msebor added inline comments.
================ Comment at: clang/test/Sema/unbounded-array-bounds.c:101 + char tail[1]; // addr16-note {{declared here}} addr32-note {{declared here}} +} fam1; + ---------------- There's a difference between the sizes of `fam1` and `fam` that makes accesses to the four leading elements of `fam1.tail` strictly in bounds, while no access to either `fam.tail` or `fam0.tail` is (`sizeof fam` is the same as `sizeof int` while `sizeof fam1` is equal to `sizeof (int[2])` on common targets). It would be helpful to capture that difference in the tests, both for the warning and for `__builtin_object_size`. There should also be a difference between accessing elements of an object of an initialized struct with a flexible array member (i.e., one whose size is known) and those of an object that's only declared but that's defined in some other translation unit. Since the size of the object is determined by its initializer, it should be reflected in `__builtin_object_size` and accesses to it checked by `-Warray-bounds`. The size of the latter object is unknown it must be assumed to be `PTRDIFF_MAX - sizeof (int) - 1`. It would also be helpful to add tests for these cases. As far as I can see, none of these cases seems to be handled quite right on trunk. For example, the size of `s` below should be 8 but Clang evaluates `__builtin_object_size(&s, N)` to 4, without diagnosing any past-the-end accesses to `s.a`: ``` struct S { int n; char a[]; } s = { 1, { 2, 3, 4, 5 } }; ``` CHANGES SINCE LAST ACTION https://reviews.llvm.org/D133108/new/ https://reviews.llvm.org/D133108 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits