On 4/11/25 10:05, Qing Zhao wrote:
On Apr 10, 2025, at 10:55, Siddhesh Poyarekar <siddh...@gotplt.org> wrote:
On 2025-04-10 10:50, Andrew MacLeod wrote:
Its not clear to me exactly what is being asked, but I think the suggestion is
that pointer references are being replaced with a builtin function called
.ACCESS_WITH_SIZE ? and I presume that builtin function has some parameters
that give you relevant range information of some sort?
Added, not replaced, but yes, that's essentially it.
range-ops is setup to pull range information from builtin functions already in
gimple-range-op.cc:: gimple_range_op_handler::maybe_builtin_call (). We'd just
need to write a handler for this new one. You can pull information from 2
operands under normal circumstances, but exceptions can be made. I'd need a
description of what it looks like and how that translates to range info.
That's perfect! It's probably redundant for cases where we end up with both
.ACCESS_WITH_SIZE and a __bos/__bdos call, but I don't remember if that's the
only place where .ACCESS_WITH_SIZE is generated today.
.ACCESS_WITH_SIZE was defined as following:
.ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE,
TYPE_OF_SIZE, ACCESS_MODE))
which returns the REF_TO_OBJ same as the 1st argument;
In the above call to .ACCESS_WITH_SIZE:
1st argument REF_TO_OBJ: The reference to the object;
2nd argument REF_TO_SIZE: The reference to the size of the object,
3rd argument CLASS_OF_SIZE: The size referenced by the REF_TO_SIZE
represents
0: the number of bytes.
1: the number of the elements of the object type;
4th argument TYPE_OF_SIZE: A constant 0 with its TYPE being the same as the
TYPE
of the object referenced by REF_TO_SIZE
5th argument ACCESS_MODE:
-1: Unknown access semantics
0: none
1: read_only
2: write_only
3: read_write
6th argument: A constant 0 with the pointer TYPE to the original flexible
array type.
C FE generates calls to .ACCESS_WITH_SIZE;
Expand phase converts the call to .ACCESS_WITH_SIZE back to the first argument.
All tree phases before Expand can utilize the size information carried by the
call to .ACCESS_WITH_SIZE.
Currently, every reference to a flexible array member field with counted_by
attribute will be replaced by:
(*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1,
(TYPE_OF_ARRAY *)0))
For example:
struct annotated {
size_t count;
char array[] __attribute__((counted_by (count)));
} *obj;
Given
obj->array
It will be converted to:
_2 = &obj->array;
_3 = &obj->count;
(* .ACCESS_WITH_SIZE (_2, _3, 1, 0, -1, 0B));
Currently, two phases utilized the size information from .ACCESS_WITH_SIZE:
1. Bound sanitizer (c-family/c-ubsan.cc)
2. _bdos (tree-object-size.cc)
Qing, could you please work with Andrew on this?
Sure!
Andrew, Please see the above brief introduction of .ACCESS_WITH_SIZE. let me
know if you need more details.
THere isn't much practical ranger can do with this information yet.. our
prange implementation has not yet been enhanced to track points to
information, but there are plans to enhance it to track that as well as
the information carried buy the current "pointer-query" code that the
warnings utilize. When we get to that point, we would be able to use
the information here to construct a useful pointer reference...
But that wont be for a while.
I will hold onto this and use it when we are enhancing the prange
class. I can't give you a date yet tho :-P
Andrew
