[clang] [BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C (PR #90786)
Kees Cook via cfe-commits
cfe-commits at lists.llvm.org
Fri May 10 16:34:00 PDT 2024
kees wrote:
> As @apple-fcloutier @rapidsna noted this is how `-fbounds-safety` is currently implemented (because its much simpler) but it is a restriction that could be lifted in future by only requiring `struct bar` to be defined at the point that `foo::bar` is used rather than when the `__counted_by` attribute is applied. Given that this PR is allowing `__counted_by` in a new place (pointers in structs) I think its reasonable for us to place restrictions on that until we've proved its actually necessary to have the more complicated implementation.
The main concern I have with delaying support for this is that header files could find themselves in a state where they could not be refactored without removing counted_by attributes that refer to now-incomplete structs.
For example, in Linux we've been separating structs from implementations, and that usually means using incomplete structs as much as possible to avoid lots of #includes.
So, no objection on this PR, but I think the more complete behavior needs to follow soonish. :)
https://github.com/llvm/llvm-project/pull/90786
More information about the cfe-commits
mailing list