[all-commits] [llvm/llvm-project] 722026: [Clang] Extend __builtin_counted_by_ref to support...

Kees Cook via All-commits all-commits at lists.llvm.org
Thu Dec 4 23:19:00 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 722026886fb65f0d61e0384886ffc30e83623edf
      https://github.com/llvm/llvm-project/commit/722026886fb65f0d61e0384886ffc30e83623edf
  Author: Kees Cook <kees at kernel.org>
  Date:   2025-12-04 (Thu, 04 Dec 2025)

  Changed paths:
    M clang/docs/LanguageExtensions.rst
    M clang/include/clang/Basic/DiagnosticSemaKinds.td
    M clang/lib/CodeGen/CGBuiltin.cpp
    M clang/lib/Sema/SemaChecking.cpp
    M clang/test/CodeGen/builtin-counted-by-ref.c
    M clang/test/Sema/builtin-counted-by-ref.c

  Log Message:
  -----------
  [Clang] Extend __builtin_counted_by_ref to support pointers with 'counted_by' (#170750)

The __builtin_counted_by_ref builtin was previously limited to flexible
array members (FAMs). This change extends it to also support pointer
members that have the 'counted_by' attribute.

The 'counted_by' attribute can be applied to both FAMs and pointer
members:

    struct fam_struct {
        int count;
        int array[] __attribute__((counted_by(count)));
    };

    struct ptr_struct {
        int count;
        int *buf __attribute__((counted_by(count)));
    };

With this change, __builtin_counted_by_ref works with both:

    *__builtin_counted_by_ref(p->array) = size;  // FAM - already worked
    *__builtin_counted_by_ref(p->buf) = size;    // pointer - now works

This enables the same allocation pattern for pointer members that was
previously only available for FAMs:

    #define alloc_buf(P, MEMBER, COUNT) ({                           \
        typeof(P) __p = malloc(sizeof(*__p));                        \
        __p->MEMBER = malloc(sizeof(*__p->MEMBER) * COUNT);          \
        *_Generic(__builtin_counted_by_ref(__p->MEMBER),             \
            void *: &(size_t){0},                                    \
            default: __builtin_counted_by_ref(__p->MEMBER)) = COUNT; \
        __p;                                                         \
    })

The builtin returns:
- A pointer to the count field if the member has 'counted_by'
- void* (null) if the member is an array or pointer without 'counted_by'
- An error for other member types (e.g., int, struct)

This was requested by upstream Linux kernel devs:

https://lore.kernel.org/linux-hardening/202512041215.44484FCACD@keescook/



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list