[PATCH] D21453: Add support for attribute "overallocated"

Richard Smith via cfe-commits cfe-commits at lists.llvm.org
Mon Jun 27 13:02:37 PDT 2016

rsmith requested changes to this revision.

Comment at: include/clang/Basic/AttrDocs.td:2073-2079
@@ +2072,9 @@
+  let Content = [{
+Use ``overallocated`` to indicate a class or union can have extra memory
+allocated at its end. This attribute is primarily used when we want
+__builtin_object_size to return a conservative value for the distance between
+the pointer and the end of the subobject the pointer points to.
+For example:
+.. code-block:: c++
No, this approach is not reasonable. Just changing what `__builtin_object_size` returns does not change the fact that code that tries to use bytes off the end of the struct would have undefined behavior. Lying in the result of `__builtin_object_size` is actively harmful.

Note that in your example below, you cannot access more than four `char`s through `((struct S*)p)->b`, despite the attribute, because the attribute does not affect the behaviour of the array member of `S`.

The right thing to do here would presumably be to have an attribute that makes an array be treated as a flexible array member, *even if* its bound is specified (and greater than 0). This would affect `__builtin_object_size`, sanitizers, alias analysis, diagnostics for flexible array members in the middle of a type, and so on.


More information about the cfe-commits mailing list