On Tue, Jul 15, 2025 at 06:39:42PM +0000, Qing Zhao wrote:
> I re-implemented the patch based on B to fix PR120929, however, the approach
> B brings undefined behavior into the application.
>
> (Actually, I met this issue in the previous implementation but forgot to
> documented it.
> This issue is the exact reason I chose A in my committed patch).
>
> f->p = malloc (size);
> ***** With the approach B: the IL for the above is:
> tmp1 = f->p;
> tmp2 = &f->n;
> tmp3 = .ACCESS_WITH_SIZE (tmp1, tmp2, ...);
> tmp4 = malloc (size);
> tmp3 = tmp4;
You shouldn't emit .ACCESS_WITH_SIZE when you're storing to the counted_by
attributed pointer. You shouldn't emit it when just reading the pointer
either. Neither of those operations cares about the object size.
It should be emitted when you dereference that pointer.
Jakub
