Hi, Jakub,
(I am CCing Joseph and Martin for their inputs on how to _selectively_ generate
call to
.ACCESS_WITH_SIZE for x->p depending on its context in C FE).
> On Jul 17, 2025, at 11:40, Jakub Jelinek <ja...@redhat.com> wrote:
>
> So say for
> struct S { int s; int *p __attribute__((counted_by (s))); };
>
> int
> foo (struct S *x, int y)
> {
> return x->p[y];
> }
> I would have expected you emit something like
> _1 = x->p;
> _6 = &x->s;
> _5 = .ACCESS_WITH_SIZE (_1, _6, IS_POINTER, 4);
> _2 = (long unsigned int) y;
> _3 = _2 * 4;
> _4 = _5 + _3;
> D.2965 = *_4;
> and for
> x->p = whatever;
> no .ACCESS_WITH_SIZE.
If we have to pass the VALUE of the pointer to the first argument as the above
shows,
Yes, then we have to _selectively_ emit call to .ACCESS_WITH_SIZE for a given
x->p
depending on its context, otherwise, there will be correctness problem as shown
in my
previous writeup (see below for details).
https://gcc.gnu.org/pipermail/gcc-patches/2025-July/689663.html
For this approach, I have the following questions:
1. How to distinguish whether we should generate .ACCESS_WITH_SIZE or not for
x->p?
x->p = whatever; // NO
x->p[n] = whatever; // YES
whatever = x->p; // YES
return x->p; // YES ?
function (x->p, …) // YES ?
function (&x->p, …). // ??
What else?
What’s the rule? Written to—> NO, READ from —>YES? About Address taken?
2. Where in C FE we can correctly generate .ACCESS_WITH_SIZE for a given x->p
with different
contexts?
Currently, we handle counted_by attribute and generate call to
.ACCESS_WITH_SIZE in the
routine “build_component_ref” in gcc/c/c-typeck.cc <http://c-typeck.cc/>.
it just simply emit call to .ACCESS_WITH_SIZE
for every x->p if a counted_by is attached.
3. If we have to selectively generate call to .ACCESS_WITH_SIZE for x->p
depending on whether it’s stored to
or read by, is this place “build_component_ref” still the right place to
do it?
If not, which other place is the correct phase to selectively generate
call to .ACCESS_WITH_SIZE?
4. Can we do the code generation in c-family/c-gimplify.cc
<http://c-gimplify.cc/>? i.e tree lowering pass.
bound sanitizer instrumentation is done here, maybe we can add one pass to
scan all the COMPONENT_REF,
Check whether it’s written to or ready here? Then decide whether to replace
this COMPONENT_REF to a call
to .ACCESS_WITH_SIZE?
We need to do this before the bound sanitizer instrumentation since the
ACCESS_WITH_SIZE info is needed
by bound sanitizer.
Any comments or suggestions?
thanks.
Qing
>
> Jakub
>
