For my own use-cases, I will continue to want a 100% comprehensive -Wctad. All these "heuristics" you're proposing seem very ad-hoc, and make a lot of work for the compiler vendor, and seem complicated enough that I would still worry about bugs slipping through the cracks. Whereas, if the user can simply 100% outlaw CTAD, then they don't ever have to worry.
That's fair; I don't think anyone here is speaking against such a diagnostic (though maybe the name will be a bikeshed).
Jan 16 2019
Jan 15 2019
Sep 21 2018
OK, the diffs are now un-borked. Sorry for the flailing incompetence.
Sep 7 2018
Jan 26 2018
Do we need to explicitly prohibit it in LangRef so that future transformations don't start understanding too much about what speculationsafeload does?
Prohibit what, exactly? According to current LangRef rules, it's legal to introduce a dead load to an arbitrary pointer (even if the compiler can't prove it's dereferencable).
template <typename T, typename... ZeroArgs> bool IsPointerInRange(T*& pointer, T* begin, T* end, ZeroArgs... args);
This function returns whether pointer is between begin and end, and also guarantees that if the function returns false, then any speculative execution which assumes it to be true will treat pointer and args... as zero (all ZeroArgs must be integers or pointers). Notice that this API allows the optimizer to hoist loads past the branch, so long as the loads don't depend on pointer or args...; I'm not sure if that's true of nospeculateload or SecureBoundedOffset.