[clang] [BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C (PR #90786)
Bill Wendling via cfe-commits
cfe-commits at lists.llvm.org
Thu May 9 13:29:11 PDT 2024
bwendling wrote:
> Note the attribute is prevented on pointee types where the size isn't known at compile time. In particular pointee types that are:
>
> * Incomplete (e.g. `void`) and sizeless types
> * Function types (e.g. the pointee of a function pointer)
> * Struct types with a flexible array member
I've been thinking about this restriction. Why is this necessary? My assumption was that applying `counted_by` to a pointer causes a bounds check on an index into the __pointer__ rather than its underlying type. So something like:
```c
struct foo;
struct bar {
int a;
int fam[] __counted_by(a);
};
struct x {
void *p __counted_by(count); // void * is treated like char *, I think.
struct foo *f __counted_by(count); // sizeof(f) is the size of a general pointer.
struct bar *b __counted_by(count); // a list of pointers to 'struct bar's should be okay.
int count;
};
```
https://github.com/llvm/llvm-project/pull/90786
More information about the cfe-commits
mailing list