the missing variable definition after line 118:

 set(GCC_GE_14_CXX_WARNING_FLAGS "-Wnrvo" "-Welaborated-enum-base"
   "-Wdangling-reference")
+set(GCC_GE_16_CXX_WARNING_FLAGS "-Wunsafe-buffer-usage")

---

704-717: Critical variables are undefined in CMakeLists.txt.

Based on the search results, the original review is correct. Both is_gxx_ge_16 and GCC_GE_16_CXX_WARNING_FLAGS referenced at line 717 are not defined anywhere in the file. The comprehensive regex search (CLANG_GE_16|GCC_GE_16|is_gxx_ge_16|is_clang_ge_16) returned only three matches:

1. Line 89: CLANG_GE_16_CXX_WARNING_FLAGS is defined
2. Line 408: is_clang_ge_16_not_windows is defined
3. Line 717: Both undefined variables are referenced

Additionally, while CLANG_GE_16_CXX_WARNING_FLAGS and is_clang_ge_16_not_windows are defined earlier, they are not used in the warning flags section (lines 704-717). This creates an inconsistency: Clang 16+ support is configured but not applied.

Fix line 717 by either:

• Defining the missing GCC and generator expression variables earlier in the file, or
• Adding a corresponding line for Clang 16+ using the already-defined is_clang_ge_16_not_windows

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4794042 and b800c6a.

📒 Files selected for processing (1)

• CMakeLists.txt (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b800c6a and 2332215.

📒 Files selected for processing (1)

• CMakeLists.txt (3 hunks)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Previous issue resolved: CLANG_GE_16_CXX_WARNING_FLAGS is now properly applied.

The four additions correctly implement Clang 16+ warning support, and the flag is now applied in COMMON_TARGET_PROPERTIES at line 713, addressing the prior feedback. The implementation follows the established pattern for version-gated warning flags.

Verify that -Wunsafe-buffer-usage is a valid Clang 16+ flag:

Also applies to: 404-404, 408-408, 713-713

---

🌐 Web query:

Is -Wunsafe-buffer-usage supported in Clang 16?

💡 Result:

Short answer: No. Clang 16 does not support -Wunsafe-buffer-usage. Clang's -Wunsafe-buffer-usage (and the related unsafe_buffer_usage attribute/features) were added later (see Clang diagnostics and related commits/PRs from 2023–2025). [1][2][3]

Sources:

• Clang 16 release notes (no -Wunsafe-buffer-usage listed). [1]
• Clang diagnostics/docs showing -Wunsafe-buffer-usage (later Clang docs / DiagnosticsReference). [2]
• Clang commits / PRs adding unsafe_buffer_usage / -Wunsafe-buffer-usage enhancements (2023–2025). [3]

---

Remove -Wunsafe-buffer-usage flag—it's not supported in Clang 16.

Clang 16 does not support -Wunsafe-buffer-usage. The flag was added in later versions. Remove the variable definition and all references to it: lines 89, 404, 408, and 713 in CMakeLists.txt. If Clang 16+ support for unsafe buffer warnings is needed, verify the actual flag name and minimum Clang version that supports it.

🤖 Prompt for AI Agents

CMakeLists.txt lines ~89,404,408,713: the variable set at line 89 defining
CLANG_GE_16_CXX_WARNING_FLAGS with "-Wunsafe-buffer-usage" and its uses at lines
404, 408 and 713 must be removed because Clang 16 doesn't support that flag;
delete the set(...) line and remove or replace the three references where the
variable is appended to compiler flags (lines 404, 408, 713), and if you need
the warning on newer Clang only, wrap the flag in a conditional that checks the
Clang version before adding it (or document the minimum Clang version and the
correct flag name) so no unsupported flag is added for Clang 16.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud