On Thu, Jan 16, 2025 at 1:19 PM Qing Zhao <qing.z...@oracle.com> wrote:
>
> Hi,
>
> This is the patch set to extend "counted_by" attribute to pointer fields of
> structures.
>
> For example:
>
> struct PP {
> size_t count2;
> char other1;
> char *array2 __attribute__ ((counted_by (count2)));
> int other2;
> } *pp;
>
> specifies that the "array2" is an array that is pointed by the
> pointer field, and its number of elements is given by the field
> "count2" in the same structure.
>
> Per the previous discussion with Martin and Bill
> (https://gcc.gnu.org/pipermail/gcc-patches/2024-November/669320.html)
>
> there are the following importand facts about "counted_by" on pointer fields
> compared
> to the "counted_by" on FAM fields:
>
> 1. one more new requirement for pointer fields with "counted_by" attribute:
> pp->array2 and pp->count2 can ONLY be changed by changing the whole
> structure
> at the same time.
>
> 2. the following feature for FAM field with "counted_by" attribute is NOT
> valid for the pointer field any more:
>
> " One important feature of the attribute is, a reference to the
> flexible array member field uses the latest value assigned to the
> field that represents the number of the elements before that
> reference. For example,
>
> p->count = val1;
> p->array[20] = 0; // ref1 to p->array
> p->count = val2;
> p->array[30] = 0; // ref2 to p->array
>
> in the above, 'ref1' uses 'val1' as the number of the elements in
> 'p->array', and 'ref2' uses 'val2' as the number of elements in
> 'p->array'. "
>
> Although in the previous discussion, I agreed with Martin that we should use
> the
> designator syntax (i.e, counted_by (.n) instead of counted_by (n)) for the
> counted_by attribute for pointer fields, after more consideration and
> discussion
> with Bill Wendling (who is working on the same work for CLANG), we decided to
> keep the current syntax of FAM for pointer fields. And leave the new syntax
> (.n)
> and more complicate expressions to a later work.
>
> This patch set includes 3 parts:
>
> 1.Extend "counted_by" attribute to pointer fields of structures.
> 2.Convert a pointer reference with counted_by attribute to .ACCESS_WITH_SIZE
> and use it in builtinin-object-size.
> 3.Use the counted_by attribute of pointers in array bound checker.
>
> In which, the patch 1 and 2 are simple and straightforward, however, the
> patch 3
> is a little complicate due to the following reason:
>
> Current array bound checker only instruments ARRAY_REF, and the INDEX
> information is the 2nd operand of the ARRAY_REF.
>
> When extending the array bound checker to pointer references with
> counted_by attributes, the hardest part is to get the INDEX of the
> corresponding array ref from the offset computation expression of
> the pointer ref.
>
> The whole patch set has been bootstrapped and regression tested on both
> aarch64
> and x86.
>
> Let me know any comments and suggestions.
>
> Thanks.
>
> Qing
>
> Qing Zhao (3):
> Extend "counted_by" attribute to pointer fields of structures.
> Convert a pointer reference with counted_by attribute to
> .ACCESS_WITH_SIZE and use it in builtinin-object-size.
> Use the counted_by attribute of pointers in array bound checker.
>
> gcc/c-family/c-attribs.cc | 15 +-
> gcc/c-family/c-gimplify.cc | 7 +
> gcc/c-family/c-ubsan.cc | 264 ++++++++++++++++--
> gcc/c/c-decl.cc | 91 +++---
> gcc/c/c-typeck.cc | 41 +--
> gcc/doc/extend.texi | 37 ++-
> gcc/testsuite/gcc.dg/flex-array-counted-by.c | 2 +-
> gcc/testsuite/gcc.dg/pointer-counted-by-2.c | 8 +
> gcc/testsuite/gcc.dg/pointer-counted-by-3.c | 127 +++++++++
> gcc/testsuite/gcc.dg/pointer-counted-by-4.c | 63 +++++
> gcc/testsuite/gcc.dg/pointer-counted-by-5.c | 48 ++++
> gcc/testsuite/gcc.dg/pointer-counted-by-6.c | 47 ++++
> gcc/testsuite/gcc.dg/pointer-counted-by-7.c | 30 ++
> gcc/testsuite/gcc.dg/pointer-counted-by-8.c | 30 ++
> gcc/testsuite/gcc.dg/pointer-counted-by.c | 70 +++++
Do you have any tests where the 'count' field is after the pointer field?
-bw
> .../ubsan/pointer-counted-by-bounds-2.c | 47 ++++
> .../ubsan/pointer-counted-by-bounds-3.c | 35 +++
> .../ubsan/pointer-counted-by-bounds-4.c | 35 +++
> .../ubsan/pointer-counted-by-bounds-5.c | 46 +++
> .../ubsan/pointer-counted-by-bounds-6.c | 33 +++
> .../gcc.dg/ubsan/pointer-counted-by-bounds.c | 46 +++
> gcc/tree-object-size.cc | 11 +-
> 22 files changed, 1045 insertions(+), 88 deletions(-)
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-2.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-3.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-4.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-5.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-6.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-7.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-8.c
> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by.c
> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-2.c
> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-3.c
> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-4.c
> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-5.c
> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-6.c
> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds.c
>
> --
> 2.31.1
>
