On Mon, Nov 18, 2024 at 07:10:35PM +0100, Martin Uecker wrote: > Am Montag, dem 18.11.2024 um 17:55 +0000 schrieb Qing Zhao: > > Hi, > > > > I am working on extending “counted_by” attribute to pointers inside a > > structure per our previous discussion. > > > > I need advice on the following question: > > > > Should -fsantize=bounds support array reference that was referenced through > > a pointer that has counted_by attribute?
I don't see why it couldn't, perhaps as part of -fsanitize=bounds-strict. Someone has to implement it, though. > I think the question is what -fsanitize=bounds is meant to be. > > I am a bit frustrated about the sanitizer. On the > one hand, it is not doing enough to get spatial memory > safety even where this would be easily possible, on the > other hand, is pedantic about things which are technically > UB but not problematic and then one is prevented from > using it > > When used in default mode, where execution continues, it > also does not mix well with many warning, creates more code, > and pulls in a libary dependency (and the library also depends > on upstream choices / progress which seems a limitation for > extensions). > > What IMHO would be ideal is a protection mode for spatial > memory safety that simply adds traps (which then requires > no library, has no issues with other warnings, and could > evolve independently from clang) > > So shouldn't we just add a -fboundscheck (which would > be like -fsanitize=bounds -fsanitize-trap=bounds just with > more checking) and make it really good? I think many people > would be very happy about this. That's a separate concern. We already have the -fbounds-check option, currently only used in Fortran (and D?), so perhaps we could make that option a shorthand for -fsanitize=bounds -fsanitize-trap=bounds. Marek
