Hi,
This is the patch set to extend "counted_by" attribute to pointer fields of
structures.
For example:
struct PP {
size_t count2;
char other1;
char *array2 __attribute__ ((counted_by (count2)));
int other2;
} *pp;
specifies that the "array2" is an array that is pointed by the
pointer field, and its number of elements is given by the field
"count2" in the same structure.
Per the previous discussion with Martin and Bill
(https://gcc.gnu.org/pipermail/gcc-patches/2024-November/669320.html)
there are the following importand facts about "counted_by" on pointer fields
compared
to the "counted_by" on FAM fields:
1. one more new requirement for pointer fields with "counted_by" attribute:
pp->array2 and pp->count2 can ONLY be changed by changing the whole structure
at the same time.
2. the following feature for FAM field with "counted_by" attribute is NOT
valid for the pointer field any more:
" One important feature of the attribute is, a reference to the
flexible array member field uses the latest value assigned to the
field that represents the number of the elements before that
reference. For example,
p->count = val1;
p->array[20] = 0; // ref1 to p->array
p->count = val2;
p->array[30] = 0; // ref2 to p->array
in the above, 'ref1' uses 'val1' as the number of the elements in
'p->array', and 'ref2' uses 'val2' as the number of elements in
'p->array'. "
Although in the previous discussion, I agreed with Martin that we should use the
designator syntax (i.e, counted_by (.n) instead of counted_by (n)) for the
counted_by attribute for pointer fields, after more consideration and discussion
with Bill Wendling (who is working on the same work for CLANG), we decided to
keep the current syntax of FAM for pointer fields. And leave the new syntax (.n)
and more complicate expressions to a later work.
This patch set includes 3 parts:
1.Extend "counted_by" attribute to pointer fields of structures.
2.Convert a pointer reference with counted_by attribute to .ACCESS_WITH_SIZE
and use it in builtinin-object-size.
3.Use the counted_by attribute of pointers in array bound checker.
In which, the patch 1 and 2 are simple and straightforward, however, the patch
3
is a little complicate due to the following reason:
Current array bound checker only instruments ARRAY_REF, and the INDEX
information is the 2nd operand of the ARRAY_REF.
When extending the array bound checker to pointer references with
counted_by attributes, the hardest part is to get the INDEX of the
corresponding array ref from the offset computation expression of
the pointer ref.
The whole patch set has been bootstrapped and regression tested on both aarch64
and x86.
Let me know any comments and suggestions.
Thanks.
Qing
Qing Zhao (3):
Extend "counted_by" attribute to pointer fields of structures.
Convert a pointer reference with counted_by attribute to
.ACCESS_WITH_SIZE and use it in builtinin-object-size.
Use the counted_by attribute of pointers in array bound checker.
gcc/c-family/c-attribs.cc | 15 +-
gcc/c-family/c-gimplify.cc | 7 +
gcc/c-family/c-ubsan.cc | 264 ++++++++++++++++--
gcc/c/c-decl.cc | 91 +++---
gcc/c/c-typeck.cc | 41 +--
gcc/doc/extend.texi | 37 ++-
gcc/testsuite/gcc.dg/flex-array-counted-by.c | 2 +-
gcc/testsuite/gcc.dg/pointer-counted-by-2.c | 8 +
gcc/testsuite/gcc.dg/pointer-counted-by-3.c | 127 +++++++++
gcc/testsuite/gcc.dg/pointer-counted-by-4.c | 63 +++++
gcc/testsuite/gcc.dg/pointer-counted-by-5.c | 48 ++++
gcc/testsuite/gcc.dg/pointer-counted-by-6.c | 47 ++++
gcc/testsuite/gcc.dg/pointer-counted-by-7.c | 30 ++
gcc/testsuite/gcc.dg/pointer-counted-by-8.c | 30 ++
gcc/testsuite/gcc.dg/pointer-counted-by.c | 70 +++++
.../ubsan/pointer-counted-by-bounds-2.c | 47 ++++
.../ubsan/pointer-counted-by-bounds-3.c | 35 +++
.../ubsan/pointer-counted-by-bounds-4.c | 35 +++
.../ubsan/pointer-counted-by-bounds-5.c | 46 +++
.../ubsan/pointer-counted-by-bounds-6.c | 33 +++
.../gcc.dg/ubsan/pointer-counted-by-bounds.c | 46 +++
gcc/tree-object-size.cc | 11 +-
22 files changed, 1045 insertions(+), 88 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-2.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-5.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-6.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-7.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-8.c
create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-4.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-5.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-6.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds.c
--
2.31.1
