Am Dienstag, dem 19.11.2024 um 10:47 -0500 schrieb Marek Polacek: > On Mon, Nov 18, 2024 at 07:10:35PM +0100, Martin Uecker wrote: > > Am Montag, dem 18.11.2024 um 17:55 +0000 schrieb Qing Zhao: > > > Hi, > > > > > > I am working on extending “counted_by” attribute to pointers inside a > > > structure per our previous discussion. > > > > > > I need advice on the following question: > > > > > > Should -fsantize=bounds support array reference that was referenced > > > through a pointer that has counted_by attribute? > > I don't see why it couldn't, perhaps as part of -fsanitize=bounds-strict. > Someone has to implement it, though.
I think Qing was volunteering to do this. My point was that this would not necessarily be undefined behavior, but instead could trap for possibly defined behavior. I would not mind, but I point out that in the past people insisted that the sanitizers are only intended to screen for undefined behavior. > > > I think the question is what -fsanitize=bounds is meant to be. > > > > I am a bit frustrated about the sanitizer. On the > > one hand, it is not doing enough to get spatial memory > > safety even where this would be easily possible, on the > > other hand, is pedantic about things which are technically > > UB but not problematic and then one is prevented from > > using it > > > > When used in default mode, where execution continues, it > > also does not mix well with many warning, creates more code, > > and pulls in a libary dependency (and the library also depends > > on upstream choices / progress which seems a limitation for > > extensions). > > > > What IMHO would be ideal is a protection mode for spatial > > memory safety that simply adds traps (which then requires > > no library, has no issues with other warnings, and could > > evolve independently from clang) > > > > So shouldn't we just add a -fboundscheck (which would > > be like -fsanitize=bounds -fsanitize-trap=bounds just with > > more checking) and make it really good? I think many people > > would be very happy about this. > > That's a separate concern. We already have the -fbounds-check option, > currently only used in Fortran (and D?), so perhaps we could make > that option a shorthand for -fsanitize=bounds -fsanitize-trap=bounds. I think it could share large parts of the implementation, but the main reason for having a separate option would be to do something better than the sanitizer. So it could not simply be a shorthand. Martin
