Hi Martin, On Thu, Jul 11, 2024 at 06:34:04PM GMT, Alejandro Colomar wrote: > Hi Martin, David, > > On Thu, Jul 11, 2024 at 06:08:38PM GMT, David Brown wrote: > > On 11/07/2024 11:58, Martin Uecker via Gcc wrote: > > > > [[gnu::access(read_write, 1)]] > > > > [[gnu::access(read_only, 2)]] > > > > [[gnu::nonnull(1, 2)]] > > > > [[gnu::null_terminated_string_arg(2)]] > > > > char * > > > > strsep(char **restrict sp, const char *delim); > > > > > > The main problem from a user perspective is that > > > these are attributes on the function declaration > > > and not on the argument (type). > > > > > > > > > > > I was thinking that with floating numbers, one could specify the number > > > > of dereferences with a number after the decimal point. It's a bit > > > > weird, since the floating point is interpreted as two separate integer > > > > numbers separated by a '.', but could work. In this case: > > > > > > > > [[gnu::access(read_write, 1)]] > > > > [[gnu::access(read_write, 1.1)]] > > > > [[gnu::access(read_only, 2)]] > > > > [[gnu::nonnull(1, 2)]] > > > > [[gnu::null_terminated_string_arg(1.1)]] > > > > [[gnu::null_terminated_string_arg(2)]] > > > > char * > > > > strsep(char **restrict sp, const char *delim); > > > > > > > > Which would mark the pointer *sp as read_write and a string. What do > > > > you think about it? > > > > > > If the attributes could be applied to the type, then > > > one could attach them directly at an intermediate > > > pointer level, which would be more intuitive and > > > less fragile. > > >
On the other hand, I was thinking of this not for [[gnu::access()]], but
for [[alx::restrict()]].
The idea was to be able to mark strtol(3) with it:
[[alx::restrict(1, 2.1)]]
[[alx::restrict(2)]]
[[gnu::access(read_only, 1)]]
[[gnu::access(write_only, 2)]]
[[gnu::access(none, 2.1)]]
[[gnu::nonnull(1)]]
[[gnu::null_terminated_string_arg(1)]]
[[gnu::leaf]]
[[gnu::nothrow]]
long
strtol(const char *nptr, char **endp, int base);
For marking parameters 1 and 2.1 as possibly aliasing each other
requires doing so at the function, and not at the parameter.
Have a lovely day!
Alex
> >
> > That would be a huge improvement (IMHO). Then you could write :
> >
> > #define RW [[gnu::access(read_write)]]
> > #define RO [[gnu::access(read_only)]]
> > #define NONNULL [[gnu::nonnull]]
> > #define CSTRING [[gnu::null_terminated_string_arg]]
> >
> > char * strsep(char * RW * RW NONNULL CSTRING restrict sp,
> > const char * RO NUNNULL CSTRING delim);
>
> Yup; if that could be done, it would be interesting. Martin, can it be
> done? I'm worried that it might get ambiguous in some cases. Is there
> any summary of positions where C23 attributes can go and their meanings?
> I always have a hard time finding all the possible combinations.
>
> Should such a new attribute go to the left of the '*', or to the right?
>
> > It would be even better if the characteristics could be tied into a typedef.
> >
> > typedef const char * [[gnu::access(read_only)]] [[gnu::nonnull]]
> > [[gnu::null_terminated_string_arg]] const_cstring;
>
> Hmmmm.
>
> > David
>
> Cheers,
> Alex
>
> --
> <https://www.alejandro-colomar.es/>
--
<https://www.alejandro-colomar.es/>
signature.asc
Description: PGP signature
