On Fri, Jan 17, 2025 at 8:20 AM Qing Zhao <qing.z...@oracle.com> wrote:
>
> Hi, Bill,
>
> Thanks a lot for your testing case.
>
> I studied this testing case and realized that we need to decide
> what’s the expected behavior for the following situation:
>
> struct bar;
>
> struct a {
> int dummy;
> struct bar *array __attribute__((counted_by(count)));
> char count;
> };
>
> when the size information of the element of the pointer array is not available
> in the current compilation, i.e., there is no definition of the structure
> “bar” in the
> current file, the size of “structure bar” is not known, as a result,
> compilation is not
> able to compute the object size of the pointer array “array” even though the
> length
> of the array is known.
>
> So, my question is:
>
> 1. When should the compiler issue warning for such situation?
> A. During C frontend when checking the counted_by attributes.
> B. During middle-end when __builtin_dynamic_object_size is computing the
> object size.
>
> I prefer B. The reason is: even though the counted_by attribute under such
> situation is not enough for object_size,
> It should be enough for the bound sanitizer?
>
My feelings on this is that we should allow this in the struct
declaration, because when the user goes to allocate the objects for
'array', struct bar will be defined. So there shouldn't be an issue.
There are two possible uses (maybe more) that I can think of:
ptr->array = malloc (sizeof (struct bar));
ptr->count = 1;
or
ptr->array = malloc (sizeof (struct bar) * count);
ptr->count = count;
And then you can access the 5th element like this:
(((char *) ptr->array) + sizeof (struct bar) * 5).some_element;
(Gotta love C.)
-bw
