Joseph, Kees and Bill,
I need your input on this.
> On Jan 17, 2025, at 10:12, Martin Uecker <uec...@tugraz.at> wrote:
>
> Am Donnerstag, dem 16.01.2025 um 21:18 +0000 schrieb Qing Zhao:
>>
> ..
>>
>> Although in the previous discussion, I agreed with Martin that we should use
>> the
>> designator syntax (i.e, counted_by (.n) instead of counted_by (n)) for the
>> counted_by attribute for pointer fields, after more consideration and
>> discussion
>> with Bill Wendling (who is working on the same work for CLANG), we decided to
>> keep the current syntax of FAM for pointer fields. And leave the new syntax
>> (.n)
>> and more complicate expressions to a later work.
>>
> I think this would be a mistake. Once you have established the confusing
> syntax,
> it will not easily go away anymore. So I think you should use the unambiguous
> and future-prove syntax right away. Support for more complicated expressions
> could be left for later, of course.
Personally I agree with you. -:)
Actually we might need to use such syntax in the very beginning when adding
counted_by of FAM.
As I know, linux kernel community asked for the following new feature for
counted_by of FAM:
struct fs_bulk {
...
int len;
...
}
struct fc_bulk {
...
struct fs_bulk fs_bulk;
struct fc fcs[] __counted_by(fs_bulk.len);
};
i.e, the “counted_by” field is in the inner structure of the current structure
of the FAM.
With the current syntax, it’s not easy to extend to support this.
But with the designator syntax, it might be much easier to be extended to
support this.
So, Kees and Bill, what’s your opinion on this? I think that it’s better to
have a consistent interface between GCC
and Clang.
Joseph, what’s your opinion on this new syntax? Shall we support the
designator syntax for counted_by attribute?
thanks.
Qing
>
> Martin
>
>
>> This patch set includes 3 parts:
>>
>> 1.Extend "counted_by" attribute to pointer fields of structures.
>> 2.Convert a pointer reference with counted_by attribute to .ACCESS_WITH_SIZE
>> and use it in builtinin-object-size.
>> 3.Use the counted_by attribute of pointers in array bound checker.
>>
>> In which, the patch 1 and 2 are simple and straightforward, however, the
>> patch 3
>> is a little complicate due to the following reason:
>>
>> Current array bound checker only instruments ARRAY_REF, and the INDEX
>> information is the 2nd operand of the ARRAY_REF.
>>
>> When extending the array bound checker to pointer references with
>> counted_by attributes, the hardest part is to get the INDEX of the
>> corresponding array ref from the offset computation expression of
>> the pointer ref.
>>
>> The whole patch set has been bootstrapped and regression tested on both
>> aarch64
>> and x86.
>>
>> Let me know any comments and suggestions.
>>
>> Thanks.
>>
>> Qing
>>
>> Qing Zhao (3):
>> Extend "counted_by" attribute to pointer fields of structures.
>> Convert a pointer reference with counted_by attribute to
>> .ACCESS_WITH_SIZE and use it in builtinin-object-size.
>> Use the counted_by attribute of pointers in array bound checker.
>>
>> gcc/c-family/c-attribs.cc | 15 +-
>> gcc/c-family/c-gimplify.cc | 7 +
>> gcc/c-family/c-ubsan.cc | 264 ++++++++++++++++--
>> gcc/c/c-decl.cc | 91 +++---
>> gcc/c/c-typeck.cc | 41 +--
>> gcc/doc/extend.texi | 37 ++-
>> gcc/testsuite/gcc.dg/flex-array-counted-by.c | 2 +-
>> gcc/testsuite/gcc.dg/pointer-counted-by-2.c | 8 +
>> gcc/testsuite/gcc.dg/pointer-counted-by-3.c | 127 +++++++++
>> gcc/testsuite/gcc.dg/pointer-counted-by-4.c | 63 +++++
>> gcc/testsuite/gcc.dg/pointer-counted-by-5.c | 48 ++++
>> gcc/testsuite/gcc.dg/pointer-counted-by-6.c | 47 ++++
>> gcc/testsuite/gcc.dg/pointer-counted-by-7.c | 30 ++
>> gcc/testsuite/gcc.dg/pointer-counted-by-8.c | 30 ++
>> gcc/testsuite/gcc.dg/pointer-counted-by.c | 70 +++++
>> .../ubsan/pointer-counted-by-bounds-2.c | 47 ++++
>> .../ubsan/pointer-counted-by-bounds-3.c | 35 +++
>> .../ubsan/pointer-counted-by-bounds-4.c | 35 +++
>> .../ubsan/pointer-counted-by-bounds-5.c | 46 +++
>> .../ubsan/pointer-counted-by-bounds-6.c | 33 +++
>> .../gcc.dg/ubsan/pointer-counted-by-bounds.c | 46 +++
>> gcc/tree-object-size.cc | 11 +-
>> 22 files changed, 1045 insertions(+), 88 deletions(-)
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-2.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-3.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-4.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-5.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-6.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-7.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by-8.c
>> create mode 100644 gcc/testsuite/gcc.dg/pointer-counted-by.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-2.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-3.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-4.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-5.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds-6.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/pointer-counted-by-bounds.c
>>
>
