On Tue, 31 Oct 2023, Qing Zhao wrote:
> 2.3 A new semantic requirement in the user documentation of "counted_by"
>
> For the following structure including a FAM with a counted_by attribute:
>
> struct A
> {
> size_t size;
> char buf[] __attribute__((counted_by(size)));
> };
>
> for any object with such type:
>
> struct A *obj = __builtin_malloc (sizeof(struct A) + sz * sizeof(char));
>
> The setting to the size field should be done before the first reference
> to the FAM field.
>
> Such requirement to the user will guarantee that the first reference to
> the FAM knows the size of the FAM.
>
> We need to add this additional requirement to the user document.
Make sure the manual is very specific about exactly when size is
considered to be an accurate representation of the space available for buf
(given that, after malloc or realloc, it's going to be temporarily
inaccurate). If the intent is that inaccurate size at such a time means
undefined behavior, say so explicitly.
> 2.4 Replace FAM field accesses with the new function ACCESS_WITH_SIZE
>
> In C FE:
>
> for every reference to a FAM, for example, "obj->buf" in the small example,
> check whether the corresponding FIELD_DECL has a "counted_by" attribute?
> if YES, replace the reference to "obj->buf" with a call to
> .ACCESS_WITH_SIZE (obj->buf, obj->size, -1);
This seems plausible - but you should also consider the case of static
initializers - remember the GNU extension for statically allocated objects
with flexible array members (unless you're not allowing it with
counted_by).
static struct A x = { sizeof "hello", "hello" };
static char *y = &x.buf;
I'd expect that to be valid - and unless you say such a usage is invalid,
you should avoid the replacement in such a static initializer context when
the FAM reference is to an object with a constant address (if
.ACCESS_WITH_SIZE would not act as an lvalue whose address is a constant
expression; if it works fine as a constant-address lvalue, then the
replacement would be OK).
--
Joseph S. Myers
jos...@codesourcery.com
