On Fri, Jan 17, 2025 at 01:27:41PM -0800, Bill Wendling wrote:
> On Fri, Jan 17, 2025 at 8:02 AM Qing Zhao <qing.z...@oracle.com> wrote:
> > Joseph, Kees and Bill,
> >
> > I need your input on this.
> > > On Jan 17, 2025, at 10:12, Martin Uecker <uec...@tugraz.at> wrote:
> > >
> > > Am Donnerstag, dem 16.01.2025 um 21:18 +0000 schrieb Qing Zhao:
> > >>
> > > ..
> > >>
> > >> Although in the previous discussion, I agreed with Martin that we should
> > >> use the
> > >> designator syntax (i.e, counted_by (.n) instead of counted_by (n)) for
> > >> the
> > >> counted_by attribute for pointer fields, after more consideration and
> > >> discussion
> > >> with Bill Wendling (who is working on the same work for CLANG), we
> > >> decided to
> > >> keep the current syntax of FAM for pointer fields. And leave the new
> > >> syntax (.n)
> > >> and more complicate expressions to a later work.
> > >>
> > > I think this would be a mistake. Once you have established the confusing
> > > syntax,
> > > it will not easily go away anymore. So I think you should use the
> > > unambiguous
> > > and future-prove syntax right away. Support for more complicated
> > > expressions
> > > could be left for later, of course.
> >
> > Personally I agree with you. -:)
> >
> > Actually we might need to use such syntax in the very beginning when adding
> > counted_by of FAM.
> > As I know, linux kernel community asked for the following new feature for
> > counted_by of FAM:
> >
> > struct fs_bulk {
> > ...
> > int len;
> > ...
> > }
> >
> > struct fc_bulk {
> > ...
> > struct fs_bulk fs_bulk;
> > struct fc fcs[] __counted_by(fs_bulk.len);
> > };
> >
> > i.e, the “counted_by” field is in the inner structure of the current
> > structure of the FAM.
> > With the current syntax, it’s not easy to extend to support this.
> >
> > But with the designator syntax, it might be much easier to be extended to
> > support this.
> >
> > So, Kees and Bill, what’s your opinion on this? I think that it’s better to
> > have a consistent interface between GCC
> > and Clang.
> >
> > Joseph, what’s your opinion on this new syntax? Shall we support the
> > designator syntax for counted_by attribute?
> >
> I've been thinking more about what we discussed regarding this and I
> have to agree with Martin that putting off using the new syntax for
> both FAMs and pointers will make things worse in the long run. We'll
> already have to deprecate the current syntax in compilers for code
> using the current syntax, but it may not be too late. Linux is pretty
> much the main user of this feature, and we have pretty good control
> over how it's used there.
While it'll take a bit longer, I am convinced as well. It will let us do
things we keep tripping over (like fs_bulk.len example above).
> The one wrinkle is that Apple allows for full expressions, not just a
> field designator---and they're currently using full expressions.
> AFAIK, that code is internal to Apple, but they want to externalize
> it. So we'll eventually have to come up with some sort of plan for how
> to deal with it probably sooner rather than later. I'll open up a
> discussion with them about it.
Gaining access to global variables is another gap Linux has -- e.g. we
have arrays that are sized by the global number-of-cpus variable. :)
--
Kees Cook
