On Thu, Jan 16, 2025 at 3:06 PM Qing Zhao <qing.z...@oracle.com> wrote:
> > On Jan 16, 2025, at 17:29, Bill Wendling <isanb...@gmail.com> wrote:
> >
> > On Thu, Jan 16, 2025 at 1:19 PM Qing Zhao <qing.z...@oracle.com> wrote:
> >>
> >> Hi,
> >>
> >> This is the patch set to extend "counted_by" attribute to pointer fields
> >> of structures.
> >>
> >> For example:
> >>
> >> struct PP {
> >> size_t count2;
> >> char other1;
> >> char *array2 __attribute__ ((counted_by (count2)));
> >> int other2;
> >> } *pp;
> >>
> >> specifies that the "array2" is an array that is pointed by the
> >> pointer field, and its number of elements is given by the field
> >> "count2" in the same structure.
> >>
> >> Per the previous discussion with Martin and Bill
> >> (https://gcc.gnu.org/pipermail/gcc-patches/2024-November/669320.html)
> >>
> >> there are the following importand facts about "counted_by" on pointer
> >> fields compared
> >> to the "counted_by" on FAM fields:
> >>
> >> 1. one more new requirement for pointer fields with "counted_by" attribute:
> >> pp->array2 and pp->count2 can ONLY be changed by changing the whole
> >> structure
> >> at the same time.
> >>
> >> 2. the following feature for FAM field with "counted_by" attribute is NOT
> >> valid for the pointer field any more:
> >>
> >> " One important feature of the attribute is, a reference to the
> >> flexible array member field uses the latest value assigned to the
> >> field that represents the number of the elements before that
> >> reference. For example,
> >>
> >> p->count = val1;
> >> p->array[20] = 0; // ref1 to p->array
> >> p->count = val2;
> >> p->array[30] = 0; // ref2 to p->array
> >>
> >> in the above, 'ref1' uses 'val1' as the number of the elements in
> >> 'p->array', and 'ref2' uses 'val2' as the number of elements in
> >> 'p->array'. "
> >>
> >> Although in the previous discussion, I agreed with Martin that we should
> >> use the
> >> designator syntax (i.e, counted_by (.n) instead of counted_by (n)) for the
> >> counted_by attribute for pointer fields, after more consideration and
> >> discussion
> >> with Bill Wendling (who is working on the same work for CLANG), we decided
> >> to
> >> keep the current syntax of FAM for pointer fields. And leave the new
> >> syntax (.n)
> >> and more complicate expressions to a later work.
> >>
> >> This patch set includes 3 parts:
> >>
> >> 1.Extend "counted_by" attribute to pointer fields of structures.
> >> 2.Convert a pointer reference with counted_by attribute to
> >> .ACCESS_WITH_SIZE
> >> and use it in builtinin-object-size.
> >> 3.Use the counted_by attribute of pointers in array bound checker.
> >>
> >> In which, the patch 1 and 2 are simple and straightforward, however, the
> >> patch 3
> >> is a little complicate due to the following reason:
> >>
> >> Current array bound checker only instruments ARRAY_REF, and the INDEX
> >> information is the 2nd operand of the ARRAY_REF.
> >>
> >> When extending the array bound checker to pointer references with
> >> counted_by attributes, the hardest part is to get the INDEX of the
> >> corresponding array ref from the offset computation expression of
> >> the pointer ref.
> >>
> >> The whole patch set has been bootstrapped and regression tested on both
> >> aarch64
> >> and x86.
> >>
> >> Let me know any comments and suggestions.
> >>
> >> Thanks.
> >>
> >> Qing
> >>
> >> Qing Zhao (3):
> >> Extend "counted_by" attribute to pointer fields of structures.
> >> Convert a pointer reference with counted_by attribute to
> >> .ACCESS_WITH_SIZE and use it in builtinin-object-size.
> >> Use the counted_by attribute of pointers in array bound checker.
> >>
> >> gcc/c-family/c-attribs.cc | 15 +-
> >> gcc/c-family/c-gimplify.cc | 7 +
> >> gcc/c-family/c-ubsan.cc | 264 ++++++++++++++++--
> >> gcc/c/c-decl.cc | 91 +++---
> >> gcc/c/c-typeck.cc | 41 +--
> >> gcc/doc/extend.texi | 37 ++-
> >> gcc/testsuite/gcc.dg/flex-array-counted-by.c | 2 +-
> >> gcc/testsuite/gcc.dg/pointer-counted-by-2.c | 8 +
> >> gcc/testsuite/gcc.dg/pointer-counted-by-3.c | 127 +++++++++
> >> gcc/testsuite/gcc.dg/pointer-counted-by-4.c | 63 +++++
> >> gcc/testsuite/gcc.dg/pointer-counted-by-5.c | 48 ++++
> >> gcc/testsuite/gcc.dg/pointer-counted-by-6.c | 47 ++++
> >> gcc/testsuite/gcc.dg/pointer-counted-by-7.c | 30 ++
> >> gcc/testsuite/gcc.dg/pointer-counted-by-8.c | 30 ++
> >> gcc/testsuite/gcc.dg/pointer-counted-by.c | 70 +++++
> >
> > Do you have any tests where the 'count' field is after the pointer field?
>
> Yes.
>
> In /gcc/testsuite/gcc.dg/pointer-counted-by.c
>
> struct mixed_array_2 {
> float *array_1 __attribute ((counted_by (count1)));
> int count1;
> float *array_2 __attribute ((counted_by (count1)));
> long *array_3 __attribute ((counted_by (count2)));
> int count2;
> long array_4[] __attribute ((counted_by (count2)));
> };
>
>
> count2 is After array_3.
>
> Though I might need to add more such cases. Will do that.
>
> Qing
>
Ah! Sorry about that. I missed that testcase.
-bw
> >> .../ubsan/pointer-counted-by-bounds-2.c | 47 ++++
> >> .../ubsan/pointer-counted-by-bounds-3.c | 35 +++
> >> .../ubsan/pointer-counted-by-bounds-4.c | 35 +++
> >> .../ubsan/pointer-counted-by-bounds-5.c | 46 +++
> >> .../ubsan/pointer-counted-by-bounds-6.c | 33 +++
> >> .../gcc.dg/ubsan/pointer-counted-by-bounds.c | 46 +++
> >> gcc/tree-object-size.cc | 11 +-
> >> 22 files changed, 1045 insertions(+), 88 deletions(-)
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-2.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-3.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-4.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-5.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-6.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-7.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-8.c
> >> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by.c
> >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-2.c
> >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-3.c
> >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-4.c
> >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-5.c
> >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-6.c
> >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds.c
> >>
> >> --
> >> 2.31.1
>
>
