Okay, Based on the comments so far, I will work on the 5th version of the patch, major changes will include:
1. Change the return type of the routine .ACCESS_WITH_SIZE FROM: Pointer to the type of the element of the flexible array; TO: Pointer to the type of the flexible array; And then wrap the call with an indirection reference. 2. Adjust all other parts with this change, (this will simplify the bound sanitizer instrument); 3. Add the fixes to the kernel building failures, which include: A. The operator “typeof” cannot return correct type for a->array; (I guess that the above change 1 might automatically resolve this issue) B. The operator “&” cannot return correct address for a->array; 4. Correctly handle the case when the value of “counted-by” is zero or negative as following 4.1 . Update the counted-by doc with the following: When the counted-by field is assigned a negative integer value, the compiler will treat the value as zero. 4.2. (possibly) Adjust __bdos and array bound sanitizer to handle correctly when “counted-by” is zero. __bdos will return size 0 when counted-by is zero; Array bound sanitizer will report out-of-bound when the counted-by is zero for any array access. Let me know if I missed anything. Thanks a lot for all the comments Qing > On Jan 23, 2024, at 7:29 PM, Qing Zhao <qing.z...@oracle.com> wrote: > > Hi, > > This is the 4th version of the patch. > > It based on the following proposal: > > https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html > Represent the missing dependence for the "counted_by" attribute and its > consumers > > ******The summary of the proposal is: > > * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size > information for every reference to a FAM field; > * In C FE, Replace every reference to a FAM field whose TYPE has the > "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; > * In every consumer of the size information, for example, BDOS or array bound > sanitizer, query the size information or ACCESS_MODE information from the new > internal function; > * When expansing to RTL, replace the internal function with the actual > reference to the FAM field; > * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the > impact to the optimizer and code generation. > > > ******The new internal function > > .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, SIZE_OF_SIZE, > ACCESS_MODE, INDEX) > > INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) > > which returns the "REF_TO_OBJ" same as the 1st argument; > > Both the return type and the type of the first argument of this function have > been converted from the incomplete array type to the corresponding pointer > type. > > Please see the following link for why: > https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html > https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html > > 1st argument "REF_TO_OBJ": The reference to the object; > 2nd argument "REF_TO_SIZE": The reference to the size of the object, > 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE > represents > 0: unknown; > 1: the number of the elements of the object type; > 2: the number of bytes; > 4th argument "PRECISION_OF_SIZE": The precision of the integer that > REF_TO_SIZE points; > 5th argument "ACCESS_MODE": > -1: Unknown access semantics > 0: none > 1: read_only > 2: write_only > 3: read_write > 6th argument "INDEX": the INDEX for the original array reference. > -1: Unknown > > NOTE: The 6th Argument is added for bound sanitizer instrumentation. > > ****** The Patch sets included: > > 1. Provide counted_by attribute to flexible array member field; > which includes: > * "counted_by" attribute documentation; > * C FE handling of the new attribute; > syntax checking, error reporting; > * testing cases; > > 2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE. > which includes: > * The definition of the new internal function .ACCESS_WITH_SIZE in > internal-fn.def. > * C FE converts every reference to a FAM with "counted_by" attribute to > a call to the internal function .ACCESS_WITH_SIZE. > (build_component_ref in c_typeck.cc) > This includes the case when the object is statically allocated and > initialized. > In order to make this working, we should update > initializer_constant_valid_p_1 and output_constant in varasm.cc to include > calls to .ACCESS_WITH_SIZE. > > However, for the reference inside "offsetof", ignore the "counted_by" > attribute since it's not useful at all. (c_parser_postfix_expression in > c/c-parser.cc) > > * Convert every call to .ACCESS_WITH_SIZE to its first argument. > (expand_ACCESS_WITH_SIZE in internal-fn.cc) > * adjust alias analysis to exclude the new internal from clobbering > anything. > (ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in > tree-ssa-alias.cc) > * adjust dead code elimination to eliminate the call to > .ACCESS_WITH_SIZE when > it's LHS is eliminated as dead code. > (eliminate_unnecessary_stmts in tree-ssa-dce.cc) > * Provide the utility routines to check the call is .ACCESS_WITH_SIZE and > get the reference from the call to .ACCESS_WITH_SIZE. > (is_access_with_size_p and get_ref_from_access_with_size in tree.cc) > * testing cases. (for offsetof, static initialization, generation of > calls to > .ACCESS_WITH_SIZE, code runs correctly after calls to > .ACCESS_WITH_SIZE are > converted back) > > 3. Use the .ACCESS_WITH_SIZE in builtin object size (sub-object only) > which includes: > * use the size info of the .ACCESS_WITH_SIZE for sub-object. > * testing cases. > > 4 Use the .ACCESS_WITH_SIZE in bound sanitizer > Since the result type of the call to .ACCESS_WITH_SIZE is a pointer to > the element type. The original array_ref is converted to an > indirect_ref, > which introduced two issues for the instrumenation of bound sanitizer: > > A. The index for the original array_ref was mixed into the offset > expression for the new indirect_ref. > > In order to make the instrumentation for the bound sanitizer easier, > one > more argument for the function .ACCESS_WITH_SIZE is added to record > this > original index for the array_ref. then later during bound > instrumentation, > get the index from the additional argument from the call to the > function > .ACCESS_WITH_SIZE. > > B. In the current bound sanitizer, no instrumentation will be inserted > for > an indirect_ref. > > In order to add instrumentation for an indirect_ref with a call to > .ACCESS_WITH_SIZE, we should specially handle the indirect_ref with a > call to .ACCESS_WITH_SIZE, and get the index and bound info from the > arguments of the call. > > which includes: > * Record the index to the 6th argument of the call to .ACCESS_WITH_SIZE. > * Instrument indirect_ref with call to .ACCESS_WITH_SIZE for bound > sanitizer. > * testing cases. (additional testing cases for dynamic array support) > > ******Remaining works: > > 5 Improve __bdos to use the counted_by info in whole-object size for the > structure with FAM. > 6 Emit warnings when the user breaks the requirments for the new counted_by > attribute > compilation time: -Wcounted-by > run time: -fsanitizer=counted-by > * The initialization to the size field should be done before the first > reference to the FAM field. > * the array has at least # of elements specified by the size field all > the time during the program. > > I have bootstrapped and regression tested on both x86 and aarch64, no issue. > > Let me know your comments. > > thanks. > > Qing