On 11/07/2024 11:58, Martin Uecker via Gcc wrote:
Am Donnerstag, dem 11.07.2024 um 11:35 +0200 schrieb Alejandro Colomar via Gcc:
Hi,
I was wondering how we could extend attributes such as gnu::access() to
apply it to pointees too. Currently, there's no way to specify the
access mode of a pointee.
Let's take for example strsep(3):
With current syntax, this is what we can specify:
[[gnu::access(read_write, 1)]]
[[gnu::access(read_only, 2)]]
[[gnu::nonnull(1, 2)]]
[[gnu::null_terminated_string_arg(2)]]
char *
strsep(char **restrict sp, const char *delim);
The main problem from a user perspective is that
these are attributes on the function declaration
and not on the argument (type).
I was thinking that with floating numbers, one could specify the number
of dereferences with a number after the decimal point. It's a bit
weird, since the floating point is interpreted as two separate integer
numbers separated by a '.', but could work. In this case:
[[gnu::access(read_write, 1)]]
[[gnu::access(read_write, 1.1)]]
[[gnu::access(read_only, 2)]]
[[gnu::nonnull(1, 2)]]
[[gnu::null_terminated_string_arg(1.1)]]
[[gnu::null_terminated_string_arg(2)]]
char *
strsep(char **restrict sp, const char *delim);
Which would mark the pointer *sp as read_write and a string. What do
you think about it?
If the attributes could be applied to the type, then
one could attach them directly at an intermediate
pointer level, which would be more intuitive and
less fragile.
That would be a huge improvement (IMHO). Then you could write :
#define RW [[gnu::access(read_write)]]
#define RO [[gnu::access(read_only)]]
#define NONNULL [[gnu::nonnull]]
#define CSTRING [[gnu::null_terminated_string_arg]]
char * strsep(char * RW * RW NONNULL CSTRING restrict sp,
const char * RO NUNNULL CSTRING delim);
It would be even better if the characteristics could be tied into a typedef.
typedef const char * [[gnu::access(read_only)]] [[gnu::nonnull]]
[[gnu::null_terminated_string_arg]] const_cstring;
David
