On Wed, Apr 04, 2018 at 10:21:05PM +0000, James Y Knight wrote: > But allowing random pointer arithmetic, and pointer arithmetic wraparound, > is still different than asserting that an object _field access_ can > overflow. Clang does not believe that can happen -- it assumes that an > object will still be contiguous. And that's why the llist stuff used to be > broken, before it was corrected to do simply do math on a uintptr_t (which > is a nice and simple and sane fix!).
That 'fix' wasn't anything simple, I recently ran into that member_address_is_nonnull() trainwreck and had to think real hard wtf it was about.