hngopher.com

       [HN Gopher] How to use the new counted_by attribute in C (and Li...
       ___________________________________________________________________
        
       How to use the new counted_by attribute in C (and Linux)
        
       Author : thunderbong
       Score  : 39 points
       Date   : 2024-07-20 17:47 UTC (5 hours ago)
        
 (HTM) web link (people.kernel.org)
 (TXT) w3m dump (people.kernel.org)
        
       | azeemba wrote:
       | This is cool, definitely new to me. I do wonder if this just
       | moves the problem though. As the article explains:
       | 
       | > One crucial requirement is that the counter must be initialized
       | before the first reference to the flexible-array member. Another
       | requirement is that the array must always contain at least as
       | many elements as indicated by the counter.
       | 
       | This means as the array is initialized and updated, you must keep
       | the counter updated with it. Its just as easy to screw that up
       | than it is to screw up the general problem of accessing elements
       | that are out-of-bounds
        
         | db48x wrote:
         | It's just as easy to make that mistake, but at least then the
         | compiler can issue a warning.
        
           | akira2501 wrote:
           | It's better than that. If you use FORTIFY_SOURCE then you
           | will get _runtime_ bounds checking.
           | 
           | So, while you still have to make sure your structure is sane,
           | now the runtime can play along too.
        
             | db48x wrote:
             | True, but compile time warnings beat runtime checks every
             | time. Well, as long as people turn the warnings into errors
             | so that they cannot just be ignored.
        
       | blacklight wrote:
       | If my understanding of the article right, the counter needs to be
       | updated by the business logic every time the underlying array is
       | updated. This doesn't seem to solve any problems. Indeed, it's
       | just synctatic sugar to wrap up what many developers have been
       | doing for decades anyway. And it doesn't reduce the chances of
       | mistakes in getting the counter and the array out of sync either.
        
         | db48x wrote:
         | It is just "syntactic sugar" but the idea is that it gives the
         | compiler enough information to generate proper warnings if you
         | do it wrong.
        
       | hgs3 wrote:
       | Worth noting the analog in MSVC is SAL annotations [1].
       | 
       | [1] https://learn.microsoft.com/en-us/cpp/code-
       | quality/annotatin...
        
       ___________________________________________________________________
       (page generated 2024-07-20 23:08 UTC)