From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3B7593858C53; Thu, 2 Mar 2023 18:17:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3B7593858C53 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1677781023; bh=9mhLASwqXKvDdW3PTFhotTsKl2mHSPo9N3BbKVIm6lM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=MNr8WhVYr0mFsEynutZl3Up6tEwGSotw3pDlQDyNsPA1D2ALh92sHq3O3hXmxiWq2 a02/yIGzQnA7UyNnoNC/SJKZvKSSb5qE2LLfP05DqtkTvD88HOaGbii1NICMiiWcy2 TGJXpzDWXoWWDJY6yDdccU7GOFDfqblReZLkcG9E= From: "muecker at gwdg dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/108896] provide "element_count" attribute to give more context to __builtin_dynamic_object_size() and -fsanitize=bounds Date: Thu, 02 Mar 2023 18:17:02 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: muecker at gwdg dot de X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: qinzhao at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108896 --- Comment #9 from Martin Uecker --- Am Donnerstag, dem 02.03.2023 um 17:34 +0000 schrieb qinzhao at gcc dot gnu.org: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108896 >=20 > --- Comment #8 from qinzhao at gcc dot gnu.org --- > (In reply to Martin Uecker from comment #7) > > An attribute is certainly simpler and should be easy to add. > yes. > >=20 > > I proposed similar extension for C23 and there was some interest, > > but I did not have time to follow up. > >=20 > > https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2660.pdf > very interesting proposal! > are there any discussions on this proposal? if so, can you point me to th= em? One has to check the minutes from the WG14 meetings. You will find those at the website. But I forgot at which meeting it was discussed. Although completeness and quality of the minutes varies, so I am not sure how interesting this is. https://www.open-std.org/jtc1/sc22/wg14/www/wg14_document_log There were thee follow-up proposals which I advanced for=20 C23, but I changed jobs and most of them got delayed too much for C23. But we made variably modified types mandatory in C23 to help with bounds checking and this already works quite nicely with GCC / Clang: https://godbolt.org/z/ddfsdWPMj > >=20 > >=20 > > Sizeof is not a constant expression in ISO C for a VLA and it is not a > > constant expression if the struct contains a VLA (GNU extension). So = this > > is already the case and nothing would need to change. It would also pot= entially=20=20 > > avoid mistakes when computing the size of such a struct. > agreed. > However, my understanding is: VLA is only valid inside a function scope. = GCC > use a special SAVE_EXPR to record its size expression. and evaluated duri= ng > runtime only once.=20 Yes, this is correct. > when this variable length concept is extended to global scope, not sure h= ow to > implement the size expression? need some study here. Here, we want to use a member of the struct as a size=C2=A0 expression. This could work equally at function and file scope. But the semantics need to be worked out. I have started to work on a patch for GCC a couple of weeks ago using PLACEHOLDER_EXPR, but did not get very far. The idea is to evaluate the size expression whenever the member with the size is accesses. If the size is not set before, this would be undefined behavior. Other languages such as Ada support this, so in principle this should be a piece of cake. >=20 > > =C2=A0But the > > rules for initialization are not so clear. > shall we make this clear? We should... > >=20 > > I do not think it is a good idea to differentiate between file scope st= ructs > > and others. This would be confusing. > Yes. agreed. >=20 > this proposal basically is to extend the VLA concept from function scope = to > global scope. is my understanding correct? I would say the idea is to allow size expressions to refer to member of a struct instead of only automatic variables. >=20 > >=20 > > Considering that the GNU extensions is rarely used, one could consider > > redefining the meaning of > >=20 > > int n =3D 1; > > struct { > > =C2=A0=C2=A0int n; > > =C2=A0=C2=A0char buf[n]; > > }; > >=20 > > so that the 'n' refers to the member. Or we add a new syntax similar to > > designators (which intuitively makes sense to me). > designator might be better IMO. >=20 > a question here is: >=20 > for the following nested structure:=20 >=20 > struct object { > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0... > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0char items; > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0... > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0struct inner { > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0... > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0int flex[]; > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0}; > } *ptr; >=20 > what kind of syntax is good to represent the upper bound of "flex" in the= inner > struct with "items" in the outer structure? any suggestion? I would disallow it. At least at first. It also raises some questions: For example, one could form a pointer to the inner struct, and then it is not clear how 'items' could be accessed anymore. Martin=