[PATCH] D148381: [Clang] Implement the 'counted_by' attribute
FĂ©lix Cloutier via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 15 17:40:03 PDT 2023
fcloutier added a comment.
In D148381#4646833 <https://reviews.llvm.org/D148381#4646833>, @rapidsna wrote:
> `-fbounds-safety` doesn't allow this. In our internal adoption experience, we haven't encountered such use cases yet. So, I think it's best to make the model restrictive to avoid surprises. If we were to support it, I think it should at least be limited to cases where the array subscript expression is known to be in bounds at compile time, to avoid an OOB access when the counted_by argument is evaluated.
Additionally: it is probably safe from an aliasing perspective (or at least not worse than using any other field) to use an array subscript in a count expression, provided the array's storage exists within the struct. However, we certainly wouldn't want people to go towards `array[variable]`, `pointer[anything]`, or (worse!) `FAM[anything]`, and constant array subscripts are confusingly adjacent to the boundary we need to close. If we're just entertaining the possibility without motivating use cases at this time, I'd advise to leave it be.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D148381/new/
https://reviews.llvm.org/D148381
More information about the cfe-commits
mailing list