msebor added inline comments.
================
Comment at: clang/test/Sema/unbounded-array-bounds.c:101
+ char tail[1]; // addr16-note {{declared here}} addr32-note {{declared here}}
+} fam1;
+
----------------
There's a difference between the sizes of `fam1` and `fam` that makes accesses
to the four leading elements of `fam1.tail` strictly in bounds, while no access
to either `fam.tail` or `fam0.tail` is (`sizeof fam` is the same as `sizeof
int` while `sizeof fam1` is equal to `sizeof (int[2])` on common targets). It
would be helpful to capture that difference in the tests, both for the warning
and for `__builtin_object_size`.
There should also be a difference between accessing elements of an object of an
initialized struct with a flexible array member (i.e., one whose size is known)
and those of an object that's only declared but that's defined in some other
translation unit. Since the size of the object is determined by its
initializer, it should be reflected in `__builtin_object_size` and accesses to
it checked by `-Warray-bounds`. The size of the latter object is unknown it
must be assumed to be `PTRDIFF_MAX - sizeof (int) - 1`. It would also be
helpful to add tests for these cases.
As far as I can see, none of these cases seems to be handled quite right on
trunk. For example, the size of `s` below should be 8 but Clang evaluates
`__builtin_object_size(&s, N)` to 4, without diagnosing any past-the-end
accesses to `s.a`:
```
struct S {
int n;
char a[];
} s = { 1, { 2, 3, 4, 5 } };
```
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D133108/new/
https://reviews.llvm.org/D133108
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
