[Bug c/77531] __attribute__((alloc_size(1,2))) could also warn on multiplication overflow

[crrodriguez at opensuse dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77531

--- Comment #2 from Cristian Rodríguez <crrodriguez at opensuse dot org> ---
(In reply to Jakub Jelinek from comment #1)
> I guess the question is
> 1) in which pass to do this (during expansion of calls?); for SSA_NAMEs it
> could perhaps use get_range_info and warn if it would always overflow (i.e.
> if the minimum of arg1's range * minimum of arg2's range overflows)

At whichever stage the compiler is able to catch more mistakes I guess.

> 2) agree on types the computation happens in; tree-object-size.c right now
> casts the arguments regardless of type to sizetype, so size_t at the source
> level;

So, in theory you have to preserve this behaviour for backward compatibility
right ?

 so, shall we do such casts and perform multiplication in size_t, or
> in some other type (e.g. if both arguments are int, in int, etc.; what to do
> if the arguments have different type)?

Yes.however I think the compiler could emit a warning if arguments are not
size_t. ("attribute alloc_size expects function argument %d to be size_t but
$type given..") after all allocation sizes are of that type according to the C
standard..