On 2025-07-23 10:00, Qing Zhao wrote:
I can't see how this could happen, do you have an example test case?
The example used in my previous writeup show this:
https://gcc.gnu.org/pipermail/gcc-patches/2025-July/689663.html
f->p = malloc (size);
***** With the approach B: the IL for the above is:
tmp1 = f->p;
tmp2 = &f->n;
tmp3 = .ACCESS_WITH_SIZE (tmp1, tmp2, ...);
tmp4 = malloc (size);
tmp3 = tmp4;
the above IL will be expanded to the following when .ACCESS_WITH_SIZE is
expanded
to its first argument:
tmp1 = f->p;
tmp2 = &f->n;
tmp3 = tmp1;
tmp4 = malloc (size);
tmp3 = tmp4;
the final optimized IL will be:
tmp3 = f->p;
tmp3 = malloc (size);
From the above final IL, you can clearly see the undefined behavior introduced by
tmp1 = f->p to the program.
Is that from v8 of the patch, where .ACCESS_WITH_SIZE is emitted at
definition of f->p? I think that needs to move back to the original
idea, i.e. emit at object reference, not definition. It's wrong, not
just for the above reason of potentially undefined behaviour, but also
because it defeats the point of the .ACCESS_WITH_SIZE call. The intent
of the call is to bind the reference of f->p with f->n so that the
reference of f->p does not get reordered w.r.t definition of f->n. For
example if you have:
f->p = malloc (sz);
f->n = sz;
__builtin_dynamic_object_size (f->p, 0);
putting the .ACCESS_WITH_SIZE directly above, i.e.:
f->p = malloc (sz);
f->n = sz;
.ACCESS_WITH_SIZE (f->p, &f->n, ...);
__builtin_dynamic_object_size (f->p, 0);
ensures that f->n does not get reordered below the
__builtin_dynamic_object_size call. If you emit .ACCESS_WITH_SIZE at
the definition point you'd have:
f->p = malloc (sz);
.ACCESS_WITH_SIZE (f->p, &f->n, ...);
f->n = sz;
__builtin_dynamic_object_size (f->p, 0);
or worse (AFAICT from the IL you shared above):
f->p = malloc (sz);
.ACCESS_WITH_SIZE (f->p, &f->n, ...);
f->n = sz;
__builtin_dynamic_object_size (f->p, 0);
because of which the compiler is then free to reorder the f->n
definition below the __builtin_dynamic_object_size call.
Thanks,
Sid
