https://github.com/bwendling updated https://github.com/llvm/llvm-project/pull/153338
>From 34f8ba7f20f0d5c7ea5646ac39ababc85667e9d5 Mon Sep 17 00:00:00 2001 From: Bill Wendling <[email protected]> Date: Tue, 12 Aug 2025 19:53:11 -0700 Subject: [PATCH 1/3] [Clang][counted-by][NFC] Add testcase for non-forward record decl This tests that we don't ICE if a struct hasn't been forward declared. Originally fixed in https://github.com/llvm/llvm-project/commit/160fb1121cdf703c3ef5e61fb26c5659eb581489 Link: https://github.com/clangbuiltlinux/linux/issues/2114 --- clang/test/CodeGen/attr-counted-by.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/clang/test/CodeGen/attr-counted-by.c b/clang/test/CodeGen/attr-counted-by.c index 59e1b134850a9..cc11410c957bb 100644 --- a/clang/test/CodeGen/attr-counted-by.c +++ b/clang/test/CodeGen/attr-counted-by.c @@ -2481,3 +2481,20 @@ size_t test36() { size_t test37(struct annotated *ptr) { return __builtin_dynamic_object_size((1, 2, (4, 5, (7, 8, 9, (10, ptr->array)))), 1); } + +// Don't abort when a structure isn't forward declared. This was fixed in +// 160fb11. +// See https://github.com/clangbuiltlinux/linux/issues/2114 + +struct baz; + +struct foo { + unsigned short width; + struct bar *no_forward_decl; + struct baz *array[] __attribute__((__counted_by__(width))); +}; + +struct baz *test38(struct foo *q) +{ + return q->array[0]; +} >From 1f4cd00f82408ca0ce0dac49b3a64aceaff41347 Mon Sep 17 00:00:00 2001 From: Bill Wendling <[email protected]> Date: Tue, 12 Aug 2025 19:57:24 -0700 Subject: [PATCH 2/3] Generate checking code. --- clang/test/CodeGen/attr-counted-by.c | 42 ++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/clang/test/CodeGen/attr-counted-by.c b/clang/test/CodeGen/attr-counted-by.c index cc11410c957bb..b16c044869569 100644 --- a/clang/test/CodeGen/attr-counted-by.c +++ b/clang/test/CodeGen/attr-counted-by.c @@ -2494,6 +2494,48 @@ struct foo { struct baz *array[] __attribute__((__counted_by__(width))); }; +// SANITIZE-WITH-ATTR-LABEL: define dso_local ptr @test38( +// SANITIZE-WITH-ATTR-SAME: ptr noundef [[Q:%.*]]) local_unnamed_addr #[[ATTR0]] { +// SANITIZE-WITH-ATTR-NEXT: entry: +// SANITIZE-WITH-ATTR-NEXT: [[DOTCOUNTED_BY_LOAD:%.*]] = load i16, ptr [[Q]], align 4 +// SANITIZE-WITH-ATTR-NEXT: [[DOTNOT:%.*]] = icmp eq i16 [[DOTCOUNTED_BY_LOAD]], 0 +// SANITIZE-WITH-ATTR-NEXT: br i1 [[DOTNOT]], label [[HANDLER_OUT_OF_BOUNDS:%.*]], label [[CONT3:%.*]], !prof [[PROF8]], !nosanitize [[META2]] +// SANITIZE-WITH-ATTR: handler.out_of_bounds: +// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB55:[0-9]+]], i64 0) #[[ATTR8]], !nosanitize [[META2]] +// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize [[META2]] +// SANITIZE-WITH-ATTR: cont3: +// SANITIZE-WITH-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 +// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA27:![0-9]+]] +// SANITIZE-WITH-ATTR-NEXT: ret ptr [[TMP0]] +// +// NO-SANITIZE-WITH-ATTR-LABEL: define dso_local ptr @test38( +// NO-SANITIZE-WITH-ATTR-SAME: ptr noundef readonly captures(none) [[Q:%.*]]) local_unnamed_addr #[[ATTR2]] { +// NO-SANITIZE-WITH-ATTR-NEXT: entry: +// NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 +// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA24:![0-9]+]] +// NO-SANITIZE-WITH-ATTR-NEXT: ret ptr [[TMP0]] +// +// SANITIZE-WITHOUT-ATTR-LABEL: define dso_local ptr @test38( +// SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[Q:%.*]]) local_unnamed_addr #[[ATTR0]] { +// SANITIZE-WITHOUT-ATTR-NEXT: entry: +// SANITIZE-WITHOUT-ATTR-NEXT: [[DOTCOUNTED_BY_LOAD:%.*]] = load i16, ptr [[Q]], align 4 +// SANITIZE-WITHOUT-ATTR-NEXT: [[DOTNOT:%.*]] = icmp eq i16 [[DOTCOUNTED_BY_LOAD]], 0 +// SANITIZE-WITHOUT-ATTR-NEXT: br i1 [[DOTNOT]], label [[HANDLER_OUT_OF_BOUNDS:%.*]], label [[CONT3:%.*]], !prof [[PROF10]], !nosanitize [[META9]] +// SANITIZE-WITHOUT-ATTR: handler.out_of_bounds: +// SANITIZE-WITHOUT-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB23:[0-9]+]], i64 0) #[[ATTR8]], !nosanitize [[META9]] +// SANITIZE-WITHOUT-ATTR-NEXT: unreachable, !nosanitize [[META9]] +// SANITIZE-WITHOUT-ATTR: cont3: +// SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 +// SANITIZE-WITHOUT-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA27:![0-9]+]] +// SANITIZE-WITHOUT-ATTR-NEXT: ret ptr [[TMP0]] +// +// NO-SANITIZE-WITHOUT-ATTR-LABEL: define dso_local ptr @test38( +// NO-SANITIZE-WITHOUT-ATTR-SAME: ptr noundef readonly captures(none) [[Q:%.*]]) local_unnamed_addr #[[ATTR6]] { +// NO-SANITIZE-WITHOUT-ATTR-NEXT: entry: +// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 +// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA24:![0-9]+]] +// NO-SANITIZE-WITHOUT-ATTR-NEXT: ret ptr [[TMP0]] +// struct baz *test38(struct foo *q) { return q->array[0]; >From 49d2dbcc465a3749d89f34398817028dba15cb4a Mon Sep 17 00:00:00 2001 From: Bill Wendling <[email protected]> Date: Mon, 5 Jan 2026 11:04:34 -0800 Subject: [PATCH 3/3] Regen testcase. --- clang/test/CodeGen/attr-counted-by.c | 47 ++++++++++++++++------------ 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/clang/test/CodeGen/attr-counted-by.c b/clang/test/CodeGen/attr-counted-by.c index d91f8ccb9840c..a51681a9c00fc 100644 --- a/clang/test/CodeGen/attr-counted-by.c +++ b/clang/test/CodeGen/attr-counted-by.c @@ -2593,8 +2593,6 @@ size_t test39(struct annotated *ptr, int index) { // 160fb11. // See https://github.com/clangbuiltlinux/linux/issues/2114 -struct baz; - struct foo { unsigned short width; struct bar *no_forward_decl; @@ -2603,44 +2601,44 @@ struct foo { // SANITIZE-WITH-ATTR-LABEL: define dso_local ptr @test40( // SANITIZE-WITH-ATTR-SAME: ptr noundef [[Q:%.*]]) local_unnamed_addr #[[ATTR0]] { -// SANITIZE-WITH-ATTR-NEXT: entry: +// SANITIZE-WITH-ATTR-NEXT: [[ENTRY:.*:]] // SANITIZE-WITH-ATTR-NEXT: [[DOTCOUNTED_BY_LOAD:%.*]] = load i16, ptr [[Q]], align 4 // SANITIZE-WITH-ATTR-NEXT: [[DOTNOT:%.*]] = icmp eq i16 [[DOTCOUNTED_BY_LOAD]], 0 -// SANITIZE-WITH-ATTR-NEXT: br i1 [[DOTNOT]], label [[HANDLER_OUT_OF_BOUNDS:%.*]], label [[CONT3:%.*]], !prof [[PROF8]], !nosanitize [[META2]] -// SANITIZE-WITH-ATTR: handler.out_of_bounds: -// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB55:[0-9]+]], i64 0) #[[ATTR8]], !nosanitize [[META2]] -// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize [[META2]] -// SANITIZE-WITH-ATTR: cont3: +// SANITIZE-WITH-ATTR-NEXT: br i1 [[DOTNOT]], label %[[HANDLER_OUT_OF_BOUNDS:.*]], label %[[CONT3:.*]], !prof [[PROF8]], !nosanitize [[META6]] +// SANITIZE-WITH-ATTR: [[HANDLER_OUT_OF_BOUNDS]]: +// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB58:[0-9]+]], i64 0) #[[ATTR8]], !nosanitize [[META6]] +// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize [[META6]] +// SANITIZE-WITH-ATTR: [[CONT3]]: // SANITIZE-WITH-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 -// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA27:![0-9]+]] +// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[_ZTS3BAZPTR_TBAA27:![0-9]+]] // SANITIZE-WITH-ATTR-NEXT: ret ptr [[TMP0]] // // NO-SANITIZE-WITH-ATTR-LABEL: define dso_local ptr @test40( // NO-SANITIZE-WITH-ATTR-SAME: ptr noundef readonly captures(none) [[Q:%.*]]) local_unnamed_addr #[[ATTR2]] { -// NO-SANITIZE-WITH-ATTR-NEXT: entry: +// NO-SANITIZE-WITH-ATTR-NEXT: [[ENTRY:.*:]] // NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 -// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA24:![0-9]+]] +// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[_ZTS3BAZPTR_TBAA24:![0-9]+]] // NO-SANITIZE-WITH-ATTR-NEXT: ret ptr [[TMP0]] // // SANITIZE-WITHOUT-ATTR-LABEL: define dso_local ptr @test40( // SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[Q:%.*]]) local_unnamed_addr #[[ATTR0]] { -// SANITIZE-WITHOUT-ATTR-NEXT: entry: +// SANITIZE-WITHOUT-ATTR-NEXT: [[ENTRY:.*:]] // SANITIZE-WITHOUT-ATTR-NEXT: [[DOTCOUNTED_BY_LOAD:%.*]] = load i16, ptr [[Q]], align 4 // SANITIZE-WITHOUT-ATTR-NEXT: [[DOTNOT:%.*]] = icmp eq i16 [[DOTCOUNTED_BY_LOAD]], 0 -// SANITIZE-WITHOUT-ATTR-NEXT: br i1 [[DOTNOT]], label [[HANDLER_OUT_OF_BOUNDS:%.*]], label [[CONT3:%.*]], !prof [[PROF10]], !nosanitize [[META9]] -// SANITIZE-WITHOUT-ATTR: handler.out_of_bounds: -// SANITIZE-WITHOUT-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB23:[0-9]+]], i64 0) #[[ATTR8]], !nosanitize [[META9]] -// SANITIZE-WITHOUT-ATTR-NEXT: unreachable, !nosanitize [[META9]] -// SANITIZE-WITHOUT-ATTR: cont3: +// SANITIZE-WITHOUT-ATTR-NEXT: br i1 [[DOTNOT]], label %[[HANDLER_OUT_OF_BOUNDS:.*]], label %[[CONT3:.*]], !prof [[PROF26:![0-9]+]], !nosanitize [[META8]] +// SANITIZE-WITHOUT-ATTR: [[HANDLER_OUT_OF_BOUNDS]]: +// SANITIZE-WITHOUT-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB25:[0-9]+]], i64 0) #[[ATTR8]], !nosanitize [[META8]] +// SANITIZE-WITHOUT-ATTR-NEXT: unreachable, !nosanitize [[META8]] +// SANITIZE-WITHOUT-ATTR: [[CONT3]]: // SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 -// SANITIZE-WITHOUT-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA27:![0-9]+]] +// SANITIZE-WITHOUT-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[_ZTS3BAZPTR_TBAA27:![0-9]+]] // SANITIZE-WITHOUT-ATTR-NEXT: ret ptr [[TMP0]] // // NO-SANITIZE-WITHOUT-ATTR-LABEL: define dso_local ptr @test40( // NO-SANITIZE-WITHOUT-ATTR-SAME: ptr noundef readonly captures(none) [[Q:%.*]]) local_unnamed_addr #[[ATTR6]] { -// NO-SANITIZE-WITHOUT-ATTR-NEXT: entry: +// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ENTRY:.*:]] // NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds nuw i8, ptr [[Q]], i64 16 -// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[TBAA24:![0-9]+]] +// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[TMP0:%.*]] = load ptr, ptr [[ARRAY]], align 8, !tbaa [[_ZTS3BAZPTR_TBAA24:![0-9]+]] // NO-SANITIZE-WITHOUT-ATTR-NEXT: ret ptr [[TMP0]] // struct baz *test40(struct foo *q) @@ -2674,6 +2672,8 @@ struct baz *test40(struct foo *q) // SANITIZE-WITH-ATTR: [[META24]] = !{!"p1 _ZTS9annotated", [[META14]], i64 0} // SANITIZE-WITH-ATTR: [[LONG_TBAA25]] = !{[[META26:![0-9]+]], [[META26]], i64 0} // SANITIZE-WITH-ATTR: [[META26]] = !{!"long", [[META4]], i64 0} +// SANITIZE-WITH-ATTR: [[_ZTS3BAZPTR_TBAA27]] = !{[[META28:![0-9]+]], [[META28]], i64 0} +// SANITIZE-WITH-ATTR: [[META28]] = !{!"p1 _ZTS3baz", [[META14]], i64 0} //. // NO-SANITIZE-WITH-ATTR: [[INT_TBAA2]] = !{[[META3:![0-9]+]], [[META3]], i64 0} // NO-SANITIZE-WITH-ATTR: [[META3]] = !{!"int", [[META4:![0-9]+]], i64 0} @@ -2697,6 +2697,8 @@ struct baz *test40(struct foo *q) // NO-SANITIZE-WITH-ATTR: [[META21]] = !{!"p1 _ZTS9annotated", [[META11]], i64 0} // NO-SANITIZE-WITH-ATTR: [[LONG_TBAA22]] = !{[[META23:![0-9]+]], [[META23]], i64 0} // NO-SANITIZE-WITH-ATTR: [[META23]] = !{!"long", [[META4]], i64 0} +// NO-SANITIZE-WITH-ATTR: [[_ZTS3BAZPTR_TBAA24]] = !{[[META25:![0-9]+]], [[META25]], i64 0} +// NO-SANITIZE-WITH-ATTR: [[META25]] = !{!"p1 _ZTS3baz", [[META11]], i64 0} //. // SANITIZE-WITHOUT-ATTR: [[INT_TBAA2]] = !{[[META3:![0-9]+]], [[META3]], i64 0} // SANITIZE-WITHOUT-ATTR: [[META3]] = !{!"int", [[META4:![0-9]+]], i64 0} @@ -2722,6 +2724,9 @@ struct baz *test40(struct foo *q) // SANITIZE-WITHOUT-ATTR: [[META23]] = !{!"p1 _ZTS9annotated", [[META13]], i64 0} // SANITIZE-WITHOUT-ATTR: [[LONG_TBAA24]] = !{[[META25:![0-9]+]], [[META25]], i64 0} // SANITIZE-WITHOUT-ATTR: [[META25]] = !{!"long", [[META4]], i64 0} +// SANITIZE-WITHOUT-ATTR: [[PROF26]] = !{!"branch_weights", i32 1, i32 1048575} +// SANITIZE-WITHOUT-ATTR: [[_ZTS3BAZPTR_TBAA27]] = !{[[META28:![0-9]+]], [[META28]], i64 0} +// SANITIZE-WITHOUT-ATTR: [[META28]] = !{!"p1 _ZTS3baz", [[META13]], i64 0} //. // NO-SANITIZE-WITHOUT-ATTR: [[INT_TBAA2]] = !{[[META3:![0-9]+]], [[META3]], i64 0} // NO-SANITIZE-WITHOUT-ATTR: [[META3]] = !{!"int", [[META4:![0-9]+]], i64 0} @@ -2745,4 +2750,6 @@ struct baz *test40(struct foo *q) // NO-SANITIZE-WITHOUT-ATTR: [[META21]] = !{!"p1 _ZTS9annotated", [[META11]], i64 0} // NO-SANITIZE-WITHOUT-ATTR: [[LONG_TBAA22]] = !{[[META23:![0-9]+]], [[META23]], i64 0} // NO-SANITIZE-WITHOUT-ATTR: [[META23]] = !{!"long", [[META4]], i64 0} +// NO-SANITIZE-WITHOUT-ATTR: [[_ZTS3BAZPTR_TBAA24]] = !{[[META25:![0-9]+]], [[META25]], i64 0} +// NO-SANITIZE-WITHOUT-ATTR: [[META25]] = !{!"p1 _ZTS3baz", [[META11]], i64 0} //. _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
