Yes, you’re absolutely right, but we would like to introduce similar restrictions on using __counted_by eventually, even without -fbounds-safety so we can prevent miss use of __counted_by.
Also, we need to be able to adopt the macro use cases for `-fbounds-safety, so we were trying to sketch what could be compatible for both.
That said, as we listed as an alternative approach, what we could also do is to design __builtin_bounds_attr_arg as returning a pointer similar to __builtin_get_counted_by and then prevent it from being assigned to another variable or passed as an argument, with or without -fbounds-safety.