Re: Questions on replacing a structure pointer reference to a call to .ACCESS_WITH_SIZE in C FE

Wed, 16 Apr 2025 07:46:56 -0700 

Hi, Sid:

> On Apr 10, 2025, at 06:56, Siddhesh Poyarekar <siddh...@gotplt.org> wrote:
> 
> 
>> Maybe you could add it when a pointer to an annotated
>> struct is passed as parameter, but also there it is not
>> clear to me that we might want to materialize new
>> accesses to the struct at this point.
>> An alternative approach could be to just do it when
>> such a pointer is explicitely passed to the BDOS builtin.
> 
> I suppose bounds sanitizer won't be affected by this but wouldn't this then 
> exclude the object-size sanitizer?  I don't know if its instrumentation runs 
> early enough.

I just checked this:

1. The object-size sanitizer instruments the code in a quite early stage 
    in the middle-end, much earlier than objsz phase. 
2. When object-size sanitizer instruments the code, it  might insert calls to 
    __builtin_dynamic_object_size  to acquire the object size, and these 
    added __builtin_dynamic_object_size calls will be evaluated in the later
    objsz phase. 


So, based on this fact and the previous discussion:

1. It’s not safe in general to replace a structure pointer reference to a call 
to .ACCESS_WITH_SIZE in C FE. 
    Since data-flow analysis is needed to make sure that the access to the size 
member is valid, i.e, the structure 
    is accessible and initialized, etc. 

2. It should be safe to generate the reference to field member when we evaluate 
the BDOS builtin as my current
    approach. And doing this in tree-object-size should also cover 
-fsanitize=object-size. 

3. When generating the reference to the field member in tree-object-size, we 
should guard this reference with a checking
    on the pointer to the structure is valid. i.e:

 struct annotated {
  size_t count;
  char array[] __attribute__((counted_by (count)));
 };

static size_t __attribute__((__noinline__)) size_of (struct annotated * obj)
{
   return __builtin_dynamic_object_size (obj, 1);
}

When we try to generate the reference to obj->count when evaluating 
__builtin_dynamic_object_size (obj, 1), 
We should generate the following:

   If (obj != NULL)
     * (&obj->count)

To make sure that the pointer to the structure object is valid first. 

Let me know your comment on this.

thanks.

Qing
> 
> Thanks,
> Sid

Reply via email to