bwendling wrote:
This is a PITA. There are two situations:
1. The expression was processed before getting to the `EmitBoundsCheck` call,
and is thus recorded in the `LocalDeclMap` for easy access. Grand!
2. Using a FAM in a `__builtin_dynamic_object_size` cannot have side effects.
Also, it may not have been processed before getting to the "emit object size"
method, meaning it won't be place in a map.
The first situation isn't too bad. The majority of the time, we can gather the
necessary information from `LocalDeclMap` and proceed from there. The `__bdos`
situation is far trickier. Let's say you have something horrid like Eli's
example:
```
int foo(struct s *p, int index) {
return __builtin_dynamic_object_size((++p)->array[index], 1);
}
```
This *shouldn't* increment `p`, but we need to get the array size of the
element *after* `p`. I suspect that this is probably a horrible security
violation in the making, but we at least need to handle such an eventuality
gracefully. For a first pass, I think returning `-1` or `0` (depending on the
default return value) for *any* pointer arithmetic is probably okay...maybe
even the best option?
@kees Thoughts?
https://github.com/llvm/llvm-project/pull/73730
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
