Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Tue, 15 Apr 2025, Bill Wendling wrote: > > [... the horrors ...] > > All of this horribleness is because of the insistence of allowing for > primary expressions in the attributes, which I find to be a horrible > idea. I whole-heartedly agree with you :) But in light of this insistence

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Here is the proposal on the Clang Discourse: https://discourse.llvm.org/t/rfc-bounds-safety-in-c-syntax-compatibility-with-gcc/85885 -bw

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 15, 2025 at 5:50 AM Michael Matz wrote: > > Hello, > > On Mon, 14 Apr 2025, Bill Wendling wrote: > > > Now, I don't think this will be necessarily confusing to the > > programmer, but it's inconsistent. In other words, either 'counted_by' > > *must* forward declare the in-structure ide

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 15, 2025 at 09:05:20PM +, Qing Zhao wrote: > > On Apr 15, 2025, at 16:35, Kees Cook wrote: > > 1) When applying counted_by to pointer members, are out-of-order member > > declarations expected to be handled? As in, is this expected to be valid? > > > > struct foo { > > struct bar

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 15, 2025, at 16:35, Kees Cook wrote: > > On Tue, Apr 15, 2025 at 09:07:44PM +0200, Martin Uecker wrote: >> Am Dienstag, dem 15.04.2025 um 14:50 +0200 schrieb Michael Matz: >>> Hello, >> ... >> struct A { int *buf __counted_by(len); // 'len' *must* be in the struct. in

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 15, 2025 at 09:07:44PM +0200, Martin Uecker wrote: > Am Dienstag, dem 15.04.2025 um 14:50 +0200 schrieb Michael Matz: > > Hello, > ... > > > > struct A { > > > int *buf __counted_by(len); // 'len' *must* be in the struct. > > > int len; > > > }; > > > > ... means that we would hav

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Dienstag, dem 15.04.2025 um 14:50 +0200 schrieb Michael Matz: > Hello, ... > > struct A { > > int *buf __counted_by(len); // 'len' *must* be in the struct. > > int len; > > }; > > ... means that we would have to implement general delayed parsing for > expressions in C parsers. I have to

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Mon, 14 Apr 2025, Bill Wendling wrote: > Now, I don't think this will be necessarily confusing to the > programmer, but it's inconsistent. In other words, either 'counted_by' > *must* forward declare the in-structure identifier or neither must. If that's your concern then both should r

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Mon, Apr 14, 2025 at 1:56 PM Qing Zhao wrote: > > Hi, Bill, > > Thanks for your new proposal. > > If I understand correctly, this new proposal basically is back to one of our > previous proposal: > > Adding a new structure scoping for counted_by attribute into C; > > With this approach, there

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi, Bill, Thanks for your new proposal. If I understand correctly, this new proposal basically is back to one of our previous proposal: Adding a new structure scoping for counted_by attribute into C; With this approach, there is one new structure scoping added to C, and this new scope will

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

SAfter being on a mini-vacation and thinking about this more, I'm a bit less satisfied with the current proposal. The main issue is that we have seemingly two lookup rules based on which attribute is used (counted_by vs. counted_by_expr). 1. counted_by: We expect an expression that's a l

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Mon, 7 Apr 2025, Martin Uecker wrote: > > So, what specifically would the two attributes do different? FWIW: what > > worries me about accepting a generic expression in counted_by, that isn't > > prefixed by a (possibly empty) decl, is that after seeing a non-type > > identifier the

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 7, 2025, at 10:31, Michael Matz wrote: > > Hello, > > On Mon, 7 Apr 2025, Martin Uecker wrote: > >>> So, what specifically would the two attributes do different? FWIW: what >>> worries me about accepting a generic expression in counted_by, that isn't >>> prefixed by a (possibly e

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Montag, dem 07.04.2025 um 14:44 +0200 schrieb Michael Matz: > Hello, > > On Sat, 5 Apr 2025, Bill Wendling wrote: > > > > > > > So, a different attribute name “counted_by_exp” might be better? > > > > > > > > > > I would prefer Martins empty-decl idea to that: "counted_by(;len+0)" > > > > > (

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Sat, 5 Apr 2025, Bill Wendling wrote: > > >>> So, a different attribute name “counted_by_exp” might be better? > > >> > > >> I would prefer Martins empty-decl idea to that: "counted_by(;len+0)" > > >> (looks up 'len' normally, i.e. doesn't look into current struct). It > > >> would nat

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Fri, Apr 4, 2025, 12:23 PM Qing Zhao wrote: > > > > On Apr 4, 2025, at 13:09, Martin Uecker wrote: > > > > Am Freitag, dem 04.04.2025 um 18:51 +0200 schrieb Michael Matz: > >> Hello, > >> > >> On Fri, 4 Apr 2025, Qing Zhao wrote: > >> > >>> So, a different attribute name “counted_by_exp” migh

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb Bill Wendling: > > I'd like to offer up this to solve the issues we're facing. This is a > > combination of everything that's been discussed here (or at least that > > I've been able to read in the centi-thread :-). Thanks! I think this proposal

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Dienstag, dem 01.04.2025 um 17:13 -0700 schrieb Bill Wendling: > On Tue, Apr 1, 2025 at 8:29 AM Martin Uecker wrote: > > Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > > > > On Apr 1, 2025, at 10:04, Martin Uecker wrote: > > > > Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

I'd like to offer up this to solve the issues we're facing. This is a combination of everything that's been discussed here (or at least that I've been able to read in the centi-thread :-). --- 1. The use of '__self' isn't feasible, so we won't use it. Instead, we'll rely upon the current behavior

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Thu, Apr 3, 2025 at 9:54 AM Kees Cook wrote: > On Wed, Apr 02, 2025 at 09:16:47PM +, Qing Zhao wrote: > > Hi, Bill, > > > > Thanks for the summary. > > > > I think that this is good. > > > > Two more questions: > > > > 1. Shall we keep the same name of the attribute counted_by for the 2nd n

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 4, 2025, at 13:09, Martin Uecker wrote: > > Am Freitag, dem 04.04.2025 um 18:51 +0200 schrieb Michael Matz: >> Hello, >> >> On Fri, 4 Apr 2025, Qing Zhao wrote: >> >>> So, a different attribute name “counted_by_exp” might be better? >> >> I would prefer Martins empty-decl idea to th

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 4, 2025, at 12:51, Michael Matz wrote: > > Hello, > > On Fri, 4 Apr 2025, Qing Zhao wrote: > >> So, a different attribute name “counted_by_exp” might be better? > > I would prefer Martins empty-decl idea to that: "counted_by(;len+0)" > (looks up 'len' normally, i.e. doesn't look in

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 4, 2025, at 12:40, Jakub Jelinek wrote: > > On Fri, Apr 04, 2025 at 04:25:11PM +, Qing Zhao wrote: >>> It is not just the parser, it is also the human reader who should be >>> able to clearly distinguish this (which is why I still prefer >>> designators syntax because this makes it

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Fri, Apr 4, 2025 at 10:09 AM Martin Uecker wrote: > > Am Freitag, dem 04.04.2025 um 18:51 +0200 schrieb Michael Matz: > > Hello, > > > > On Fri, 4 Apr 2025, Qing Zhao wrote: > > > > > So, a different attribute name “counted_by_exp” might be better? > > > > I would prefer Martins empty-decl idea

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Fri, Apr 4, 2025 at 8:55 AM Michael Matz wrote: > > Hello, > > On Fri, 4 Apr 2025, Qing Zhao wrote: > > > A: > > constexpr int len = 20; > > struct s { > > int len; > > int *buf __attribute__ ((counted_by (len))); // this continues to be > > member ‘len’, not global ‘len' > > }; > > > > B:

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Freitag, dem 04.04.2025 um 18:51 +0200 schrieb Michael Matz: > Hello, > > On Fri, 4 Apr 2025, Qing Zhao wrote: > > > So, a different attribute name “counted_by_exp” might be better? > > I would prefer Martins empty-decl idea to that: "counted_by(;len+0)" > (looks up 'len' normally, i.e. does

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Fri, 4 Apr 2025, Qing Zhao wrote: > So, a different attribute name “counted_by_exp” might be better? I would prefer Martins empty-decl idea to that: "counted_by(;len+0)" (looks up 'len' normally, i.e. doesn't look into current struct). It would naturally fit the either decl+expr or

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Fri, Apr 04, 2025 at 04:25:11PM +, Qing Zhao wrote: > > It is not just the parser, it is also the human reader who should be > > able to clearly distinguish this (which is why I still prefer > > designators syntax because this makes it perfectly clear). > > Yes, the forward declaration appr

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

So, a different attribute name “counted_by_exp” might be better? Qing > On Apr 4, 2025, at 11:55, Michael Matz wrote: > > Hello, > > On Fri, 4 Apr 2025, Qing Zhao wrote: > >> A: >> constexpr int len = 20; >> struct s { >> int len; >> int *buf __attribute__ ((counted_by (len))); // this cont

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 4, 2025, at 11:54, Martin Uecker wrote: > > Am Freitag, dem 04.04.2025 um 15:22 + schrieb Qing Zhao: >> Hi, Michael, >> >> Thanks a lot for raising these questions for the parser implementation of >> the new syntax. >> >> I started thinking about how to implement this new syntax

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Fri, 4 Apr 2025, Qing Zhao wrote: > A: > constexpr int len = 20; > struct s { > int len; > int *buf __attribute__ ((counted_by (len))); // this continues to be member > ‘len’, not global ‘len' > }; > > B: > constexpr int len = 20; > struct s { > int len; > int *buf __attribute

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Freitag, dem 04.04.2025 um 15:22 + schrieb Qing Zhao: > Hi, Michael, > > Thanks a lot for raising these questions for the parser implementation of the > new syntax. > > I started thinking about how to implement this new syntax inside counted_by > attriubte > In GCC C FE. Since I have v

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi, Michael, Thanks a lot for raising these questions for the parser implementation of the new syntax. I started thinking about how to implement this new syntax inside counted_by attriubte In GCC C FE. Since I have very little experience with any parser, I do want to know any potential imple

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Fri, 4 Apr 2025, Bill Wendling wrote: > > > I don’t have strong preference here. As mentioned by Jacub in a > > > previous email, these two syntaxes can be distinguished by the number > > > of arguments of the attribute. > > > > > > So for GCC, there should be no issue w

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 4, 2025, at 04:59, Bill Wendling wrote: > > On Thu, Apr 3, 2025 at 9:54 AM Kees Cook wrote: >> On Wed, Apr 02, 2025 at 09:16:47PM +, Qing Zhao wrote: >>> Hi, Bill, >>> >>> Thanks for the summary. >>> >>> I think that this is good. >>> >>> Two more questions: >>> >>> 1. Shall w

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Wed, Apr 02, 2025 at 09:16:47PM +, Qing Zhao wrote: > Hi, Bill, > > Thanks for the summary. > > I think that this is good. > > Two more questions: > > 1. Shall we keep the same name of the attribute counted_by for the 2nd new > syntax? > Or use a new name, such as, “counted_by_exp

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Jakub, Thank you for the comments. > On Apr 2, 2025, at 02:48, Jakub Jelinek wrote: > > On Tue, Apr 01, 2025 at 05:13:46PM -0700, Bill Wendling wrote: >> On Tue, Apr 1, 2025 at 8:29 AM Martin Uecker wrote: >>> Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > On Apr 1, 2025,

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi, Bill, Thanks for the summary. I think that this is good. Two more questions: 1. Shall we keep the same name of the attribute counted_by for the 2nd new syntax? Or use a new name, such as, “counted_by_exp"? I don’t have strong preference here. As mentioned by Jacub in a prev

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 1, 2025 at 11:49 PM Jakub Jelinek wrote: > On Tue, Apr 01, 2025 at 05:13:46PM -0700, Bill Wendling wrote: > > On Tue, Apr 1, 2025 at 8:29 AM Martin Uecker wrote: > > > Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > > > > > On Apr 1, 2025, at 10:04, Martin Uecker wrot

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 1, 2025 at 8:29 AM Martin Uecker wrote: > Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > > > On Apr 1, 2025, at 10:04, Martin Uecker wrote: > > > Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb Bill Wendling: > > > > > I'd like to offer up this to solve the issues we

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 01, 2025 at 05:13:46PM -0700, Bill Wendling wrote: > On Tue, Apr 1, 2025 at 8:29 AM Martin Uecker wrote: > > Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > > > > On Apr 1, 2025, at 10:04, Martin Uecker wrote: > > > > Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb Bi

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Tue, Apr 1, 2025 at 5:41 AM Michael Matz wrote: > > Hello, > > On Mon, 31 Mar 2025, Bill Wendling wrote: > > > 1. The use of '__self' isn't feasible, so we won't use it. > > That's a bold statement. How's that? The only thing I read here is that > the very spelling of "self" was objected to.

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 1, 2025, at 15:25, Martin Uecker wrote: > > Am Dienstag, dem 01.04.2025 um 18:58 + schrieb Qing Zhao: >> >>> On Apr 1, 2025, at 11:28, Martin Uecker wrote: >>> >>> Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > On Apr 1, 2025, at 10:04, Martin Uecker

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Dienstag, dem 01.04.2025 um 18:58 + schrieb Qing Zhao: > > > On Apr 1, 2025, at 11:28, Martin Uecker wrote: > > > > Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > > > > > > > On Apr 1, 2025, at 10:04, Martin Uecker wrote: > > > > > > > > > > > > > > > > Am Montag, de

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 1, 2025, at 11:28, Martin Uecker wrote: > > Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: >> >>> On Apr 1, 2025, at 10:04, Martin Uecker wrote: >>> >>> >>> >>> Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb Bill Wendling: > I'd like to offer up this to solve

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Dienstag, dem 01.04.2025 um 15:01 + schrieb Qing Zhao: > > > On Apr 1, 2025, at 10:04, Martin Uecker wrote: > > > > > > > > Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb Bill Wendling: > > > > I'd like to offer up this to solve the issues we're facing. This is a > > > > combination o

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Apr 1, 2025, at 10:04, Martin Uecker wrote: > > > > Am Montag, dem 31.03.2025 um 13:59 -0700 schrieb Bill Wendling: >>> I'd like to offer up this to solve the issues we're facing. This is a >>> combination of everything that's been discussed here (or at least that >>> I've been able to r

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Mon, 31 Mar 2025, Bill Wendling wrote: > 1. The use of '__self' isn't feasible, so we won't use it. That's a bold statement. How's that? The only thing I read here is that the very spelling of "self" was objected to. So, call it _Self, _Selfref, or something. Even _Whatever42 wou

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 28, 2025, at 9:05 AM, Qing Zhao wrote: > > > >> On Mar 28, 2025, at 08:51, Yeoul Na wrote: >> >> >> >>> On Mar 27, 2025, at 9:17 AM, Qing Zhao wrote: >>> >>> Yeoul, >>> >>> Thanks for the writeup. >>> >>> So, basically, This writeup insisted on introducing a new “structure sc

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 28, 2025, at 08:51, Yeoul Na wrote: > > > >> On Mar 27, 2025, at 9:17 AM, Qing Zhao wrote: >> >> Yeoul, >> >> Thanks for the writeup. >> >> So, basically, This writeup insisted on introducing a new “structure scope” >> (similar as the instance scope in C++) into C language ONLY

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 26, 2025, at 1:52 PM, Yeoul Na wrote: > > Hi Joseph, > >> On Mar 26, 2025, at 12:07 PM, Joseph Myers wrote: >> >> On Wed, 26 Mar 2025, Yeoul Na wrote: >> >>> Hi all, >>> >>> Thanks for all the discussions. >>> >>> I posted the design rationale for our current approach in >>> ht

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 28, 2025, at 5:51 AM, Yeoul Na wrote: > > > >> On Mar 27, 2025, at 9:17 AM, Qing Zhao wrote: >> >> Yeoul, >> >> Thanks for the writeup. >> >> So, basically, This writeup insisted on introducing a new “structure scope” >> (similar as the instance scope in C++) into C language ONL

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 27, 2025, at 9:17 AM, Qing Zhao wrote: > > Yeoul, > > Thanks for the writeup. > > So, basically, This writeup insisted on introducing a new “structure scope” > (similar as the instance scope in C++) into C language ONLY for counted_by > attribute: > > 1. Inside counted_by attribut

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Yeoul, Thanks for the writeup. So, basically, This writeup insisted on introducing a new “structure scope” (similar as the instance scope in C++) into C language ONLY for counted_by attribute: 1. Inside counted_by attribute, the name lookup starts: A. Inside the current structure first (t

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi Joseph, > On Mar 26, 2025, at 12:07 PM, Joseph Myers wrote: > > On Wed, 26 Mar 2025, Yeoul Na wrote: > >> Hi all, >> >> Thanks for all the discussions. >> >> I posted the design rationale for our current approach in >> https://discourse.llvm.org/t/rfc-forward-referencing-a-struct-member-w

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Wed, 26 Mar 2025, Yeoul Na wrote: > Hi all, > > Thanks for all the discussions. > > I posted the design rationale for our current approach in > https://discourse.llvm.org/t/rfc-forward-referencing-a-struct-member-within-bounds-annotations/85510. > > This clarifies some of the questions tha

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi all, Thanks for all the discussions. I posted the design rationale for our current approach in https://discourse.llvm.org/t/rfc-forward-referencing-a-struct-member-within-bounds-annotations/85510. This clarifies some of the questions that are asked in this thread. The document also proposes

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Sorry for the delay. I’m planning on sending out our design rationale of the current approach without the new syntax today. - Yeoul > On Mar 14, 2025, at 9:22 PM, John McCall wrote: > > On 14 Mar 2025, at 15:18, Martin Uecker wrote: > > Am Freitag, dem 14.03.2025 um 14:42 -0400 schrieb John

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

+ Aaron > On Mar 6, 2025, at 4:27 PM, Yeoul Na wrote: > > Hi Qing, > > Thanks for writing up the RFC and keeping us in the loop. Are you planning to > add “__self.” to GCC's C++ compiler as well in the future? The problem we > have with “__self” being a default way of annotating bounds is th

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On 10 Mar 2025, at 18:30, Martin Uecker wrote: > Am Montag, dem 10.03.2025 um 16:45 -0400 schrieb John McCall: >>> On 10 Mar 2025, at 15:34, Martin Uecker wrote: > Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: >>> That said, my preference is still to just give preference to

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi Martin, The C design of VLAs misunderstood dependent typing. For a program to be validly typed when there are dependent types, you need to be able to write down the types of any values and variables at program points where they are in use. This is problematic when there are assignments to

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Freitag, dem 14.03.2025 um 14:42 -0400 schrieb John McCall: > On 14 Mar 2025, at 14:13, Martin Uecker wrote: > > > Am Freitag, dem 14.03.2025 um 10:11 -0700 schrieb David Tarditi: > > > Hi Martin, > > > > > > The C design of VLAs misunderstood dependent typing. > > > > They probably did not c

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: > ... > That said, my preference is still to just give preference to the field name, > which sidesteps any need for disambiguation syntax and avoids this whole > problem where structs can be broken by just adding a global variable tha

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

I’ve been working on bound-safe extensions for C since 2016. I did the Checked C work. Here’s my perspective on the discussion. I think language features should make the common case easy to use, have concise syntax, and be easy to understand. The bounds safety extensions will be used by milli

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On 14 Mar 2025, at 15:18, Martin Uecker wrote: Am Freitag, dem 14.03.2025 um 14:42 -0400 schrieb John McCall: On 14 Mar 2025, at 14:13, Martin Uecker wrote: Am Freitag, dem 14.03.2025 um 10:11 -0700 schrieb David Tarditi: Hi Martin, The C design of VLAs misunderstood dependent typing. They

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On 14 Mar 2025, at 14:13, Martin Uecker wrote: > Am Freitag, dem 14.03.2025 um 10:11 -0700 schrieb David Tarditi: >> Hi Martin, >> >> The C design of VLAs misunderstood dependent typing. > > They probably did not care about theory, but the design is > not inconsistent with theory. This is almost

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Freitag, dem 14.03.2025 um 10:11 -0700 schrieb David Tarditi: > Hi Martin, > > The C design of VLAs misunderstood dependent typing. They probably did not care about theory, but the design is not inconsistent with theory. > > For a program to be validly typed when there are dependent types, >

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Maybe one additional point about scoping rules. The whole point of scoping is to shield nested code from outside changes. This is  what this proposal would break (and the proposed warnings would only mitigate the damage). One scenario where I find this is problematic are macros. Macros are ins

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi David, Am Donnerstag, dem 13.03.2025 um 19:23 -0700 schrieb David Tarditi: > > I skip your initiial part. I think this was all discussed before (also in WG14) and I still come to different conclusions.  Just two comments: ... > > The VLA semantics are also problematic. User can side-effe

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Thu, 13 Mar 2025, JeanHeyd Meneide wrote: > On Thu, Mar 13, 2025 Qing Zhao wrote: > > > ... > > > > Is N3188 the following: > > https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3188.htm > > > > What’s the status of this proposal? > > > N3188 was discussed during the January 2024 Meeti

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Donnerstag, dem 13.03.2025 um 19:48 +0100 schrieb JeanHeyd Meneide: > On Thu, Mar 13, 2025 Martin Uecker wrote: > > ... > Part of this problem is self-inflicted: VLAs in structures are > a GNU extension and not an ISO C feature (for reasons like this one).  Note that this has nothing to do

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Thu, Mar 13, 2025 Martin Uecker wrote: > ... > > So it seems to be a possible way forward while avoiding > language divergence and without introducing anything too novel > in either language. > > (But others still have concerns about .n and prefer __self__.) I would like to gently push

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 13, 2025, at 12:29, Martin Uecker wrote: > > Am Donnerstag, dem 13.03.2025 um 15:41 + schrieb Qing Zhao: >> >>> On Mar 12, 2025, at 12:40, Martin Uecker wrote: >>> >>> Am Mittwoch, dem 12.03.2025 um 16:20 + schrieb Qing Zhao: > On Mar 10, 2025, at 15:34, Martin Uec

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 12, 2025, at 12:58, Joseph Myers wrote: > > On Wed, 12 Mar 2025, Martin Uecker wrote: > >> For a designator >> >> struct foo { int n; } a = { .n = 1 }; >> >> we also refer to a member 'n' of an instance 'a' of a structure type. >> The instance is simply implied by the context. >> >

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Donnerstag, dem 13.03.2025 um 15:41 + schrieb Qing Zhao: > > > On Mar 12, 2025, at 12:40, Martin Uecker wrote: > > > > Am Mittwoch, dem 12.03.2025 um 16:20 + schrieb Qing Zhao: > > > > > > > On Mar 10, 2025, at 15:34, Martin Uecker wrote: > > > > > > > > Am Montag, dem 10.03.2025 u

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Thu, Mar 13, 2025 Qing Zhao wrote: > ... > > Is N3188 the following: > https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3188.htm > > What’s the status of this proposal? N3188 was discussed during the January 2024 Meeting in Strasbourg, France. There was "along the lines" (opinion poll)

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 12, 2025, at 18:46, Yeoul Na wrote: > > > >> On Mar 12, 2025, at 3:40 PM, Bill Wendling wrote: >> >> On Wed, Mar 12, 2025 at 3:28 PM Yeoul Na wrote: On Mar 12, 2025, at 2:51 PM, John McCall wrote: On 12 Mar 2025, at 16:02, Bill Wendling wrote: > Qing pointed o

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 12, 2025, at 12:40, Martin Uecker wrote: > > Am Mittwoch, dem 12.03.2025 um 16:20 + schrieb Qing Zhao: >> >>> On Mar 10, 2025, at 15:34, Martin Uecker wrote: >>> >>> Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: >>> >>> ... >>> That said, my preferen

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 12, 2025, at 2:51 PM, John McCall wrote: > > On 12 Mar 2025, at 16:02, Bill Wendling wrote: >> Qing pointed out in four lines of code how there are two different >> token resolution rules being used: one which is reliant upon C's >> current scoping rules and the other which requires a

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 12, 2025, at 3:40 PM, Bill Wendling wrote: > > On Wed, Mar 12, 2025 at 3:28 PM Yeoul Na > wrote: >>> On Mar 12, 2025, at 2:51 PM, John McCall wrote: >>> >>> On 12 Mar 2025, at 16:02, Bill Wendling wrote: Qing pointed out in four lines of code how ther

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Wed, Mar 12, 2025 at 3:28 PM Yeoul Na wrote: > > On Mar 12, 2025, at 2:51 PM, John McCall wrote: > > > > On 12 Mar 2025, at 16:02, Bill Wendling wrote: > >> Qing pointed out in four lines of code how there are two different > >> token resolution rules being used: one which is reliant upon C's

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On 12 Mar 2025, at 16:02, Bill Wendling wrote: > Qing pointed out in four lines of code how there are two different > token resolution rules being used: one which is reliant upon C's > current scoping rules and the other which requires a completely new > scoping rule. This is no longer a question a

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Mon, Mar 10, 2025 at 11:33 PM Henrik Olsson wrote: > > > > On Mar 10, 2025, at 11:04 PM, Martin Uecker wrote: > > Am Montag, dem 10.03.2025 um 19:30 -0400 schrieb John McCall: > > On 10 Mar 2025, at 18:30, Martin Uecker wrote: > > Am Montag, dem 10.03.2025 um 16:45 -0400 schrieb John McCall: >

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hello, On Wed, 12 Mar 2025, Martin Uecker wrote: > > To me, this is clearer. But I am okay with the designator syntax. > > I am also okay with __self__ if people have concerns about resuing the > designator syntax. We could still always drop the requirement for > writing __self__ later. So,

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Mittwoch, dem 12.03.2025 um 16:58 + schrieb Joseph Myers: > On Wed, 12 Mar 2025, Martin Uecker wrote: > > > For a designator > > > > struct foo { int n; } a = { .n = 1 }; > > > > we also refer to a member 'n' of an instance 'a' of a structure type. > > The instance is simply implied by th

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On Wed, 12 Mar 2025, Martin Uecker wrote: > For a designator > > struct foo { int n; } a = { .n = 1 }; > > we also refer to a member 'n' of an instance 'a' of a structure type. > The instance is simply implied by the context. > > For > > struct foo { int n; char *x __counted_by(.n) }; > > is

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Mittwoch, dem 12.03.2025 um 16:20 + schrieb Qing Zhao: > > > On Mar 10, 2025, at 15:34, Martin Uecker wrote: > > > > Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: > > > > > > > ... > > > > > That said, my preference is still to just give preference to the field > > > n

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 10, 2025, at 15:34, Martin Uecker wrote: > > Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: >> > > ... > >> That said, my preference is still to just give preference to the field name, >> which sidesteps any need for disambiguation syntax and avoids this whole >> pro

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Hi, Henrik, John, Sorry for my late reply to the thread. Before I wrote this proposal, I spent quite some time try to understand why people from C community and C++ community have so different views on the current syntax of counted_by. Then I spent some time to study and compare the variable

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On 7 Mar 2025, at 19:12, Yeoul Na wrote: > Hi Kees, > >> On Mar 7, 2025, at 1:38 PM, Kees Cook wrote: >> >> On Thu, Mar 06, 2025 at 04:27:49PM -0800, Yeoul Na wrote: >>> Thanks for writing up the RFC and keeping us in the loop. Are >>> you planning to add “__self.” to GCC's C++ compiler as wel

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

+ John & Félix & Patryk & Henrik > On Mar 6, 2025, at 1:44 PM, Qing Zhao wrote: > > Hi, > > Since I sent the patch series for “extend counted_by attribute to pointer > fields of structure” two months ago, a lot of discussion were invoked both in > GCC community and CLANG community: > > https:

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

Hi, Yeoul, Sorry for my late reply (I just came back from a short vacation). And thank you for your comments. I briefly read your comments and questions in this email, I am wondering whether you read through the following section in my proposal: Appendix A Scope of variables in C and C++

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Montag, dem 10.03.2025 um 16:45 -0400 schrieb John McCall: > > On 10 Mar 2025, at 15:34, Martin Uecker wrote: > > > > Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: > > > > > > That said, my preference is still to just give preference to the > > > > > > field name, > > > > > > wh

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

> On Mar 10, 2025, at 11:04 PM, Martin Uecker wrote: > > Am Montag, dem 10.03.2025 um 19:30 -0400 schrieb John McCall: >> On 10 Mar 2025, at 18:30, Martin Uecker wrote: >>> Am Montag, dem 10.03.2025 um 16:45 -0400 schrieb John McCall: > > > .. > >>> > >>> While the next example

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

Am Montag, dem 10.03.2025 um 19:30 -0400 schrieb John McCall: > On 10 Mar 2025, at 18:30, Martin Uecker wrote: > > Am Montag, dem 10.03.2025 um 16:45 -0400 schrieb John McCall: > > > > .. > > > > > > > > > > > > While the next example is also ok in C++. > > > > > > > > > > > > constexpr int n

Re: [RFC] [C]New syntax for the argument of counted_by attribute for C language

On 10 Mar 2025, at 15:34, Martin Uecker wrote: > Am Montag, dem 10.03.2025 um 15:00 -0400 schrieb John McCall: >> That said, my preference is still to just give preference to the field name, >> which sidesteps any need for disambiguation syntax and avoids this whole >> problem where structs can be

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

Hi Kees, > On Mar 7, 2025, at 1:38 PM, Kees Cook wrote: > > On Thu, Mar 06, 2025 at 04:27:49PM -0800, Yeoul Na wrote: >> Thanks for writing up the RFC and keeping us in the loop. Are >> you planning to add “__self.” to GCC's C++ compiler as well in > > Isn't this strictly a C feature? [1] No,

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

On Fri, Mar 07, 2025 at 01:38:32PM -0800, Kees Cook wrote: > I'm all for better diagnostics, but since C doesn't have a way specify > scope for a named variable, I don't see how such a diagnostic would > be actionable. > > int nr; > struct foo { > int nr; > u8 array[] __counted_by(nr);

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

On Thu, Mar 06, 2025 at 04:27:49PM -0800, Yeoul Na wrote: > Thanks for writing up the RFC and keeping us in the loop. Are > you planning to add “__self.” to GCC's C++ compiler as well in Isn't this strictly a C feature? [1] > the future? The problem we have with “__self” being a default > way of

Re: [RFC][C]New syntax for the argument of counted_by attribute for C language

On Thu, Mar 6, 2025 at 4:28 PM Yeoul Na wrote: > > Hi Qing, > > Thanks for writing up the RFC and keeping us in the loop. Are you planning to > add “__self.” to GCC's C++ compiler as well in the future? The problem we > have with “__self” being a default way of annotating bounds is that C++ > c

  1   2   >