Open
Description
Hi,
I am using stable/20250402
While testing -fbounds-safety on some project I found some error forcing some annoying conversion.
For example
int count(char *__counted_by(len) p, int len)
{
int i = 0;
while(len--) {
i+= *p++;
}
return i;
}
while produce errors
hello3.c:8:23: error: assignment to 'char *__single __counted_by(len)' (aka 'char *__single') 'p' requires corresponding assignment to 'len'; add self assignment 'len = len' if the value has not changed
8 | i+= *p++;
| ^
hello3.c:7:18: error: assignment to 'len' requires corresponding assignment to 'char *__single __counted_by(len)' (aka 'char *__single') 'p'; add self assignment 'p = p' if the value has not changed
7 | while(len--) {
| ^
2 errors generated.
But the following code doesn't produce any error
int count2(char *__counted_by(len2) p2, int len2)
{
int len = len2;
char *p = p2;
int i = 0;
while(len--) {
i+= *p++;
}
return i;
}
parameter in C are local variable.
Isn't possible that function parameters require annotation to pointer, but that they are treated like local variable ?
In function entry, the compiler know the size of the buffer, and auto track pointer update.
May be a knew __counted_by keyword is need to express that we don't want the pointer p to be always size len, but that we want only to provide buffer size in function entry.
For example a something based of __ended_by (do not work as p is a single pointer)
int count(char *__ended_by(p+len) p, int len)
Metadata
Metadata
Assignees
Labels
No labels