================
@@ -132,9 +132,20 @@ bool Sema::CheckCountedByAttrOnField(FieldDecl *FD, Expr
*E, bool CountInBytes,
// `BoundsSafetyCheckUseOfCountAttrPtr`
//
// * When the pointee type is always an incomplete type (e.g.
- // `void`) the attribute is disallowed by this method because we know the
- // type can never be completed so there's no reason to allow it.
- InvalidTypeKind = CountedByInvalidPointeeTypeKind::INCOMPLETE;
+ // `void` in strict C mode) the attribute is disallowed by this method
+ // because we know the type can never be completed so there's no reason
+ // to allow it.
+ //
+ // Exception: In GNU mode, void has an implicit size of 1 byte for pointer
+ // arithmetic. Therefore, counted_by on void* is allowed as a GNU extension
+ // and behaves equivalently to sized_by (treating the count as bytes).
+ bool IsVoidPtrInGNUMode = PointeeTy->isVoidType() && getLangOpts().GNUMode;
----------------
rapidsna wrote:
I agree with @kees. From my perspective, allowing `counted_by` on `void *`
without `-fbounds-safety` means we would have to allow it with
`-fbounds-safety` as well (in GNU mode), since we want the same annotated
headers to be consumable by the compiler with or without `-fbounds-safety`
(except in some inevitable cases like inline function bodies in headers).
I think this is actually a reasonable compromise because treating `void *` as
having a stride of `1` is a de facto standard in C.
However, in general, we cannot change the behavior of -fbounds-safety solely
because the Linux community pushes back strongly. I think the issue is that
they don't have the full context for -fbounds-safety, so decisions about
individual attributes without that broader context can seem overly opinionated
(while this change isn't not unreasonable). I will be working to improve this
situation.
https://github.com/llvm/llvm-project/pull/164737
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
