On 2025-04-08 12:41, Qing Zhao wrote:
The gimple IR is:
1 int main ()
2 {
3 int D.5072;
4
5 {
6 struct annotated * q;
7
8 q = alloc_buf (10);
9 _1 = __builtin_dynamic_object_size (q, 1);
10 __builtin_printf ("the bdos whole is %d\n", _1);
11 D.5072 = 0;
12 return D.5072;
13 }
14 D.5072 = 0;
15 return D.5072;
16 }
17
18
19 __attribute__((noinline))
20 struct annotated * alloc_buf (int index)
21 {
22 struct annotated * D.5074;
23 struct annotated * p;
24 25 _1 = (long unsigned int) index;
26 _2 = _1 + 9;
27 _3 = MAX_EXPR <_2, 16>;
28 p = malloc (_3);
29 _4 = (long unsigned int) index;
30 p->count = _4;
31 D.5074 = p;
32 return D.5074;
33 }
When we generate the .ACCESS_WITH_SIZE for a pointer reference to “struct
annotated”,
Looks like all the pointer references, at line 8, “q”, at line 9, “q”, at line
28, “p”, need to be changed
to a call to .ACCESS_WITH_SIZE. this might increase the IR size unnecessarily.
Might have some
Impact on the inlining decision heuristics or other heuristic that depend on
the code size.
Do you need a .ACCESS_WITH_SIZE for initialization sites? I was
thinking we ought to need it only for read/dereference sites (which
should be sufficient as a barrier too), so in this case it would only be
for 'q' at line 9.
For a reference to a structure with FAM, such as p, we can generate a call to
.ACCESS_WITH_SIZE whose 3rd argument
is 0 (the number of bytes). And this information can be used in
__builtin_object_size. But not in array bound sanitizer.
Would that be necessary though, given that the array bound sanitizer
only works on arrays and not other kinds of objects?
Thanks,
Sid