[clang] [BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C (PR #90786)
Yeoul Na via cfe-commits
cfe-commits at lists.llvm.org
Thu May 9 16:18:13 PDT 2024
rapidsna wrote:
> I've been thinking about this restriction. Why is this necessary? My assumption was that applying counted_by to a pointer causes a bounds check on an index into the pointer rather than its underlying type.
@bwendling It's because these types are not indexable really.
**void:**
`void` doesn't have a size and C standard doesn't allow indexing into `void *`. I understand `void *` can be indexable under a GNU extension, but I don't see not supporting it is a problem because we can use `__sized_by` to annotate `void *` to clearly indicate the byte size. We will upstream `__sized_by` support soon so you can use it for `void *`.
**function types**
Although, again, the GNU extension allows it, we don't really want to index into function pointers. We can still use `__sized_by` if we really need to.
**Incomplete structs**
You can't really index into an incomplete struct. Though as @apple-fcloutier mentioned, by the point when the pointer is actually indexed, you should have the complete type definition. Otherwise, indexing will be an error anyway. So we have been considering relaxing this requirement, and move the error point to where the pointer is actually used in a way it requires the concrete element size (e.g, places you would insert `__dynamic_builtin_object_size`, you need the element size to calculate the byte size; indexing into a pointer to incomplete struct is already an error).
https://github.com/llvm/llvm-project/pull/90786
More information about the cfe-commits
mailing list