================
@@ -759,7 +759,24 @@ relationship must hold even after any of these related
variables are updated. To
this end, the model requires that assignments to ``buf`` and ``count`` must be
side by side, with no side effects between them. This prevents ``buf`` and
``count`` from temporarily falling out of sync due to updates happening at a
-distance.
+distance. In addition, taking address of ``count`` is not allowed in order to
+prevent the programmers from updating the ``count`` through the pointer, which
+will evade the necessary checks to make ``count`` and ``buf`` in sync.
+
+.. code-block:: c
+
+ struct counted_buf {
+ int *__counted_by(count) buf;
+ size_t count;
+ };
+
+ void foo(struct counted_buf *p) {
+ int *pointer_to_count = &p->count; // error: variable referred to by
+ // '__counted_by' cannot be pointed to by any other variable; exception
is
+ // when the pointer is passed as a compatible argument to a function.
----------------
hnrklssn wrote:
I think we should define what a compatible argument is
https://github.com/llvm/llvm-project/pull/106147
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
