On Thu, Apr 3, 2025 at 9:54 AM Kees Cook <k...@kernel.org> wrote:
> On Wed, Apr 02, 2025 at 09:16:47PM +0000, Qing Zhao wrote:
> > Hi, Bill,
> >
> > Thanks for the summary.
> >
> > I think that this is good.
> >
> > Two more questions:
> >
> > 1. Shall we keep the same name of the attribute counted_by for the 2nd new
> > syntax?
> > Or use a new name, such as, “counted_by_exp"?
>
> FWIW, the Linux kernel will likely need to create its own macros for all
> of this stuff (just to do the compiler version testing), so there should
> be no problem with different names (or same names) in the compiler API.
>
> > I don’t have strong preference here. As mentioned by Jacub in a
> > previous email, these two syntaxes can be distinguished by the number
> > of arguments of the attribute.
> >
> > So for GCC, there should be no issue with either old name of a new name.
> > However, I am not sure about CLANG. (Considering the complication with
> > APPLE’s implementation)
I also don't have a strong opinion on whether we should add new
'*_expr' attributes. It's pretty easy to determine a single identifier
from a more complex expression, so it's probably okay to use the
current name. (I think that's what Apple has been doing internally.)
> > 2. The 2nd new syntax should resolve all the following new requests from
> > Linux Kernel:
> > 2.1 Refer to a field in the nested structure
> > 2.2 Refer to globals or locals
> > 2.3 Represent simple expression
> > 2.4 Forward referencing
> >
> > Except not very sure on 2.1: refer to a field in the nested structure
> >
> > struct Y {
> > int n;
> > int other;
> > }
> >
> > struct Z {
> > struct Y y;
> > int array[] __attribute__ ((counted_by(?y.n)));
> > };
> >
> > in the above, what should be put instead of "?" to refer to the field "n"
> > of the field "y" of the current object of this struct Z?
> >
> > Based on my understanding, with the new syntax,
> >
> > struct Z {
> > struct Y y;
> > int array[] __attribute__ ((counted_by(struct Y y, y.n)));
> > };
> >
> > i.e, the compiler will lookup “y” inside the current structure, then
> > resolving the member access operator “.” as an expression.
> >
> > Is this correct understanding?
>
> I had the same question, e.g. how is this supposed to be declared:
>
> struct Y {
> int n;
> int other;
> }
>
> struct Z {
> int *ints __attribute__ ((counted_by(y.n)));
> struct Y y;
> };
>
My initial thought is that you'd have something like this:
struct Y {
int n;
};
struct Z {
int *ints __attrbiute__((counted_by(struct Y y; y.n)));
struct Y y;
};
And it should "just work." I'm not sure if there's an issue with this though.
-bw
