On 2025-04-08 12:41, Qing Zhao wrote:
The gimple IR is:1 int main () 2 { 3 int D.5072; 4 5 { 6 struct annotated * q; 7 8 q = alloc_buf (10); 9 _1 = __builtin_dynamic_object_size (q, 1); 10 __builtin_printf ("the bdos whole is %d\n", _1); 11 D.5072 = 0; 12 return D.5072; 13 } 14 D.5072 = 0; 15 return D.5072; 16 } 17 18 19 __attribute__((noinline)) 20 struct annotated * alloc_buf (int index) 21 { 22 struct annotated * D.5074; 23 struct annotated * p; 24 25 _1 = (long unsigned int) index; 26 _2 = _1 + 9; 27 _3 = MAX_EXPR <_2, 16>; 28 p = malloc (_3); 29 _4 = (long unsigned int) index; 30 p->count = _4; 31 D.5074 = p; 32 return D.5074; 33 } When we generate the .ACCESS_WITH_SIZE for a pointer reference to “struct annotated”, Looks like all the pointer references, at line 8, “q”, at line 9, “q”, at line 28, “p”, need to be changed to a call to .ACCESS_WITH_SIZE. this might increase the IR size unnecessarily. Might have some Impact on the inlining decision heuristics or other heuristic that depend on the code size.
Do you need a .ACCESS_WITH_SIZE for initialization sites? I was thinking we ought to need it only for read/dereference sites (which should be sufficient as a barrier too), so in this case it would only be for 'q' at line 9.
For a reference to a structure with FAM, such as p, we can generate a call to .ACCESS_WITH_SIZE whose 3rd argument is 0 (the number of bytes). And this information can be used in __builtin_object_size. But not in array bound sanitizer.
Would that be necessary though, given that the array bound sanitizer only works on arrays and not other kinds of objects?
Thanks, Sid
