Re: [V2][PATCH] gcc-14/changes.html: Deprecate a GCC C extension on flexible array members.
> On May 7, 2024, at 17:52, Kees Cook wrote:
>
> On Tue, May 07, 2024 at 06:34:19PM +0000, Qing Zhao wrote:
>> On May 7, 2024, at 13:57, Sebastian Huber
>> wrote:
>>> On 07.05.24 16:26, Qing Zhao wrote:
>>>> Hi, Sebastian,
>>>> Thanks for your explanation.
>>>> Our goal is to deprecate the GCC extension on structure
>>>> containing a flexible array member not at the end of another
>>>> structure. In order to achieve this goal, we provided the warning option
>>>> -Wflex-array-member-not-at-end for the users to locate all such
>>>> cases in their source code and update the source code to eliminate
>>>> such cases.
>>>
>>> What is the benefit of deprecating this GCC extension? If GCC
>>> extensions are removed, then it would be nice to enable the associated
>>> warnings by default.
>
> The goal of all of the recent array bounds and flexible array work is to
> make sizing information unambiguous (e.g. via __builtin_object_size(),
> __builtin_dynamic_object_size(), and the array-bounds sanitizer). For
> the compiler to be able to deterministically report size information
> on arrays, we needed to deprecate this case even though it had been
> supported in the past. (Though we also _added_ extensions to support
> for other things, like flexible arrays in unions, and the coming
> __counted_by attribute.)
>
> For example:
>
> struct flex { int length; char data[]; };
> struct mid_flex { int m; struct flex flex_data; int n; int o; };
>
> #define SZ(p) __builtin_dynamic_object_size(p, 1)
>
> void foo(struct flex *f, struct mid_flex *m)
> {
> printf("%zu\n", SZ(f));
> printf("%zu\n", SZ(m->flex_data));
> }
>
> int main(void)
> {
>struct mid_flex m = { .flex_data.length = 8 };
> foo(>flex_data, );
> return 0;
> }
>
> This is printing the size of the same object. But the desired results
> are ambiguous. Does m->flex_data have an unknown size (i.e. SIZE_MAX)
> because it's a flex array, or does it contain 8 bytes, since it overlaps
> with the other structure's trailing 2 ints?
>
> The answer from GCC 13 was neither:
>
> 18446744073709551615
> 4
>
> It considered flex_data to be only the size of it's non-flex-array
> members, but only when there was semantic context that it was part of
> another structure. (Yet more ambiguity.)
>
> In GCC 14, this is "resolved" to be unknown since it is a flex array
> which has no sizing info, and context doesn't matter:
>
> 18446744073709551615
> 18446744073709551615
>
> But this paves the way for the coming 'counted_by' attribute which will
> allow for struct flex above to be defined as:
>
> struct flex { int length; char data[] __attribute__((counted_by(length))); };
>
> At which point GCC can deterministically report the object size.
>
> Hopefully I've captured this all correctly -- Qing can correct me. :)
>
>>>
>>>> We had a long discussion before deciding to deprecating this GCC
>>>> extension. Please see details here:
>>>>
>>>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832
>>>>
>>>> Yes, we do plan to enable this warning by default before final
>>>> deprecation. (Might consider to enable this warning by default in
>>>> GCC15… and then deprecate it in the next release)
>>>>
>>>> Right now, there is an ongoing work in Linux kernel to get rid of
>>>> all such cases. Kees might have more information on this.
>>>>
>>>>
>>>> The static initialization of structures with flexible array members
>>>> will still work as long as the flexible array members are at the end of
>>>> the structures.
>>>
>>> Removing the support for flexible array members in the middle of
>>> compounds will make the static initialization practically infeasible.
>>
>> If the flexible array member is moved to the end of the compounds,
>> the static initialization still work. What’s the issue here?
>>
>>>> My question: is it possible to update your source code to move
>>>> the structure with flexible array member to the end of the containing
>>>> structure?
>>>>
>>>> i.e, in your example, in the struct Thread_Configured_control,
>>>> move the field “Thread_Control Control” to the end of the structure?
>>>
>>> If we move the Thread_Control to the end, how would I add a
>>> configuration defined number of elements at the end?
>>
>> Don’t
Re: [V2][PATCH] gcc-14/changes.html: Deprecate a GCC C extension on flexible array members.
(Resend since my previous email in HTML and inline quoting wasn’t work, I changed the mail setting, hopefully this time it’s good). Sorry for the inconvenience. > On May 7, 2024, at 13:57, Sebastian Huber > wrote: > > On 07.05.24 16:26, Qing Zhao wrote: >> Hi, Sebastian, >> Thanks for your explanation. >> Our goal is to deprecate the GCC extension on structure containing a >> flexible array member not at the end of another structure. In order to >> achieve this goal, we provided the warning option >> -Wflex-array-member-not-at-end for the users to >> locate all such cases in their source code and update the source code to >> eliminate such cases. > > What is the benefit of deprecating this GCC extension? If GCC extensions are > removed, then it would be nice to enable the associated warnings by default. We had a long discussion before deciding to deprecating this GCC extension. Please see details here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832 Yes, we do plan to enable this warning by default before final deprecation. (Might consider to enable this warning by default in GCC15… and then deprecate it in the next release) Right now, there is an ongoing work in Linux kernel to get rid of all such cases. Kees might have more information on this. > >> The static initialization of structures with flexible array members will >> still work as long as the flexible array members are at >> the end of the structures. > > Removing the support for flexible array members in the middle of compounds > will make the static initialization practically infeasible. If the flexible array member is moved to the end of the compounds, the static initialization still work. What’s the issue here? > >> My question: is it possible to update your source code to move the structure >> with flexible array member to the end of the >> containing structure? >> i.e, in your example, in the struct Thread_Configured_control, move the >> field “Thread_Control Control” to the end of the structure? > > If we move the Thread_Control to the end, how would I add a configuration > defined number of elements at the end? Don’t understand this, why moving the Thread_Control Control” to the end of the containing structure will make this a problem? Could you please explain this with a simplified example? Thanks. Qing > > -- > embedded brains GmbH & Co. KG > Herr Sebastian HUBER > Dornierstr. 4 > 82178 Puchheim > Germany > email: sebastian.hu...@embedded-brains.de > phone: +49-89-18 94 741 - 16 > fax: +49-89-18 94 741 - 08 > > Registergericht: Amtsgericht München > Registernummer: HRB 157899 > Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler > Unsere Datenschutzerklärung finden Sie hier: > https://embedded-brains.de/datenschutzerklaerung/
Re: [V2][PATCH] gcc-14/changes.html: Deprecate a GCC C extension on flexible array members.
On May 7, 2024, at 13:57, Sebastian Huber wrote: On 07.05.24 16:26, Qing Zhao wrote: Hi, Sebastian, Thanks for your explanation. Our goal is to deprecate the GCC extension on structure containing a flexible array member not at the end of another structure. In order to achieve this goal, we provided the warning option -Wflex-array-member-not-at-end for the users to locate all such cases in their source code and update the source code to eliminate such cases. What is the benefit of deprecating this GCC extension? If GCC extensions are removed, then it would be nice to enable the associated warnings by default. We had a long discussion before deciding to deprecating this GCC extension. Please see details here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832 Yes, we do plan to enable this warning by default before final deprecation. (Might consider to enable this warning by default in GCC15… and then deprecate it in the next release) Right now, there is an ongoing work in Linux kernel to get rid of all such cases. Kees might have more information on this. The static initialization of structures with flexible array members will still work as long as the flexible array members are at the end of the structures. Removing the support for flexible array members in the middle of compounds will make the static initialization practically infeasible. If the flexible array member is moved to the end of the compounds, the static initialization still work. What’s the issue here? My question: is it possible to update your source code to move the structure with flexible array member to the end of the containing structure? i.e, in your example, in the struct Thread_Configured_control, move the field “Thread_Control Control” to the end of the structure? If we move the Thread_Control to the end, how would I add a configuration defined number of elements at the end? Don’t understand this, why moving the Thread_Control Control” to the end of the containing structure will make this a problem? Could you please explain this with a simplified example? Thanks. Qing -- embedded brains GmbH & Co. KG Herr Sebastian HUBER Dornierstr. 4 82178 Puchheim Germany email: sebastian.hu...@embedded-brains.de phone: +49-89-18 94 741 - 16 fax: +49-89-18 94 741 - 08 Registergericht: Amtsgericht München Registernummer: HRB 157899 Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler Unsere Datenschutzerklärung finden Sie hier: https://embedded-brains.de/datenschutzerklaerung/
Re: [V2][PATCH] gcc-14/changes.html: Deprecate a GCC C extension on flexible array members.
Hi, Sebastian,
Thanks for your explanation.
Our goal is to deprecate the GCC extension on structure containing a flexible
array member not at the end of another structure. In order to achieve this
goal, we provided the warning option -Wflex-array-member-not-at-end for the
users to
locate all such cases in their source code and update the source code to
eliminate such cases.
The static initialization of structures with flexible array members will still
work as long as the flexible array members are at
the end of the structures.
My question: is it possible to update your source code to move the structure
with flexible array member to the end of the
containing structure?
i.e, in your example, in the struct Thread_Configured_control, move the field
“Thread_Control Control” to the end of the structure?
Thanks
Qing
> On May 7, 2024, at 09:15, Sebastian Huber
> wrote:
>
> On 06.05.24 16:20, Qing Zhao wrote:
>> Hi, Sebastian,
>> Looks like that the behavior you described is correct.
>> What’s your major concern? ( a little confused).
>
> I am concerned that the static initialization of structures with flexible
> array members no longer works. In the RTEMS open source real-time operating
> system, we use flexible array members in some parts. One example is the
> thread control block which is used to manage a thread:
>
> struct _Thread_Control {
> /** This field is the object management structure for each thread. */
> Objects_Control Object;
>
> [...]
>
> /**
> * @brief Variable length array of user extension pointers.
> *
> * The length is defined by the application via .
> */
> void *extensions[];
> };
>
> In a static configuration of the operating system we have something like this:
>
> struct Thread_Configured_control {
> /*
> * This was added to address the following warning.
> * warning: invalid use of structure with flexible array member
> */
> #pragma GCC diagnostic push
> #pragma GCC diagnostic ignored "-Wpedantic"
> Thread_Control Control;
> #pragma GCC diagnostic pop
>
> #if CONFIGURE_MAXIMUM_USER_EXTENSIONS > 0
>void *extensions[ CONFIGURE_MAXIMUM_USER_EXTENSIONS + 1 ];
> #endif
> Configuration_Scheduler_node Scheduler_nodes[ _CONFIGURE_SCHEDULER_COUNT ];
> RTEMS_API_Control API_RTEMS;
> #ifdef RTEMS_POSIX_API
>POSIX_API_Control API_POSIX;
> #endif
> #if CONFIGURE_MAXIMUM_THREAD_NAME_SIZE > 1
>char name[ CONFIGURE_MAXIMUM_THREAD_NAME_SIZE ];
> #endif
> #if defined(_CONFIGURE_ENABLE_NEWLIB_REENTRANCY) && \
>!defined(_REENT_THREAD_LOCAL)
>struct _reent Newlib;
> #endif
> };
>
> This is used to define a table of thread control blocks:
>
> Thread_Configured_control \
> name##_Objects[ _Objects_Maximum_per_allocation( max ) ]; \
> static RTEMS_SECTION( ".noinit.rtems.content.objects." #name ) \
>
> I would like no know which consequences the deprecation this GCC extension
> has.
>
> --
> embedded brains GmbH & Co. KG
> Herr Sebastian HUBER
> Dornierstr. 4
> 82178 Puchheim
> Germany
> email: sebastian.hu...@embedded-brains.de
> phone: +49-89-18 94 741 - 16
> fax: +49-89-18 94 741 - 08
>
> Registergericht: Amtsgericht München
> Registernummer: HRB 157899
> Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
> Unsere Datenschutzerklärung finden Sie hier:
> https://embedded-brains.de/datenschutzerklaerung/
Re: Ping * 2 [PATCH v9 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
On May 7, 2024, at 10:02, Qing Zhao wrote: 2nd Ping for the middle-end change approval. -:) **Approval status: All C FE changes have been approved. **Review status: All Middle-end changes have been reviewed by Sid, no remaining issue. Okay for GCC15? For convenience, the following is the links to the 9th version: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649389.html https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649390.html https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649391.html https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649392.html https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649394.html https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649393.html One more note, CLANG has supported this attribute since last year. Qing thanks. Qing Begin forwarded message: From: Qing Zhao Subject: Re: [PATCH v9 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896) Date: April 23, 2024 at 15:56:26 EDT To: Richard Biener , Siddhesh Poyarekar Cc: Joseph Myers , "gcc-patches@gcc.gnu.org" , "isanb...@gmail.com" , Kees Cook , "uec...@tugraz.at" Ping for the middle-end change approval. And an update on the status of the patch set: **Approval status: All C FE changes have been approved. **Review status: All Middle-end changes have been reviewed by Sid, no remaining issue. Okay for GCC15? thanks. Qing On Apr 12, 2024, at 09:54, Qing Zhao wrote: Hi, This is the 9th version of the patch. Compare with the 8th version, the difference are: updates per Joseph's comments: 1. in C FE, add checking for counted_by attribute for the new multiple definitions of the same tag for C23 in the routine "tagged_types_tu_compatible_p". Add a new testing case flex-array-counted-by-8.c for this. This is for Patch 1; 2. two minor typo fixes in c-typeck.cc. This is for Patch 2; Approval status: Patch 2's C FE change has been approved with minor typo fixes (the above 2); Patch 4 has been approved; Patch 5's C FE change has been approved; Review status: Patch 3, Patch 2 and Patch 5's Middle-end change have been review by Sid, No issue. More review needed: Patch 1's new change to C FE (the above 1); Patch 2, 3 and 5's middle-end change need to be approved The 8th version is here: https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648559.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648560.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648561.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648562.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648563.html It based on the following original proposal: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html Represent the missing dependence for the "counted_by" attribute and its consumers **The summary of the proposal is: * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size information for every reference to a FAM field; * In C FE, Replace every reference to a FAM field whose TYPE has the "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; * In every consumer of the size information, for example, BDOS or array bound sanitizer, query the size information or ACCESS_MODE information from the new internal function; * When expansing to RTL, replace the internal function with the actual reference to the FAM field; * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the impact to the optimizer and code generation. **The new internal function .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE, ACCESS_MODE, TYPE_OF_REF) INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) which returns the "REF_TO_OBJ" same as the 1st argument; Both the return type and the type of the first argument of this function have been converted from the incomplete array type to the corresponding pointer type. The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is the original imcomplete array type. Please see the following link for why: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html 1st argument "REF_TO_OBJ": The reference to the object; 2nd argument "REF_TO_SIZE": The reference to the size of the object, 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE represents 0: the number of bytes; 1: the number of the elements of the object type; 4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object refed by REF_TO_SIZE 5th argument "ACCESS_MODE": -1: Unknown access semantics 0: none 1: read_only 2: write_only 3: read_write 6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to to the original flexible array type. ** T
Ping * 2 [PATCH v9 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
2nd Ping for the middle-end change approval. -:) **Approval status: All C FE changes have been approved. **Review status: All Middle-end changes have been reviewed by Sid, no remaining issue. Okay for GCC15? thanks. Qing Begin forwarded message: From: Qing Zhao Subject: Re: [PATCH v9 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896) Date: April 23, 2024 at 15:56:26 EDT To: Richard Biener , Siddhesh Poyarekar Cc: Joseph Myers , "gcc-patches@gcc.gnu.org" , "isanb...@gmail.com" , Kees Cook , "uec...@tugraz.at" Ping for the middle-end change approval. And an update on the status of the patch set: **Approval status: All C FE changes have been approved. **Review status: All Middle-end changes have been reviewed by Sid, no remaining issue. Okay for GCC15? thanks. Qing On Apr 12, 2024, at 09:54, Qing Zhao wrote: Hi, This is the 9th version of the patch. Compare with the 8th version, the difference are: updates per Joseph's comments: 1. in C FE, add checking for counted_by attribute for the new multiple definitions of the same tag for C23 in the routine "tagged_types_tu_compatible_p". Add a new testing case flex-array-counted-by-8.c for this. This is for Patch 1; 2. two minor typo fixes in c-typeck.cc. This is for Patch 2; Approval status: Patch 2's C FE change has been approved with minor typo fixes (the above 2); Patch 4 has been approved; Patch 5's C FE change has been approved; Review status: Patch 3, Patch 2 and Patch 5's Middle-end change have been review by Sid, No issue. More review needed: Patch 1's new change to C FE (the above 1); Patch 2, 3 and 5's middle-end change need to be approved The 8th version is here: https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648559.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648560.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648561.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648562.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648563.html It based on the following original proposal: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html Represent the missing dependence for the "counted_by" attribute and its consumers **The summary of the proposal is: * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size information for every reference to a FAM field; * In C FE, Replace every reference to a FAM field whose TYPE has the "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; * In every consumer of the size information, for example, BDOS or array bound sanitizer, query the size information or ACCESS_MODE information from the new internal function; * When expansing to RTL, replace the internal function with the actual reference to the FAM field; * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the impact to the optimizer and code generation. **The new internal function .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE, ACCESS_MODE, TYPE_OF_REF) INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) which returns the "REF_TO_OBJ" same as the 1st argument; Both the return type and the type of the first argument of this function have been converted from the incomplete array type to the corresponding pointer type. The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is the original imcomplete array type. Please see the following link for why: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html 1st argument "REF_TO_OBJ": The reference to the object; 2nd argument "REF_TO_SIZE": The reference to the size of the object, 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE represents 0: the number of bytes; 1: the number of the elements of the object type; 4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object refed by REF_TO_SIZE 5th argument "ACCESS_MODE": -1: Unknown access semantics 0: none 1: read_only 2: write_only 3: read_write 6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to to the original flexible array type. ** The Patch sets included: 1. Provide counted_by attribute to flexible array member field; which includes: * "counted_by" attribute documentation; * C FE handling of the new attribute; syntax checking, error reporting; * testing cases; 2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE. which includes: * The definition of the new internal function .ACCESS_WITH_SIZE in internal-fn.def. * C FE converts every reference to a FAM with "counted_by" attribute to a call to the internal function .ACCESS_WITH
Re: [V2][PATCH] gcc-14/changes.html: Deprecate a GCC C extension on flexible array members.
Hi, Sebastian,
Looks like that the behavior you described is correct.
What’s your major concern? ( a little confused).
Qing
On May 6, 2024, at 09:29, Sebastian Huber
wrote:
On 06.05.24 09:08, Richard Biener wrote:
On Sat, 4 May 2024, Sebastian Huber wrote:
On 07.08.23 16:22, Qing Zhao via Gcc-patches wrote:
Hi,
This is the 2nd version of the patch.
Comparing to the 1st version, the only change is to address Richard's
comment on refering a warning option for diagnosing deprecated behavior.
Okay for committing?
thanks.
Qing
==
*htdocs/gcc-14/changes.html (Caveats): Add notice about deprecating a C
extension about flexible array members.
---
htdocs/gcc-14/changes.html | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/htdocs/gcc-14/changes.html b/htdocs/gcc-14/changes.html
index dad1ba53..eae25f1a 100644
--- a/htdocs/gcc-14/changes.html
+++ b/htdocs/gcc-14/changes.html
@@ -30,7 +30,18 @@ a work-in-progress.
Caveats
- ...
+ C:
+ Support for the GCC extension, a structure containing a C99 flexible
array
+ member, or a union containing such a structure, is not the last field
of
+ another structure, is deprecated. Refer to
+ https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html;>
+ Zero Length Arrays.
+ Any code relying on this extension should be modifed to ensure that
+ C99 flexible array members only end up at the ends of structures.
+ Please use the warning option
+ https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wflex-array-member-not-at-end;>-Wflex-array-member-not-at-end
to
+ identify all such cases in the source code and modify them.
+
I have a question with respect to the static initialization of flexible array
members. According to the documentation this is supported by GCC:
https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
"GCC allows static initialization of flexible array members. This is
equivalent to defining a new structure containing the original structure
followed by an array of sufficient size to contain the data. E.g. in the
following, f1 is constructed as if it were declared like f2.
struct f1 {
int x; int y[];
} f1 = { 1, { 2, 3, 4 } };
struct f2 {
struct f1 f1; int data[3];
} f2 = { { 1 }, { 2, 3, 4 } };
"
However, when I compile this code, I get a warning like this:
flex-array.c:6:13: warning: structure containing a flexible array member is
not at the end of another structure [-Wflex-array-member-not-at-end]
6 | struct f1 f1; int data[3];
|
In general, I agree that flexible array members should be at the end, however
the support for static initialization is quite important from my point of view
especially for applications for embedded systems. Here, dynamic allocations
may not be allowed or feasible.
I do not get a diagnostic for this on trunk? And I agree there shouldn't
be any.
It seems that this warning is not enabled by -Wall and -Wextra. I tried this:
gcc -Wflex-array-member-not-at-end -S -o - flex-array.c
.file "flex-array.c"
flex-array.c:6:13: warning: structure containing a flexible array member is not
at the end of another structure [-Wflex-array-member-not-at-end]
6 | struct f1 f1; int data[3];
| ^~
.text
.globl f1
.data
.align 4
.type f1, @object
.size f1, 16
f1:
.long 1
.long 2
.long 3
.long 4
.globl f2
.align 16
.type f2, @object
.size f2, 16
f2:
.long 1
.long 2
.long 3
.long 4
.ident "GCC: (GNU) 15.0.0 20240506 (experimental) [master ec1cdad89af]"
.section.note.GNU-stack,"",@progbits
--
embedded brains GmbH & Co. KG
Herr Sebastian HUBER
Dornierstr. 4
82178 Puchheim
Germany
email:
sebastian.hu...@embedded-brains.de<mailto:sebastian.hu...@embedded-brains.de>
phone: +49-89-18 94 741 - 16
fax: +49-89-18 94 741 - 08
Registergericht: Amtsgericht München
Registernummer: HRB 157899
Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
Unsere Datenschutzerklärung finden Sie hier:
https://embedded-brains.de/datenschutzerklaerung/
[PATCH v5 4/4] Update the C/C++ FEs routine
"add_flexible_array_elts_to_size" C++ FE routine "layout_var_decl" to handle
the cases when the DECL is union.
Add testing cases to test the _bos for flexible array members in unions
or alone in structures.
gcc/c/ChangeLog:
* c-decl.cc (add_flexible_array_elts_to_size): Handle the cases
when the DECL is union.
gcc/cp/ChangeLog:
* decl.cc (layout_var_decl): Handle the cases when the DECL is
union with a flexible array member initializer.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-bos-1.c: New test.
* c-c++-common/fam-in-union-alone-in-struct-bos.c: New test.
---
gcc/c/c-decl.cc | 29 ++--
gcc/cp/decl.cc| 32 +++--
.../fam-in-union-alone-in-struct-bos-1.c | 66 +++
.../fam-in-union-alone-in-struct-bos.c| 45 +
4 files changed, 159 insertions(+), 13 deletions(-)
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos.c
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 947f3cd589eb..5d571621d915 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -5337,8 +5337,9 @@ zero_length_array_type_p (const_tree type)
}
/* INIT is a constructor that forms DECL's initializer. If the final
- element initializes a flexible array field, add the size of that
- initializer to DECL's size. */
+ element initializes a flexible array field, adjust the size of the
+ DECL with the initializer based on whether the DECL is a union or
+ a structure. */
static void
add_flexible_array_elts_to_size (tree decl, tree init)
@@ -5353,10 +5354,26 @@ add_flexible_array_elts_to_size (tree decl, tree init)
if (flexible_array_member_type_p (type))
{
complete_array_type (, elt, false);
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl), TYPE_SIZE_UNIT (type));
+ /* For a structure, add the size of the initializer to the DECL's
+size. */
+ if (TREE_CODE (TREE_TYPE (decl)) == RECORD_TYPE)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
}
}
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index 9a91c6f80da1..78e21b05296c 100644
--- a/gcc/cp/decl.cc
+++ b/gcc/cp/decl.cc
@@ -6555,8 +6555,9 @@ layout_var_decl (tree decl)
}
}
- /* If the final element initializes a flexible array field, add the size of
- that initializer to DECL's size. */
+ /* If the final element initializes a flexible array field, adjust
+ the size of the DECL with the initializer based on whether the
+ DECL is a union or a structure. */
if (type != error_mark_node
&& DECL_INITIAL (decl)
&& TREE_CODE (DECL_INITIAL (decl)) == CONSTRUCTOR
@@ -6577,11 +6578,28 @@ layout_var_decl (tree decl)
&& TREE_CODE (vtype) == ARRAY_TYPE
&& COMPLETE_TYPE_P (vtype))
{
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (vtype));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
- TYPE_SIZE_UNIT (vtype));
+ /* For a structure, add the size of the initializer to the DECL's
+size. */
+ if (TREE_CODE (TREE_TYPE (decl)) == RECORD_TYPE)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+
[PATCH v5 3/4] Add testing cases for flexible array members in unions and alone in structures.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-1.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-2.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-3.c: New testcase.
---
.../fam-in-union-alone-in-struct-1.c | 52 +++
.../fam-in-union-alone-in-struct-2.c | 51 ++
.../fam-in-union-alone-in-struct-3.c | 36 +
3 files changed, 139 insertions(+)
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
new file mode 100644
index ..7d4721aa95ac
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
@@ -0,0 +1,52 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do run} */
+/* { dg-options "-Wpedantic" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+struct only_fam {
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+int main ()
+{
+ if (sizeof (union with_fam_1) != sizeof (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_2) != __alignof__ (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_3) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam_2) != sizeof (int))
+__builtin_abort ();
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
new file mode 100644
index ..3743f9e7dac5
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
@@ -0,0 +1,51 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures: initialization */
+/* { dg-do run} */
+/* { dg-options "-O2" } */
+
+union with_fam_1 {
+ int a;
+ int b[];
+} with_fam_1_v = {.b = {1, 2, 3, 4}};
+
+union with_fam_2 {
+ int a;
+ char b[];
+} with_fam_2_v = {.a = 0x1f2f3f4f};
+
+union with_fam_3 {
+ char a[];
+ int b[];
+} with_fam_3_v = {.b = {0x1f2f3f4f, 0x5f6f7f7f}};
+
+struct only_fam {
+ int b[];
+} only_fam_v = {{7, 11}};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+} only_fam_2_v = {{7, 11}};
+
+int main ()
+{
+ if (with_fam_1_v.b[3] != 4
+ || with_fam_1_v.b[0] != 1)
+__builtin_abort ();
+ if (with_fam_2_v.b[3] != 0x1f
+ || with_fam_2_v.b[0] != 0x4f)
+__builtin_abort ();
+ if (with_fam_3_v.a[0] != 0x4f
+ || with_fam_3_v.a[7] != 0x5f)
+__builtin_abort ();
+ if (only_fam_v.b[0] != 7
+ || only_fam_v.b[1] != 11)
+__builtin_abort ();
+ if (only_fam_2_v.b[0] != 7
+ || only_fam_2_v.b[1] != 11)
+__builtin_abort ();
+
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
new file mode 100644
index ..dd36fa01306d
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
@@ -0,0 +1,36 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do compile } */
+/* { dg-options "-pedantic-errors" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+ /* { dg-error "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
[PATCH v5 2/4] C and C++ FE changes
to support flexible array members
in unions and alone in structures. Adjust testcases for flexible array member
in union and alone in structure extension.
gcc/c/ChangeLog:
* c-decl.cc (finish_struct): Change errors to pedwarns for the cases
flexible array members in union or alone in structures.
gcc/cp/ChangeLog:
* class.cc (diagnose_flexarrays): Change error to pdewarn for the case
flexible array members alone in structures.
* decl.cc (grokdeclarator): Change error to pdewarn for the case
flexible array members in unions.
gcc/ChangeLog:
* stor-layout.cc (place_union_field): Use zero sizes for flexible array
member fields.
gcc/testsuite/ChangeLog:
* c-c++-common/builtin-clear-padding-3.c: Adjust testcase.
* g++.dg/ext/flexary12.C: Likewise.
* g++.dg/ext/flexary19.C: Likewise.
* g++.dg/ext/flexary2.C: Likewise.
* g++.dg/ext/flexary3.C: Likewise.
* g++.dg/ext/flexary36.C: Likewise.
* g++.dg/ext/flexary4.C: Likewise.
* g++.dg/ext/flexary5.C: Likewise.
* g++.dg/ext/flexary8.C: Likewise.
* g++.dg/torture/pr64280.C: Likewise.
* gcc.dg/20050620-1.c: Likewise.
* gcc.dg/940510-1.c: Likewise.
---
gcc/c/c-decl.cc | 16 ++
gcc/cp/class.cc | 11 ++--
gcc/cp/decl.cc| 7 ++-
gcc/stor-layout.cc| 9 +++-
.../c-c++-common/builtin-clear-padding-3.c| 10 ++--
gcc/testsuite/g++.dg/ext/flexary12.C | 6 +--
gcc/testsuite/g++.dg/ext/flexary19.C | 42 +++
gcc/testsuite/g++.dg/ext/flexary2.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary3.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary36.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary4.C | 54 +--
gcc/testsuite/g++.dg/ext/flexary5.C | 4 +-
gcc/testsuite/g++.dg/ext/flexary8.C | 8 +--
gcc/testsuite/g++.dg/torture/pr64280.C| 2 +-
gcc/testsuite/gcc.dg/20050620-1.c | 2 +-
gcc/testsuite/gcc.dg/940510-1.c | 4 +-
16 files changed, 91 insertions(+), 90 deletions(-)
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 345090dae38b..947f3cd589eb 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -9471,11 +9471,8 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
if (flexible_array_member_type_p (TREE_TYPE (x)))
{
if (TREE_CODE (t) == UNION_TYPE)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in union");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in union is a GCC extension");
else if (!is_last_field)
{
error_at (DECL_SOURCE_LOCATION (x),
@@ -9483,12 +9480,9 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
TREE_TYPE (x) = error_mark_node;
}
else if (!saw_named_field)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in a struct with no named "
- "members");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in a struct with no named "
+"members is a GCC extension");
}
if (pedantic && TREE_CODE (t) == RECORD_TYPE
diff --git a/gcc/cp/class.cc b/gcc/cp/class.cc
index 5f258729940b..0c8afb72550f 100644
--- a/gcc/cp/class.cc
+++ b/gcc/cp/class.cc
@@ -7624,6 +7624,7 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
bool diagd = false;
const char *msg = 0;
+ const char *msg_fam = 0;
if (TYPE_DOMAIN (TREE_TYPE (fmem->array)))
{
@@ -7649,15 +7650,19 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
if (fmem->after[0])
msg = G_("flexible array member %qD not at end of %q#T");
else if (!fmem->first)
- msg = G_("flexible array member %qD in an otherwise empty %q#T");
+ msg_fam = G_("flexible array member %qD in an otherwise"
+" empty %q#T is a GCC extension");
- if (msg)
+ if (msg || msg_fam)
{
location_t loc = DECL_SOURCE_LOCATION (fmem->array);
diagd = true;
auto_diagnostic_group d;
- error_at (loc, msg, fmem->array, t);
+ if (msg)
+ error_at (loc, msg, fmem->array, t);
+ else
+ pedwarn (loc, OPT_Wpedantic, msg_fam, fmem->array, t);
/* In the unlikely event that the member following the flexible
array member is declared in a different class, or the member
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index
[PATCH v5 1/4] Allow flexible array members in unions and alone in structures [PR53548]
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in a union or alone
in a structure for a long time. (though I didn't see any official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..94a77d7ef39c 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If every member of a union is a flexible array member, the size of
+such a union is zero.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such a structure is zero.
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
--
2.31.1
[PATCH v5 0/4]Allow flexible array members in unions and alone in structures [PR53548]
Hi, This is the 5th version for Allow flexible array members in unions and alone in structures [PR53548] (for your reference, the 1st version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649737.html The 2nd version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/650019.html The 3rd version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/650255.html The 4th version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-May/650341.html) compared to the 4th version, the only change is (in patch 4): Add one blank line between the comment and the definition of the function "add_flexible_array_elts_to_size". Per Jason's comment. The patch series is approved with this change. I will commit this patch series to GCC15 when it's open. thanks. Qing
Re: [PATCH v4 4/4] Update the C/C++ FE routines
On May 1, 2024, at 09:35, Jason Merrill wrote:
On 5/1/24 08:19, Qing Zhao wrote:
"add_flexible_array_elts_to_size" and "layout_var_decl" to handle
the cases when the DECL is union.
Add testing cases to test the _bos for flexible array members in unions
or alone in structures.
gcc/c/ChangeLog:
* c-decl.cc (add_flexible_array_elts_to_size): Handle the cases
when the DECL is union.
gcc/cp/ChangeLog:
* decl.cc (layout_var_decl): Handle the cases when the DECL is
union with a flexible array member initializer.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-bos-1.c: New test.
* c-c++-common/fam-in-union-alone-in-struct-bos.c: New test.
---
gcc/c/c-decl.cc | 30 +++--
gcc/cp/decl.cc| 32 +++--
.../fam-in-union-alone-in-struct-bos-1.c | 66 +++
.../fam-in-union-alone-in-struct-bos.c| 45 +
4 files changed, 159 insertions(+), 14 deletions(-)
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos.c
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 947f3cd589eb..9ba92690daf5 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -5337,9 +5337,9 @@ zero_length_array_type_p (const_tree type)
}
/* INIT is a constructor that forms DECL's initializer. If the final
- element initializes a flexible array field, add the size of that
- initializer to DECL's size. */
-
Please keep the blank line between the comment and the function.
Okay, will change that.
Please post the adjusted patch, but no need to wait for approval again, the
patch series is OK.
Thanks. Will post the adjusted patch.
Qing
+ element initializes a flexible array field, adjust the size of the
+ DECL with the initializer based on whether the DECL is a union or
+ a structure. */
static void
add_flexible_array_elts_to_size (tree decl, tree init)
{
@@ -5353,10 +5353,26 @@ add_flexible_array_elts_to_size (tree decl, tree init)
if (flexible_array_member_type_p (type))
{
complete_array_type (, elt, false);
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl), TYPE_SIZE_UNIT (type));
+ /* For a structure, add the size of the initializer to the DECL's
+ size. */
+ if (TREE_CODE (TREE_TYPE (decl)) == RECORD_TYPE)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+ and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
}
}
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index 9a91c6f80da1..78e21b05296c 100644
--- a/gcc/cp/decl.cc
+++ b/gcc/cp/decl.cc
@@ -6555,8 +6555,9 @@ layout_var_decl (tree decl)
}
}
- /* If the final element initializes a flexible array field, add the size of
- that initializer to DECL's size. */
+ /* If the final element initializes a flexible array field, adjust
+ the size of the DECL with the initializer based on whether the
+ DECL is a union or a structure. */
if (type != error_mark_node
&& DECL_INITIAL (decl)
&& TREE_CODE (DECL_INITIAL (decl)) == CONSTRUCTOR
@@ -6577,11 +6578,28 @@ layout_var_decl (tree decl)
&& TREE_CODE (vtype) == ARRAY_TYPE
&& COMPLETE_TYPE_P (vtype))
{
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (vtype));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
- TYPE_SIZE_UNIT (vtype));
+ /* For a structure, add the size of the initializer to the DECL's
+ size. */
+ if (TREE_CODE (TREE_TYPE (decl)) == RECORD_TYPE)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+ and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+ }
}
}
}
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
new file mode 100644
index ..aae9cf39c8c7
--- /dev/null
+++ b/gcc/testsui
[PATCH v4 2/4] C and C++ FE changes
to support flexible array members
in unions and alone in structures. Adjust testcases for flexible array member
in union and alone in structure extension.
gcc/c/ChangeLog:
* c-decl.cc (finish_struct): Change errors to pedwarns for the cases
flexible array members in union or alone in structures.
gcc/cp/ChangeLog:
* class.cc (diagnose_flexarrays): Change error to pdewarn for the case
flexible array members alone in structures.
* decl.cc (grokdeclarator): Change error to pdewarn for the case
flexible array members in unions.
gcc/ChangeLog:
* stor-layout.cc (place_union_field): Use zero sizes for flexible array
member fields.
gcc/testsuite/ChangeLog:
* c-c++-common/builtin-clear-padding-3.c: Adjust testcase.
* g++.dg/ext/flexary12.C: Likewise.
* g++.dg/ext/flexary19.C: Likewise.
* g++.dg/ext/flexary2.C: Likewise.
* g++.dg/ext/flexary3.C: Likewise.
* g++.dg/ext/flexary36.C: Likewise.
* g++.dg/ext/flexary4.C: Likewise.
* g++.dg/ext/flexary5.C: Likewise.
* g++.dg/ext/flexary8.C: Likewise.
* g++.dg/torture/pr64280.C: Likewise.
* gcc.dg/20050620-1.c: Likewise.
* gcc.dg/940510-1.c: Likewise.
---
gcc/c/c-decl.cc | 16 ++
gcc/cp/class.cc | 11 ++--
gcc/cp/decl.cc| 7 ++-
gcc/stor-layout.cc| 9 +++-
.../c-c++-common/builtin-clear-padding-3.c| 10 ++--
gcc/testsuite/g++.dg/ext/flexary12.C | 6 +--
gcc/testsuite/g++.dg/ext/flexary19.C | 42 +++
gcc/testsuite/g++.dg/ext/flexary2.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary3.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary36.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary4.C | 54 +--
gcc/testsuite/g++.dg/ext/flexary5.C | 4 +-
gcc/testsuite/g++.dg/ext/flexary8.C | 8 +--
gcc/testsuite/g++.dg/torture/pr64280.C| 2 +-
gcc/testsuite/gcc.dg/20050620-1.c | 2 +-
gcc/testsuite/gcc.dg/940510-1.c | 4 +-
16 files changed, 91 insertions(+), 90 deletions(-)
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 345090dae38b..947f3cd589eb 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -9471,11 +9471,8 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
if (flexible_array_member_type_p (TREE_TYPE (x)))
{
if (TREE_CODE (t) == UNION_TYPE)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in union");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in union is a GCC extension");
else if (!is_last_field)
{
error_at (DECL_SOURCE_LOCATION (x),
@@ -9483,12 +9480,9 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
TREE_TYPE (x) = error_mark_node;
}
else if (!saw_named_field)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in a struct with no named "
- "members");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in a struct with no named "
+"members is a GCC extension");
}
if (pedantic && TREE_CODE (t) == RECORD_TYPE
diff --git a/gcc/cp/class.cc b/gcc/cp/class.cc
index 5f258729940b..0c8afb72550f 100644
--- a/gcc/cp/class.cc
+++ b/gcc/cp/class.cc
@@ -7624,6 +7624,7 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
bool diagd = false;
const char *msg = 0;
+ const char *msg_fam = 0;
if (TYPE_DOMAIN (TREE_TYPE (fmem->array)))
{
@@ -7649,15 +7650,19 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
if (fmem->after[0])
msg = G_("flexible array member %qD not at end of %q#T");
else if (!fmem->first)
- msg = G_("flexible array member %qD in an otherwise empty %q#T");
+ msg_fam = G_("flexible array member %qD in an otherwise"
+" empty %q#T is a GCC extension");
- if (msg)
+ if (msg || msg_fam)
{
location_t loc = DECL_SOURCE_LOCATION (fmem->array);
diagd = true;
auto_diagnostic_group d;
- error_at (loc, msg, fmem->array, t);
+ if (msg)
+ error_at (loc, msg, fmem->array, t);
+ else
+ pedwarn (loc, OPT_Wpedantic, msg_fam, fmem->array, t);
/* In the unlikely event that the member following the flexible
array member is declared in a different class, or the member
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index
[PATCH v4 4/4] Update the C/C++ FE routines
"add_flexible_array_elts_to_size" and "layout_var_decl" to handle
the cases when the DECL is union.
Add testing cases to test the _bos for flexible array members in unions
or alone in structures.
gcc/c/ChangeLog:
* c-decl.cc (add_flexible_array_elts_to_size): Handle the cases
when the DECL is union.
gcc/cp/ChangeLog:
* decl.cc (layout_var_decl): Handle the cases when the DECL is
union with a flexible array member initializer.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-bos-1.c: New test.
* c-c++-common/fam-in-union-alone-in-struct-bos.c: New test.
---
gcc/c/c-decl.cc | 30 +++--
gcc/cp/decl.cc| 32 +++--
.../fam-in-union-alone-in-struct-bos-1.c | 66 +++
.../fam-in-union-alone-in-struct-bos.c| 45 +
4 files changed, 159 insertions(+), 14 deletions(-)
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos.c
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 947f3cd589eb..9ba92690daf5 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -5337,9 +5337,9 @@ zero_length_array_type_p (const_tree type)
}
/* INIT is a constructor that forms DECL's initializer. If the final
- element initializes a flexible array field, add the size of that
- initializer to DECL's size. */
-
+ element initializes a flexible array field, adjust the size of the
+ DECL with the initializer based on whether the DECL is a union or
+ a structure. */
static void
add_flexible_array_elts_to_size (tree decl, tree init)
{
@@ -5353,10 +5353,26 @@ add_flexible_array_elts_to_size (tree decl, tree init)
if (flexible_array_member_type_p (type))
{
complete_array_type (, elt, false);
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl), TYPE_SIZE_UNIT (type));
+ /* For a structure, add the size of the initializer to the DECL's
+size. */
+ if (TREE_CODE (TREE_TYPE (decl)) == RECORD_TYPE)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
}
}
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index 9a91c6f80da1..78e21b05296c 100644
--- a/gcc/cp/decl.cc
+++ b/gcc/cp/decl.cc
@@ -6555,8 +6555,9 @@ layout_var_decl (tree decl)
}
}
- /* If the final element initializes a flexible array field, add the size of
- that initializer to DECL's size. */
+ /* If the final element initializes a flexible array field, adjust
+ the size of the DECL with the initializer based on whether the
+ DECL is a union or a structure. */
if (type != error_mark_node
&& DECL_INITIAL (decl)
&& TREE_CODE (DECL_INITIAL (decl)) == CONSTRUCTOR
@@ -6577,11 +6578,28 @@ layout_var_decl (tree decl)
&& TREE_CODE (vtype) == ARRAY_TYPE
&& COMPLETE_TYPE_P (vtype))
{
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (vtype));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
- TYPE_SIZE_UNIT (vtype));
+ /* For a structure, add the size of the initializer to the DECL's
+size. */
+ if (TREE_CODE (TREE_TYPE (decl)) == RECORD_TYPE)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+
[PATCH v4 3/4] Add testing cases for flexible array members in unions and alone in structures.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-1.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-2.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-3.c: New testcase.
---
.../fam-in-union-alone-in-struct-1.c | 52 +++
.../fam-in-union-alone-in-struct-2.c | 51 ++
.../fam-in-union-alone-in-struct-3.c | 36 +
3 files changed, 139 insertions(+)
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
new file mode 100644
index ..7d4721aa95ac
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
@@ -0,0 +1,52 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do run} */
+/* { dg-options "-Wpedantic" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+struct only_fam {
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+int main ()
+{
+ if (sizeof (union with_fam_1) != sizeof (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_2) != __alignof__ (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_3) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam_2) != sizeof (int))
+__builtin_abort ();
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
new file mode 100644
index ..3743f9e7dac5
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
@@ -0,0 +1,51 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures: initialization */
+/* { dg-do run} */
+/* { dg-options "-O2" } */
+
+union with_fam_1 {
+ int a;
+ int b[];
+} with_fam_1_v = {.b = {1, 2, 3, 4}};
+
+union with_fam_2 {
+ int a;
+ char b[];
+} with_fam_2_v = {.a = 0x1f2f3f4f};
+
+union with_fam_3 {
+ char a[];
+ int b[];
+} with_fam_3_v = {.b = {0x1f2f3f4f, 0x5f6f7f7f}};
+
+struct only_fam {
+ int b[];
+} only_fam_v = {{7, 11}};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+} only_fam_2_v = {{7, 11}};
+
+int main ()
+{
+ if (with_fam_1_v.b[3] != 4
+ || with_fam_1_v.b[0] != 1)
+__builtin_abort ();
+ if (with_fam_2_v.b[3] != 0x1f
+ || with_fam_2_v.b[0] != 0x4f)
+__builtin_abort ();
+ if (with_fam_3_v.a[0] != 0x4f
+ || with_fam_3_v.a[7] != 0x5f)
+__builtin_abort ();
+ if (only_fam_v.b[0] != 7
+ || only_fam_v.b[1] != 11)
+__builtin_abort ();
+ if (only_fam_2_v.b[0] != 7
+ || only_fam_2_v.b[1] != 11)
+__builtin_abort ();
+
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
new file mode 100644
index ..dd36fa01306d
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
@@ -0,0 +1,36 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do compile } */
+/* { dg-options "-pedantic-errors" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+ /* { dg-error "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
[PATCH v4 1/4] Allow flexible array members in unions and alone in structures [PR53548]
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in a union or alone
in a structure for a long time. (though I didn't see any official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..94a77d7ef39c 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If every member of a union is a flexible array member, the size of
+such a union is zero.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such a structure is zero.
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
--
2.31.1
[PATCH v4 0/4] Allow flexible array members in unions and alone in structures [PR53548]
Hi, This is the 4th version for Allow flexible array members in unions and alone in structures [PR53548] (for your reference, the 1st version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649737.html The 2nd version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/650019.html The 3rd version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/650255.html) compared to the 3rd version, the major difference are: A. Two minor wording changes in doc/extend.texi per Jason's comments. B. In the 4th patch, for both C and C++ FE, delete the new variable "is_decl_type_union". Review needed: C++ FE changes (in Patch 2 and Patch 4); Middle-end changes (in Patch 2); New C FE change (in Patch 4); New testing cases for _bos (in Patch 4); Approval status: All other changes (C FE and documentation and related testing cases) have been approved with minor updates. The patch set includes: 1. Documentation change. Allow flexible array members in unions and alone in structures [PR53548] 2. C and C++ FE changes to support flexible array members in unions and alone in structures. Adjust testcases for flexible array member in union and alone in structure extension. 3. Add testing cases for flexible array members in unions and alone in structures. 4. Update the C FE routine "add_flexible_array_elts_to_size" C++ FE routine "layout_var_decl" to handle the cases when the DECL is union. Add testing cvases to test the _bos for FAM in union and alone in structures. bootstrapped and regression tested on both x86 and aarch64, no issue. Okay for GCC15? thanks. Qing
Re: [PATCH v3 1/4] Allow flexible array members in unions and alone in structures [PR53548]
On Apr 30, 2024, at 17:55, Kees Cook wrote:
On Tue, Apr 30, 2024 at 05:51:20PM -0400, Jason Merrill wrote:
On 4/30/24 14:45, Qing Zhao wrote:
On Apr 30, 2024, at 15:27, Jason Merrill wrote:
On 4/30/24 07:58, Qing Zhao wrote:
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago
around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the
following reason:
"there is an existing extension that makes the requested
functionality possible"
i.e GCC fully supported that the zero-length array can be in a
union or alone
in a structure for a long time. (though I didn't see any
official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length
array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we
introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone
in structs
are common code patterns in active use by the Linux kernel (and
other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..cba98c8aadd7 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible
Array Members.
+* Flexible Array Members alone in Structures:: Structures with
only Flexible Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++,
empty structures are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If all the members of a union are flexible array member, the size of
It’s for the following case:
union with_fam_3 {
char a[];
int b[];
}
And also include: (the only member of a union is a flexible array
member as you mentioned below)
union with_fam_1 {
char a[];
}
So, I think the original sentence:
“If all the members of a union are flexible array member, the size of”
Should be better than the below:
"If the only member of a union is a flexible array member”
Makes sense, but then it should be "members" both times rather than
"members" and then "member".
"If every member of a union is a flexible array, the size ..." ?
Yes, I have updated the doc as this. -:).
Qing
--
Kees Cook
Re: [PATCH v3 1/4] Allow flexible array members in unions and alone in structures [PR53548]
> On Apr 30, 2024, at 15:52, Jason Merrill wrote:
>
> On 4/30/24 14:49, Qing Zhao wrote:
>>> On Apr 30, 2024, at 15:45, Qing Zhao wrote:
>>>
>>>
>>>
>>>>> gcc/doc/extend.texi | 34 ++
>>>>> 1 file changed, 34 insertions(+)
>>>>> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
>>>>> index 7b54a241a7bf..cba98c8aadd7 100644
>>>>> --- a/gcc/doc/extend.texi
>>>>> +++ b/gcc/doc/extend.texi
>>>>> @@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
>>>>> * Named Address Spaces::Named address spaces.
>>>>> * Zero Length:: Zero-length arrays.
>>>>> * Empty Structures::Structures with no members.
>>>>> +* Flexible Array Members in Unions:: Unions with Flexible Array Members.
>>>>> +* Flexible Array Members alone in Structures:: Structures with only
>>>>> Flexible Array Members.
>>>>> * Variable Length:: Arrays whose length is computed at run time.
>>>>> * Variadic Macros:: Macros with a variable number of arguments.
>>>>> * Escaped Newlines::Slightly looser rules for escaped newlines.
>>>>> @@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty
>>>>> structures are part
>>>>> of the language. G++ treats empty structures as if they had a single
>>>>> member of type @code{char}.
>>>>> +@node Flexible Array Members in Unions
>>>>> +@section Unions with Flexible Array Members
>>>>> +@cindex unions with flexible array members
>>>>> +@cindex unions with FAMs
>>>>> +
>>>>> +GCC permits a C99 flexible array member (FAM) to be in a union:
>>>>> +
>>>>> +@smallexample
>>>>> +union with_fam @{
>>>>> + int a;
>>>>> + int b[];
>>>>> +@};
>>>>> +@end smallexample
>>>>> +
>>>>> +If all the members of a union are flexible array member, the size of
>>>
>>> It’s for the following case:
>>>
>>> union with_fam_3 {
>>> char a[];
>>> int b[];
>>> }
>>>
>>> And also include: (the only member of a union is a flexible array member
>>> as you mentioned below)
>>>
>>> union with_fam_1 {
>>> char a[];
>>> }
>>>
>>> So, I think the original sentence:
>>>
>>> “If all the members of a union are flexible array member, the size of”
>>>
>>> Should be better than the below:
>>>>
>>>> "If the only member of a union is a flexible array member”
>> How about the following wording?
>> "If every member of a union is flexible array member, the size of”
>
> "is a flexible array member", sure.
Okay, will update the doc.
Thanks a lot.
Qing
>
> Jason
>
Re: [PATCH v3 1/4] Allow flexible array members in unions and alone in structures [PR53548]
On Apr 30, 2024, at 15:45, Qing Zhao wrote:
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..cba98c8aadd7 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If all the members of a union are flexible array member, the size of
It’s for the following case:
union with_fam_3 {
char a[];
int b[];
}
And also include: (the only member of a union is a flexible array member as
you mentioned below)
union with_fam_1 {
char a[];
}
So, I think the original sentence:
“If all the members of a union are flexible array member, the size of”
Should be better than the below:
"If the only member of a union is a flexible array member”
How about the following wording?
"If every member of a union is flexible array member, the size of”
Qing
+such union is zero.
"such a union"
Okay.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such structure gives the size zero.
"The size of such a structure is zero"
Okay.
thanks.
Qing
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
Re: [PATCH v3 1/4] Allow flexible array members in unions and alone in structures [PR53548]
On Apr 30, 2024, at 15:27, Jason Merrill wrote:
On 4/30/24 07:58, Qing Zhao wrote:
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in a union or alone
in a structure for a long time. (though I didn't see any official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..cba98c8aadd7 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If all the members of a union are flexible array member, the size of
It’s for the following case:
union with_fam_3 {
char a[];
int b[];
}
And also include: (the only member of a union is a flexible array member as
you mentioned below)
union with_fam_1 {
char a[];
}
So, I think the original sentence:
“If all the members of a union are flexible array member, the size of”
Should be better than the below:
"If the only member of a union is a flexible array member”
+such union is zero.
"such a union"
Okay.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such structure gives the size zero.
"The size of such a structure is zero"
Okay.
thanks.
Qing
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
Re: [PATCH v3 4/4] Update the C FE routine "add_flexible_array_elts_to_size" C++ FE routine "layout_var_decl" to handle the cases when the DECL is union.
On Apr 30, 2024, at 15:29, Jason Merrill wrote:
On 4/30/24 07:58, Qing Zhao wrote:
Add testing cases to test the _bos for flexible array members in unions
or alone in structures.
gcc/c/ChangeLog:
* c-decl.cc (add_flexible_array_elts_to_size): Handle the cases
when the DECL is union.
gcc/cp/ChangeLog:
* decl.cc (layout_var_decl): Handle the cases when the DECL is
union with a flexible array member initializer.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-bos-1.c: New test.
* c-c++-common/fam-in-union-alone-in-struct-bos.c: New test.
---
gcc/c/c-decl.cc | 32 +++--
gcc/cp/decl.cc| 33 --
.../fam-in-union-alone-in-struct-bos-1.c | 66 +++
.../fam-in-union-alone-in-struct-bos.c| 45 +
4 files changed, 162 insertions(+), 14 deletions(-)
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos.c
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 947f3cd589eb..59302c5cfb1f 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -5337,9 +5337,9 @@ zero_length_array_type_p (const_tree type)
}
/* INIT is a constructor that forms DECL's initializer. If the final
- element initializes a flexible array field, add the size of that
- initializer to DECL's size. */
-
+ element initializes a flexible array field, adjust the size of the
+ DECL with the initializer based on whether the DECL is a union or
+ a structure. */
static void
add_flexible_array_elts_to_size (tree decl, tree init)
{
@@ -5348,15 +5348,33 @@ add_flexible_array_elts_to_size (tree decl, tree init)
if (vec_safe_is_empty (CONSTRUCTOR_ELTS (init)))
return;
+ bool is_decl_type_union = (TREE_CODE (TREE_TYPE (decl)) == UNION_TYPE);
In both C and C++ front-ends, I don't see any reason for this variable to be
declared outside the if, since it's only used inside it.
It's not clear to me that it's needed at all since it's only used once, but if
you prefer to have it, please move it inside the if.
Okay, will do that.
thanks.
Qing
+
elt = CONSTRUCTOR_ELTS (init)->last ().value;
type = TREE_TYPE (elt);
if (flexible_array_member_type_p (type))
{
complete_array_type (, elt, false);
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl), TYPE_SIZE_UNIT (type));
+ /* For a structure, add the size of the initializer to the DECL's
+ size. */
+ if (!is_decl_type_union)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+ and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
}
}
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index 9a91c6f80da1..0ea3ef165b66 100644
--- a/gcc/cp/decl.cc
+++ b/gcc/cp/decl.cc
@@ -6555,8 +6555,9 @@ layout_var_decl (tree decl)
}
}
- /* If the final element initializes a flexible array field, add the size of
- that initializer to DECL's size. */
+ /* If the final element initializes a flexible array field, adjust
+ the size of the DECL with the initializer based on whether the
+ DECL is a union or a structure. */
if (type != error_mark_node
&& DECL_INITIAL (decl)
&& TREE_CODE (DECL_INITIAL (decl)) == CONSTRUCTOR
@@ -6568,6 +6569,7 @@ layout_var_decl (tree decl)
&& tree_int_cst_equal (DECL_SIZE (decl), TYPE_SIZE (type)))
{
constructor_elt = CONSTRUCTOR_ELTS (DECL_INITIAL (decl))->last ();
+ bool is_decl_type_union = (TREE_CODE (TREE_TYPE (decl)) == UNION_TYPE);
if (elt.index)
{
tree itype = TREE_TYPE (elt.index);
@@ -6577,11 +6579,28 @@ layout_var_decl (tree decl)
&& TREE_CODE (vtype) == ARRAY_TYPE
&& COMPLETE_TYPE_P (vtype))
{
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (vtype));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
- TYPE_SIZE_UNIT (vtype));
+ /* For a structure, add the size of the initializer to the DECL's
+ size. */
+ if (!is_decl_type_union)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+ }
+ /* a union, the DECL's size is the maximum of the current size
+ and the size of the initial
[PATCH v3 4/4] Update the C FE routine "add_flexible_array_elts_to_size" C++ FE routine "layout_var_decl" to handle the cases when the DECL is union.
Add testing cases to test the _bos for flexible array members in unions
or alone in structures.
gcc/c/ChangeLog:
* c-decl.cc (add_flexible_array_elts_to_size): Handle the cases
when the DECL is union.
gcc/cp/ChangeLog:
* decl.cc (layout_var_decl): Handle the cases when the DECL is
union with a flexible array member initializer.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-bos-1.c: New test.
* c-c++-common/fam-in-union-alone-in-struct-bos.c: New test.
---
gcc/c/c-decl.cc | 32 +++--
gcc/cp/decl.cc| 33 --
.../fam-in-union-alone-in-struct-bos-1.c | 66 +++
.../fam-in-union-alone-in-struct-bos.c| 45 +
4 files changed, 162 insertions(+), 14 deletions(-)
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos-1.c
create mode 100644
gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-bos.c
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 947f3cd589eb..59302c5cfb1f 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -5337,9 +5337,9 @@ zero_length_array_type_p (const_tree type)
}
/* INIT is a constructor that forms DECL's initializer. If the final
- element initializes a flexible array field, add the size of that
- initializer to DECL's size. */
-
+ element initializes a flexible array field, adjust the size of the
+ DECL with the initializer based on whether the DECL is a union or
+ a structure. */
static void
add_flexible_array_elts_to_size (tree decl, tree init)
{
@@ -5348,15 +5348,33 @@ add_flexible_array_elts_to_size (tree decl, tree init)
if (vec_safe_is_empty (CONSTRUCTOR_ELTS (init)))
return;
+ bool is_decl_type_union = (TREE_CODE (TREE_TYPE (decl)) == UNION_TYPE);
+
elt = CONSTRUCTOR_ELTS (init)->last ().value;
type = TREE_TYPE (elt);
if (flexible_array_member_type_p (type))
{
complete_array_type (, elt, false);
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl), TYPE_SIZE_UNIT (type));
+ /* For a structure, add the size of the initializer to the DECL's
+size. */
+ if (!is_decl_type_union)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
+ /* For a union, the DECL's size is the maximum of the current size
+and the size of the initializer. */
+ else
+ {
+ DECL_SIZE (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE (decl), TYPE_SIZE (type));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (MAX_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (type));
+ }
}
}
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index 9a91c6f80da1..0ea3ef165b66 100644
--- a/gcc/cp/decl.cc
+++ b/gcc/cp/decl.cc
@@ -6555,8 +6555,9 @@ layout_var_decl (tree decl)
}
}
- /* If the final element initializes a flexible array field, add the size of
- that initializer to DECL's size. */
+ /* If the final element initializes a flexible array field, adjust
+ the size of the DECL with the initializer based on whether the
+ DECL is a union or a structure. */
if (type != error_mark_node
&& DECL_INITIAL (decl)
&& TREE_CODE (DECL_INITIAL (decl)) == CONSTRUCTOR
@@ -6568,6 +6569,7 @@ layout_var_decl (tree decl)
&& tree_int_cst_equal (DECL_SIZE (decl), TYPE_SIZE (type)))
{
constructor_elt = CONSTRUCTOR_ELTS (DECL_INITIAL (decl))->last ();
+ bool is_decl_type_union = (TREE_CODE (TREE_TYPE (decl)) == UNION_TYPE);
if (elt.index)
{
tree itype = TREE_TYPE (elt.index);
@@ -6577,11 +6579,28 @@ layout_var_decl (tree decl)
&& TREE_CODE (vtype) == ARRAY_TYPE
&& COMPLETE_TYPE_P (vtype))
{
- DECL_SIZE (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (vtype));
- DECL_SIZE_UNIT (decl)
- = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
- TYPE_SIZE_UNIT (vtype));
+ /* For a structure, add the size of the initializer to the DECL's
+size. */
+ if (!is_decl_type_union)
+ {
+ DECL_SIZE (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE (decl),
+ TYPE_SIZE (vtype));
+ DECL_SIZE_UNIT (decl)
+ = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
+ TYPE_SIZE_UNIT (vtype));
+ }
+ /* a union, the DECL's size is the maximum of the current size
+
[PATCH v3 3/4] Add testing cases for flexible array members in unions and alone in structures.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-1.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-2.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-3.c: New testcase.
---
.../fam-in-union-alone-in-struct-1.c | 52 +++
.../fam-in-union-alone-in-struct-2.c | 51 ++
.../fam-in-union-alone-in-struct-3.c | 36 +
3 files changed, 139 insertions(+)
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
new file mode 100644
index ..7d4721aa95ac
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
@@ -0,0 +1,52 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do run} */
+/* { dg-options "-Wpedantic" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+struct only_fam {
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+int main ()
+{
+ if (sizeof (union with_fam_1) != sizeof (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_2) != __alignof__ (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_3) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam_2) != sizeof (int))
+__builtin_abort ();
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
new file mode 100644
index ..3743f9e7dac5
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
@@ -0,0 +1,51 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures: initialization */
+/* { dg-do run} */
+/* { dg-options "-O2" } */
+
+union with_fam_1 {
+ int a;
+ int b[];
+} with_fam_1_v = {.b = {1, 2, 3, 4}};
+
+union with_fam_2 {
+ int a;
+ char b[];
+} with_fam_2_v = {.a = 0x1f2f3f4f};
+
+union with_fam_3 {
+ char a[];
+ int b[];
+} with_fam_3_v = {.b = {0x1f2f3f4f, 0x5f6f7f7f}};
+
+struct only_fam {
+ int b[];
+} only_fam_v = {{7, 11}};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+} only_fam_2_v = {{7, 11}};
+
+int main ()
+{
+ if (with_fam_1_v.b[3] != 4
+ || with_fam_1_v.b[0] != 1)
+__builtin_abort ();
+ if (with_fam_2_v.b[3] != 0x1f
+ || with_fam_2_v.b[0] != 0x4f)
+__builtin_abort ();
+ if (with_fam_3_v.a[0] != 0x4f
+ || with_fam_3_v.a[7] != 0x5f)
+__builtin_abort ();
+ if (only_fam_v.b[0] != 7
+ || only_fam_v.b[1] != 11)
+__builtin_abort ();
+ if (only_fam_2_v.b[0] != 7
+ || only_fam_2_v.b[1] != 11)
+__builtin_abort ();
+
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
new file mode 100644
index ..dd36fa01306d
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
@@ -0,0 +1,36 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do compile } */
+/* { dg-options "-pedantic-errors" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+ /* { dg-error "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
[PATCH v3 2/4] C and C++ FE changes
to support flexible array members
in unions and alone in structures. Adjust testcases for flexible array member
in union and alone in structure extension.
gcc/c/ChangeLog:
* c-decl.cc (finish_struct): Change errors to pedwarns for the cases
flexible array members in union or alone in structures.
gcc/cp/ChangeLog:
* class.cc (diagnose_flexarrays): Change error to pdewarn for the case
flexible array members alone in structures.
* decl.cc (grokdeclarator): Change error to pdewarn for the case
flexible array members in unions.
gcc/ChangeLog:
* stor-layout.cc (place_union_field): Use zero sizes for flexible array
member fields.
gcc/testsuite/ChangeLog:
* c-c++-common/builtin-clear-padding-3.c: Adjust testcase.
* g++.dg/ext/flexary12.C: Likewise.
* g++.dg/ext/flexary19.C: Likewise.
* g++.dg/ext/flexary2.C: Likewise.
* g++.dg/ext/flexary3.C: Likewise.
* g++.dg/ext/flexary36.C: Likewise.
* g++.dg/ext/flexary4.C: Likewise.
* g++.dg/ext/flexary5.C: Likewise.
* g++.dg/ext/flexary8.C: Likewise.
* g++.dg/torture/pr64280.C: Likewise.
* gcc.dg/20050620-1.c: Likewise.
* gcc.dg/940510-1.c: Likewise.
---
gcc/c/c-decl.cc | 16 ++
gcc/cp/class.cc | 11 ++--
gcc/cp/decl.cc| 7 ++-
gcc/stor-layout.cc| 9 +++-
.../c-c++-common/builtin-clear-padding-3.c| 10 ++--
gcc/testsuite/g++.dg/ext/flexary12.C | 6 +--
gcc/testsuite/g++.dg/ext/flexary19.C | 42 +++
gcc/testsuite/g++.dg/ext/flexary2.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary3.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary36.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary4.C | 54 +--
gcc/testsuite/g++.dg/ext/flexary5.C | 4 +-
gcc/testsuite/g++.dg/ext/flexary8.C | 8 +--
gcc/testsuite/g++.dg/torture/pr64280.C| 2 +-
gcc/testsuite/gcc.dg/20050620-1.c | 2 +-
gcc/testsuite/gcc.dg/940510-1.c | 4 +-
16 files changed, 91 insertions(+), 90 deletions(-)
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 345090dae38b..947f3cd589eb 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -9471,11 +9471,8 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
if (flexible_array_member_type_p (TREE_TYPE (x)))
{
if (TREE_CODE (t) == UNION_TYPE)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in union");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in union is a GCC extension");
else if (!is_last_field)
{
error_at (DECL_SOURCE_LOCATION (x),
@@ -9483,12 +9480,9 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
TREE_TYPE (x) = error_mark_node;
}
else if (!saw_named_field)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in a struct with no named "
- "members");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in a struct with no named "
+"members is a GCC extension");
}
if (pedantic && TREE_CODE (t) == RECORD_TYPE
diff --git a/gcc/cp/class.cc b/gcc/cp/class.cc
index 5f258729940b..0c8afb72550f 100644
--- a/gcc/cp/class.cc
+++ b/gcc/cp/class.cc
@@ -7624,6 +7624,7 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
bool diagd = false;
const char *msg = 0;
+ const char *msg_fam = 0;
if (TYPE_DOMAIN (TREE_TYPE (fmem->array)))
{
@@ -7649,15 +7650,19 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
if (fmem->after[0])
msg = G_("flexible array member %qD not at end of %q#T");
else if (!fmem->first)
- msg = G_("flexible array member %qD in an otherwise empty %q#T");
+ msg_fam = G_("flexible array member %qD in an otherwise"
+" empty %q#T is a GCC extension");
- if (msg)
+ if (msg || msg_fam)
{
location_t loc = DECL_SOURCE_LOCATION (fmem->array);
diagd = true;
auto_diagnostic_group d;
- error_at (loc, msg, fmem->array, t);
+ if (msg)
+ error_at (loc, msg, fmem->array, t);
+ else
+ pedwarn (loc, OPT_Wpedantic, msg_fam, fmem->array, t);
/* In the unlikely event that the member following the flexible
array member is declared in a different class, or the member
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index
[PATCH v3 0/4]Allow flexible array members in unions and alone in structures [PR53548]
Hi, This is the 3rd version for Allow flexible array members in unions and alone in structures [PR53548] (for your reference, the 1st version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649737.html The 2nd version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/650019.html) compared to the 2nd version, the major difference are: A. Add two testing cases for _bos per Sid's comments; B. One update to the C FE routine "add_flexible_array_elts_to_size" to handle the cases when the declaration is union. C. One update the the C++ FE routine "layout_var_decl" to handle the cases when the declaratin is a union with a flexible array member initializer. All the above new change is included in the new 4th patch. Review needed: C++ FE changes (in Patch 2 and new Patch 4); Middle-end changes (in Patch 2); New C FE change (in new Patch 4); New testing cases for _bos (in new Patch 4); Approval status: All other changes (C FE and documentation and related testing cases) have been approved with minor updates. The patch set includes: 1. Documentation change. Allow flexible array members in unions and alone in structures [PR53548] 2. C and C++ FE changes to support flexible array members in unions and alone in structures. Adjust testcases for flexible array member in union and alone in structure extension. 3. Add testing cases for flexible array members in unions and alone in structures. 4. Update the C FE routine "add_flexible_array_elts_to_size" C++ FE routine "layout_var_decl" to handle the cases when the DECL is union. Add testing cvases to test the _bos for FAM in union and alone in structures. bootstrapped and regression tested on both x86 and aarch64, no issue. Okay for GCC15? thanks. Qing
[PATCH v3 1/4] Allow flexible array members in unions and alone in structures [PR53548]
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in a union or alone
in a structure for a long time. (though I didn't see any official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..cba98c8aadd7 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If all the members of a union are flexible array member, the size of
+such union is zero.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such structure gives the size zero.
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
--
2.31.1
Re: [PATCH v2 3/3] Add testing cases for flexible array members in unions and alone in structures.
> On Apr 25, 2024, at 10:13, Siddhesh Poyarekar wrote:
>
> On 2024-04-25 10:06, Qing Zhao wrote:
>> gcc/testsuite/ChangeLog:
>> * c-c++-common/fam-in-union-alone-in-struct-1.c: New testcase.
>> * c-c++-common/fam-in-union-alone-in-struct-2.c: New testcase.
>> * c-c++-common/fam-in-union-alone-in-struct-3.c: New testcase.
>> ---
>
> Sorry I should have commented sooner; could you please also add tests for
> __bos/__bdos for such unions and structs?
Yes, nice suggestion! Will do.
Thanks a lot.
Qing
>
> Thanks,
> Sid
>
>> .../fam-in-union-alone-in-struct-1.c | 52 +++
>> .../fam-in-union-alone-in-struct-2.c | 51 ++
>> .../fam-in-union-alone-in-struct-3.c | 36 +
>> 3 files changed, 139 insertions(+)
>> create mode 100644
>> gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
>> create mode 100644
>> gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
>> create mode 100644
>> gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
>> diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
>> b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
>> new file mode 100644
>> index ..7d4721aa95ac
>> --- /dev/null
>> +++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
>> @@ -0,0 +1,52 @@
>> +/* testing the correct usage of flexible array members in unions
>> + and alone in structures. */
>> +/* { dg-do run} */
>> +/* { dg-options "-Wpedantic" } */
>> +
>> +union with_fam_1 {
>> + int a;
>> + int b[]; /* { dg-warning "flexible array member in union is a GCC
>> extension" } */
>> +};
>> +
>> +union with_fam_2 {
>> + char a;
>> + int b[]; /* { dg-warning "flexible array member in union is a GCC
>> extension" } */
>> +};
>> +
>> +union with_fam_3 {
>> + char a[]; /* { dg-warning "flexible array member in union is a GCC
>> extension" } */
>> + /* { dg-warning "in an otherwise empty" "" { target c++ } .-1 } */
>> + int b[]; /* { dg-warning "flexible array member in union is a GCC
>> extension" } */
>> +};
>> +
>> +struct only_fam {
>> + int b[];
>> + /* { dg-warning "in a struct with no named members" "" { target c } .-1 }
>> */
>> + /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
>> + /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
>> +};
>> +
>> +struct only_fam_2 {
>> + unsigned int : 2;
>> + unsigned int : 3;
>> + int b[];
>> + /* { dg-warning "in a struct with no named members" "" { target c } .-1 }
>> */
>> + /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
>> + /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
>> +};
>> +
>> +int main ()
>> +{
>> + if (sizeof (union with_fam_1) != sizeof (int))
>> +__builtin_abort ();
>> + if (sizeof (union with_fam_2) != __alignof__ (int))
>> +__builtin_abort ();
>> + if (sizeof (union with_fam_3) != 0)
>> +__builtin_abort ();
>> + if (sizeof (struct only_fam) != 0)
>> +__builtin_abort ();
>> + if (sizeof (struct only_fam_2) != sizeof (int))
>> +__builtin_abort ();
>> + return 0;
>> +}
>> +
>> diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
>> b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
>> new file mode 100644
>> index ..3743f9e7dac5
>> --- /dev/null
>> +++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
>> @@ -0,0 +1,51 @@
>> +/* testing the correct usage of flexible array members in unions
>> + and alone in structures: initialization */
>> +/* { dg-do run} */
>> +/* { dg-options "-O2" } */
>> +
>> +union with_fam_1 {
>> + int a;
>> + int b[];
>> +} with_fam_1_v = {.b = {1, 2, 3, 4}};
>> +
>> +union with_fam_2 {
>> + int a;
>> + char b[];
>> +} with_fam_2_v = {.a = 0x1f2f3f4f};
>> +
>> +union with_fam_3 {
>> + char a[];
>> + int b[];
>> +} with_fam_3_v = {.b = {0x1f2f3f4f, 0x5f6f7f7f}};
>> +
>> +struct only_fam {
>> + int b[];
>> +} only_fam_v = {{7, 11}};
>> +
>> +struct only_fam_2 {
>> +
[PATCH v2 3/3] Add testing cases for flexible array members in unions and alone in structures.
gcc/testsuite/ChangeLog:
* c-c++-common/fam-in-union-alone-in-struct-1.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-2.c: New testcase.
* c-c++-common/fam-in-union-alone-in-struct-3.c: New testcase.
---
.../fam-in-union-alone-in-struct-1.c | 52 +++
.../fam-in-union-alone-in-struct-2.c | 51 ++
.../fam-in-union-alone-in-struct-3.c | 36 +
3 files changed, 139 insertions(+)
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
create mode 100644 gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
new file mode 100644
index ..7d4721aa95ac
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-1.c
@@ -0,0 +1,52 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do run} */
+/* { dg-options "-Wpedantic" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+struct only_fam {
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+ /* { dg-warning "in a struct with no named members" "" { target c } .-1 } */
+ /* { dg-warning "in an otherwise empty" "" { target c++ } .-2 } */
+ /* { dg-warning "forbids flexible array member" "" { target c++ } .-3 } */
+};
+
+int main ()
+{
+ if (sizeof (union with_fam_1) != sizeof (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_2) != __alignof__ (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_3) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam_2) != sizeof (int))
+__builtin_abort ();
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
new file mode 100644
index ..3743f9e7dac5
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-2.c
@@ -0,0 +1,51 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures: initialization */
+/* { dg-do run} */
+/* { dg-options "-O2" } */
+
+union with_fam_1 {
+ int a;
+ int b[];
+} with_fam_1_v = {.b = {1, 2, 3, 4}};
+
+union with_fam_2 {
+ int a;
+ char b[];
+} with_fam_2_v = {.a = 0x1f2f3f4f};
+
+union with_fam_3 {
+ char a[];
+ int b[];
+} with_fam_3_v = {.b = {0x1f2f3f4f, 0x5f6f7f7f}};
+
+struct only_fam {
+ int b[];
+} only_fam_v = {{7, 11}};
+
+struct only_fam_2 {
+ unsigned int : 2;
+ unsigned int : 3;
+ int b[];
+} only_fam_2_v = {{7, 11}};
+
+int main ()
+{
+ if (with_fam_1_v.b[3] != 4
+ || with_fam_1_v.b[0] != 1)
+__builtin_abort ();
+ if (with_fam_2_v.b[3] != 0x1f
+ || with_fam_2_v.b[0] != 0x4f)
+__builtin_abort ();
+ if (with_fam_3_v.a[0] != 0x4f
+ || with_fam_3_v.a[7] != 0x5f)
+__builtin_abort ();
+ if (only_fam_v.b[0] != 7
+ || only_fam_v.b[1] != 11)
+__builtin_abort ();
+ if (only_fam_2_v.b[0] != 7
+ || only_fam_2_v.b[1] != 11)
+__builtin_abort ();
+
+ return 0;
+}
+
diff --git a/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
new file mode 100644
index ..dd36fa01306d
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fam-in-union-alone-in-struct-3.c
@@ -0,0 +1,36 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structures. */
+/* { dg-do compile } */
+/* { dg-options "-pedantic-errors" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+ /* { dg-error "in an otherwise empty" "" { target c++ } .-1 } */
+ int b[]; /* { dg-error "flexible array member in union is a GCC extension"
} */
+};
[PATCH v2 0/3] Allow flexible array members in unions and alone in structures [PR53548]
Hi, This is the 2nd version for Allow flexible array members in unions and alone in structures [PR53548] (for your reference, the 1st version is at: https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649737.html) compared to the 1st version, the major difference are: A. C FE updates based on Joseph's comments: documentation changes; testing case changes; * added testing cases for -pedantic-errors; * renamed the testing cases to accurately reflect the covered tests; * added unnamed bit-fields along with FAM; * move the testing cases to c-c++-common; B. Merge the 4th patch (old testing adjustment) to the 2nd patch in order to avoid testing regressions if individual patch is tested separately. Approval status: C FE and documentation changes have been approved for GCC15 with the above update A. (Patch 1 and Patch 3 have been approved, the C FE part of Patch 2 has been approved). Review needed: C++ FE changes (in Patch 2); Middle-end changes (in Patch 2); The patch set includes: 1. Documentation change. Allow flexible array members in unions and alone in structures [PR53548] 2. C and C++ FE changes to support flexible array members in unions and alone in structures. Adjust testcases for flexible array member in union and alone in structure extension. 3. Add testing cases for flexible array members in unions and alone in structures. bootstrapped and regression tested on both x86 and aarch64, no issue. Okay for GCC15? thanks. Qing
[PATCH v2 2/3] C and C++ FE changes
to support flexible array members in unions and alone in structures.
Adjust testcases for flexible array member
in union and alone in structure extension.
gcc/c/ChangeLog:
* c-decl.cc (finish_struct): Change errors to pedwarns for the cases
flexible array members in union or alone in structures.
gcc/cp/ChangeLog:
* class.cc (diagnose_flexarrays): Change error to pdewarn for the case
flexible array members alone in structures.
* decl.cc (grokdeclarator): Change error to pdewarn for the case
flexible array members in unions.
gcc/ChangeLog:
* stor-layout.cc (place_union_field): Use zero sizes for flexible array
member fields.
gcc/testsuite/ChangeLog:
* c-c++-common/builtin-clear-padding-3.c: Adjust testcase.
* g++.dg/ext/flexary12.C: Likewise.
* g++.dg/ext/flexary19.C: Likewise.
* g++.dg/ext/flexary2.C: Likewise.
* g++.dg/ext/flexary3.C: Likewise.
* g++.dg/ext/flexary36.C: Likewise.
* g++.dg/ext/flexary4.C: Likewise.
* g++.dg/ext/flexary5.C: Likewise.
* g++.dg/ext/flexary8.C: Likewise.
* g++.dg/torture/pr64280.C: Likewise.
* gcc.dg/20050620-1.c: Likewise.
* gcc.dg/940510-1.c: Likewise.
---
gcc/c/c-decl.cc | 16 ++
gcc/cp/class.cc | 11 ++--
gcc/cp/decl.cc| 7 ++-
gcc/stor-layout.cc| 9 +++-
.../c-c++-common/builtin-clear-padding-3.c| 10 ++--
gcc/testsuite/g++.dg/ext/flexary12.C | 6 +--
gcc/testsuite/g++.dg/ext/flexary19.C | 42 +++
gcc/testsuite/g++.dg/ext/flexary2.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary3.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary36.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary4.C | 54 +--
gcc/testsuite/g++.dg/ext/flexary5.C | 4 +-
gcc/testsuite/g++.dg/ext/flexary8.C | 8 +--
gcc/testsuite/g++.dg/torture/pr64280.C| 2 +-
gcc/testsuite/gcc.dg/20050620-1.c | 2 +-
gcc/testsuite/gcc.dg/940510-1.c | 4 +-
16 files changed, 91 insertions(+), 90 deletions(-)
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 345090dae38b..947f3cd589eb 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -9471,11 +9471,8 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
if (flexible_array_member_type_p (TREE_TYPE (x)))
{
if (TREE_CODE (t) == UNION_TYPE)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in union");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in union is a GCC extension");
else if (!is_last_field)
{
error_at (DECL_SOURCE_LOCATION (x),
@@ -9483,12 +9480,9 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
TREE_TYPE (x) = error_mark_node;
}
else if (!saw_named_field)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in a struct with no named "
- "members");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in a struct with no named "
+"members is a GCC extension");
}
if (pedantic && TREE_CODE (t) == RECORD_TYPE
diff --git a/gcc/cp/class.cc b/gcc/cp/class.cc
index 5f258729940b..0c8afb72550f 100644
--- a/gcc/cp/class.cc
+++ b/gcc/cp/class.cc
@@ -7624,6 +7624,7 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
bool diagd = false;
const char *msg = 0;
+ const char *msg_fam = 0;
if (TYPE_DOMAIN (TREE_TYPE (fmem->array)))
{
@@ -7649,15 +7650,19 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
if (fmem->after[0])
msg = G_("flexible array member %qD not at end of %q#T");
else if (!fmem->first)
- msg = G_("flexible array member %qD in an otherwise empty %q#T");
+ msg_fam = G_("flexible array member %qD in an otherwise"
+" empty %q#T is a GCC extension");
- if (msg)
+ if (msg || msg_fam)
{
location_t loc = DECL_SOURCE_LOCATION (fmem->array);
diagd = true;
auto_diagnostic_group d;
- error_at (loc, msg, fmem->array, t);
+ if (msg)
+ error_at (loc, msg, fmem->array, t);
+ else
+ pedwarn (loc, OPT_Wpedantic, msg_fam, fmem->array, t);
/* In the unlikely event that the member following the flexible
array member is declared in a different class, or the member
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index
[PATCH v2 1/3] Allow flexible array members in unions and alone in structures [PR53548]
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in a union or alone
in a structure for a long time. (though I didn't see any official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 34 ++
1 file changed, 34 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..cba98c8aadd7 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,38 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+If all the members of a union are flexible array member, the size of
+such union is zero.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such structure gives the size zero.
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
--
2.31.1
Re: [RFC][PATCH v1 2/4] C and C++ FE changes to support flexible array members in unions and alone in structures.
> On Apr 23, 2024, at 15:51, Joseph Myers wrote: > > On Fri, 19 Apr 2024, Qing Zhao wrote: > >> gcc/c/ChangeLog: >> >> * c-decl.cc (finish_struct): Change errors to pedwarns for the cases >> flexible array members in union or alone in structures. > > The C front-end changes are OK for GCC 15 once everything else in the > series is ready for inclusion (in particular, the testsuite changes). Thanks, will update the C FE changes based on your comments. Qing > > -- > Joseph S. Myers > josmy...@redhat.com >
Re: [PATCH v9 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
Ping for the middle-end change approval. And an update on the status of the patch set: **Approval status: All C FE changes have been approved. **Review status: All Middle-end changes have been reviewed by Sid, no remaining issue. Okay for GCC15? thanks. Qing > On Apr 12, 2024, at 09:54, Qing Zhao wrote: > > Hi, > > This is the 9th version of the patch. > > Compare with the 8th version, the difference are: > > updates per Joseph's comments: > > 1. in C FE, add checking for counted_by attribute for the new multiple > definitions of the same tag for C23 in the routine > "tagged_types_tu_compatible_p". > Add a new testing case flex-array-counted-by-8.c for this. > This is for Patch 1; > > 2. two minor typo fixes in c-typeck.cc. > This is for Patch 2; > > Approval status: > > Patch 2's C FE change has been approved with minor typo fixes (the above 2); > Patch 4 has been approved; > Patch 5's C FE change has been approved; > > Review status: > > Patch 3, Patch 2 and Patch 5's Middle-end change have been review by Sid, > No issue. > > More review needed: > > Patch 1's new change to C FE (the above 1); > Patch 2, 3 and 5's middle-end change need to be approved > > The 8th version is here: > https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648559.html > https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648560.html > https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648561.html > https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648562.html > https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648563.html > > It based on the following original proposal: > > https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html > Represent the missing dependence for the "counted_by" attribute and its > consumers > > **The summary of the proposal is: > > * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size > information for every reference to a FAM field; > * In C FE, Replace every reference to a FAM field whose TYPE has the > "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; > * In every consumer of the size information, for example, BDOS or array bound > sanitizer, query the size information or ACCESS_MODE information from the new > internal function; > * When expansing to RTL, replace the internal function with the actual > reference to the FAM field; > * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the > impact to the optimizer and code generation. > > > **The new internal function > > .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE, > ACCESS_MODE, TYPE_OF_REF) > > INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) > > which returns the "REF_TO_OBJ" same as the 1st argument; > > Both the return type and the type of the first argument of this function have > been converted from the incomplete array type to the corresponding pointer > type. > > The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is > the original imcomplete array type. > > Please see the following link for why: > https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html > https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html > > 1st argument "REF_TO_OBJ": The reference to the object; > 2nd argument "REF_TO_SIZE": The reference to the size of the object, > 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE > represents > 0: the number of bytes; > 1: the number of the elements of the object type; > 4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object > refed by REF_TO_SIZE > 5th argument "ACCESS_MODE": > -1: Unknown access semantics > 0: none > 1: read_only > 2: write_only > 3: read_write > 6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to > to the original flexible array type. > > ** The Patch sets included: > > 1. Provide counted_by attribute to flexible array member field; > which includes: > * "counted_by" attribute documentation; > * C FE handling of the new attribute; >syntax checking, error reporting; > * testing cases; > > 2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE. > which includes: > * The definition of the new internal function .ACCESS_WITH_SIZE in > internal-fn.def. > * C FE converts every reference to a FAM with "counted_by" attribute to > a call to the internal function .
Re: [RFC][PATCH v1 3/4] Add testing cases for flexible array members in unions and alone in structures.
> On Apr 23, 2024, at 14:53, Joseph Myers wrote: > > On Fri, 19 Apr 2024, Qing Zhao wrote: > >> gcc/testsuite/ChangeLog: >> >> * gcc.dg/flex-array-in-union-1.c: New test. >> * gcc.dg/flex-array-in-union-2.c: New test. > > There should also be a -pedantic-errors test that these constructs get > errors with -pedantic-errors. Okay, will add. > > The tests mix two cases: flexible arrays in unions, and flexible arrays on > their own in structures. That means the test names are misleading; either > they should be renamed, or the struct tests should be split out. Okay, will update this. > > Note that "no named members" also includes the case where there are > unnamed bit-fields together with a flexible array member, so that should > be tested as well. Will add such testing cases. > > Since this patch series involves changes for both C and C++, it would be > best for the tests to be c-c++-common tests. But if that's problematic > for some reason - if there's still too much difference in behavior between > C and C++ - then there should at least be tests for C++ that are as > similar as possible to the tests for C. I tried to put these two testing cases to c-c++-common, there were some inconsistent behavior I cannot resolve at that time, I will try to fix those issue or add C++ testing cases. Thanks for the review. Qing > > -- > Joseph S. Myers > josmy...@redhat.com >
Re: [RFC][PATCH v1 1/4] Documentation change
> On Apr 23, 2024, at 15:03, Joseph Myers wrote: > > On Tue, 23 Apr 2024, Qing Zhao wrote: > >> However, I am not very confident on the wording of the doc, is the >> current wording good enough for this? Or do you have any suggestion on >> how to make it better? > > I'm not convinced the statement about size (in relation to a structure > with the member omitted) is useful for unions the way it is for > structures. The structure with the member omitted is a relevant concept > for thinking about a structure with a flexible array member (the flexible > array member essentially goes after that structure); it's much less > relevant for thinking about a union with a flexible array member. Okay, then I will delete that statement about size. > > (The statement that the size is zero when all members are flexible array > members still seems a useful one to make.) And only keep the size is zero when all members are flexible array members. Thanks. Qing > > -- > Joseph S. Myers > josmy...@redhat.com >
Re: [RFC][PATCH v1 1/4] Documentation change
> On Apr 23, 2024, at 14:04, Joseph Myers wrote:
>
> On Fri, 19 Apr 2024, Qing Zhao wrote:
>
>> +The size of the union is as if the flexiable array member were omitted
>> +except that it may have more trailing padding than the omission would imply.
>
> "trailing padding" is more a concept for structures than for unions (where
> padding depends on which union member is active). But I suppose it's
> still true that the union can be larger than without the flexible member,
> because of alignment considerations.
>
> union u { char c; int a[]; };
>
> needs to be sufficiently aligned for int, which means the size is a
> multiple of the size of int, whereas if the flexible array member weren't
> present, the size could be 1 byte.
Yes, that’s exact what I tried to include in the documentation part -:)
And I have a testing case for this in the patch.
However, I am not very confident on the wording of the doc, is the current
wording good enough for this?
Or do you have any suggestion on how to make it better?
Thanks a lot!
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
Re: [PATCH v9 1/5] Provide counted_by attribute to flexible array member field (PR108896)
Thanks a lot. Qing > On Apr 22, 2024, at 16:38, Joseph Myers wrote: > > This version of patch 1/5 is OK for GCC 15. > > -- > Joseph S. Myers > josmy...@redhat.com >
Re: [RFC][PATCH v1 1/4] Documentation change
> On Apr 19, 2024, at 16:54, Tom Tromey wrote: > >>>>>> Qing Zhao writes: > >> +The size of the union is as if the flexiable array member were omitted >> +except that it may have more trailing padding than the omission would imply. >> + >> +If all the members of a union are flexiable array member, the size of > > There's a couple of spots that say "flexiable" which should say "flexible". Thanks for catching those typo, I will fix them. Qing > > thanks, > Tom
[RFC][PATCH v1 4/4] Adjust testcases for flexible array member in union and alone in structure extension.
gcc/testsuite/ChangeLog:
* c-c++-common/builtin-clear-padding-3.c: Adjust testcase.
* g++.dg/ext/flexary12.C: Likewise.
* g++.dg/ext/flexary19.C: Likewise.
* g++.dg/ext/flexary2.C: Likewise.
* g++.dg/ext/flexary3.C: Likewise.
* g++.dg/ext/flexary36.C: Likewise.
* g++.dg/ext/flexary4.C: Likewise.
* g++.dg/ext/flexary5.C: Likewise.
* g++.dg/ext/flexary8.C: Likewise.
* g++.dg/torture/pr64280.C: Likewise.
* gcc.dg/20050620-1.c: Likewise.
* gcc.dg/940510-1.c: Likewise.
---
.../c-c++-common/builtin-clear-padding-3.c| 10 ++--
gcc/testsuite/g++.dg/ext/flexary12.C | 6 +--
gcc/testsuite/g++.dg/ext/flexary19.C | 42 +++
gcc/testsuite/g++.dg/ext/flexary2.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary3.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary36.C | 2 +-
gcc/testsuite/g++.dg/ext/flexary4.C | 54 +--
gcc/testsuite/g++.dg/ext/flexary5.C | 4 +-
gcc/testsuite/g++.dg/ext/flexary8.C | 8 +--
gcc/testsuite/g++.dg/torture/pr64280.C| 2 +-
gcc/testsuite/gcc.dg/20050620-1.c | 2 +-
gcc/testsuite/gcc.dg/940510-1.c | 4 +-
12 files changed, 68 insertions(+), 70 deletions(-)
diff --git a/gcc/testsuite/c-c++-common/builtin-clear-padding-3.c
b/gcc/testsuite/c-c++-common/builtin-clear-padding-3.c
index d16cc6aad05f..a4f49f26db14 100644
--- a/gcc/testsuite/c-c++-common/builtin-clear-padding-3.c
+++ b/gcc/testsuite/c-c++-common/builtin-clear-padding-3.c
@@ -2,14 +2,12 @@
/* { dg-do compile } */
/* { dg-options "" } */
-union U { int a; char b[] __attribute__((aligned (2 * sizeof (int; };
/* { dg-error "flexible array member in union" } */
+union U { int a; char b[] __attribute__((aligned (2 * sizeof (int; };
struct V { int a; union U b; };
-struct W { int a; union U b; int c; };
void
-foo (union U *u, struct V *v, struct W *w)
+foo (union U *u, struct V *v)
{
- __builtin_clear_padding (u);
- __builtin_clear_padding (v);
- __builtin_clear_padding (w);
+ __builtin_clear_padding (u); /* { dg-error "flexible array member" "does not
have well defined padding bits" } */
+ __builtin_clear_padding (v); /* { dg-error "flexible array member" "does not
have well defined padding bits" } */
}
diff --git a/gcc/testsuite/g++.dg/ext/flexary12.C
b/gcc/testsuite/g++.dg/ext/flexary12.C
index b0964948731d..6ba4b6417135 100644
--- a/gcc/testsuite/g++.dg/ext/flexary12.C
+++ b/gcc/testsuite/g++.dg/ext/flexary12.C
@@ -6,7 +6,7 @@
// { dg-options "-Wno-pedantic" }
struct A {
- int a []; // { dg-error "flexible array member .A::a. in an otherwise empty
.struct A." }
+ int a [];
};
void f1 ()
@@ -40,7 +40,7 @@ void f2 ()
}
struct D {
- int a []; // { dg-error "flexible array member .D::a. in an otherwise empty
.struct D." }
+ int a [];
D ();
};
@@ -52,7 +52,7 @@ D::D ():// { dg-error "initializer for flexible array
member" }
template
struct C {
- T a []; // { dg-error "flexible array member" }
+ T a [];
};
void f3 ()
diff --git a/gcc/testsuite/g++.dg/ext/flexary19.C
b/gcc/testsuite/g++.dg/ext/flexary19.C
index abfbc43028af..9a06f9ca758f 100644
--- a/gcc/testsuite/g++.dg/ext/flexary19.C
+++ b/gcc/testsuite/g++.dg/ext/flexary19.C
@@ -12,7 +12,7 @@ struct S1
// The following declares a named data member of an unnamed struct
// (i.e., it is not an anonymous struct).
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} s;
};
@@ -21,7 +21,7 @@ struct S2
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} s[1];
};
@@ -30,7 +30,7 @@ struct S3
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} s[];
};
@@ -39,7 +39,7 @@ struct S4
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} s[2];
};
@@ -48,7 +48,7 @@ struct S5
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} s[1][2];
};
@@ -57,7 +57,7 @@ struct S6
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} s[][2];
};
@@ -66,7 +66,7 @@ struct S7
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} *s;
};
@@ -75,7 +75,7 @@ struct S8
int i;
struct {
-int a[];// { dg-error "in an otherwise empty" }
+int a[];// { dg-warning "in an otherwise empty" }
} **s;
};
[RFC][PATCH v1 3/4] Add testing cases for flexible array members in unions and alone in structures.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-in-union-1.c: New test.
* gcc.dg/flex-array-in-union-2.c: New test.
---
gcc/testsuite/gcc.dg/flex-array-in-union-1.c | 37 +
gcc/testsuite/gcc.dg/flex-array-in-union-2.c | 42
2 files changed, 79 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-in-union-1.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-in-union-2.c
diff --git a/gcc/testsuite/gcc.dg/flex-array-in-union-1.c
b/gcc/testsuite/gcc.dg/flex-array-in-union-1.c
new file mode 100644
index ..2a532d77c1dd
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-in-union-1.c
@@ -0,0 +1,37 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structure. */
+/* { dg-do run} */
+/* { dg-options "-O2 -Wpedantic" } */
+
+union with_fam_1 {
+ int a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_2 {
+ char a;
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+union with_fam_3 {
+ char a[]; /* { dg-warning " flexible array member in union is a GCC
extension" } */
+ int b[]; /* { dg-warning "flexible array member in union is a GCC
extension" } */
+};
+
+struct only_fam {
+ int b[]; /* { dg-warning "flexible array member in a struct with no named
members is a GCC extension" } */
+};
+
+int main ()
+{
+ if (sizeof (union with_fam_1) != sizeof (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_2) != __alignof__ (int))
+__builtin_abort ();
+ if (sizeof (union with_fam_3) != 0)
+__builtin_abort ();
+ if (sizeof (struct only_fam) != 0)
+__builtin_abort ();
+ return 0;
+}
+
diff --git a/gcc/testsuite/gcc.dg/flex-array-in-union-2.c
b/gcc/testsuite/gcc.dg/flex-array-in-union-2.c
new file mode 100644
index ..130124bbe653
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-in-union-2.c
@@ -0,0 +1,42 @@
+/* testing the correct usage of flexible array members in unions
+ and alone in structure: initialization */
+/* { dg-do run} */
+/* { dg-options "-O2" } */
+
+union with_fam_1 {
+ int a;
+ int b[];
+} with_fam_1_v = {.b = {1, 2, 3, 4}};
+
+union with_fam_2 {
+ int a;
+ char b[];
+} with_fam_2_v = {.a = 0x1f2f3f4f};
+
+union with_fam_3 {
+ char a[];
+ int b[];
+} with_fam_3_v = {.b = {0x1f2f3f4f, 0x5f6f7f7f}};
+
+struct only_fam {
+ int b[];
+} only_fam_v = {{7, 11}};
+
+int main ()
+{
+ if (with_fam_1_v.b[3] != 4
+ || with_fam_1_v.b[0] != 1)
+__builtin_abort ();
+ if (with_fam_2_v.b[3] != 0x1f
+ || with_fam_2_v.b[0] != 0x4f)
+__builtin_abort ();
+ if (with_fam_3_v.a[0] != 0x4f
+ || with_fam_3_v.a[7] != 0x5f)
+__builtin_abort ();
+ if (only_fam_v.b[0] != 7
+ || only_fam_v.b[1] != 11)
+__builtin_abort ();
+
+ return 0;
+}
+
--
2.31.1
[RFC][PATCH v1 1/4] Documentation change
for allow flexible array members in unions and alone in structures [PR53548]
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a structure has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in a union or alone
in a structure for a long time. (though I didn't see any official documentation
on such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-length arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
gcc/ChangeLog:
* doc/extend.texi: Add documentation for Flexible Array Members in
Unions and Flexible Array Members alone in Structures.
---
gcc/doc/extend.texi | 37 +
1 file changed, 37 insertions(+)
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 7b54a241a7bf..b12ce5fb9b87 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -42,6 +42,8 @@ extensions, accepted by GCC in C90 mode and in C++.
* Named Address Spaces::Named address spaces.
* Zero Length:: Zero-length arrays.
* Empty Structures::Structures with no members.
+* Flexible Array Members in Unions:: Unions with Flexible Array Members.
+* Flexible Array Members alone in Structures:: Structures with only Flexible
Array Members.
* Variable Length:: Arrays whose length is computed at run time.
* Variadic Macros:: Macros with a variable number of arguments.
* Escaped Newlines::Slightly looser rules for escaped newlines.
@@ -1873,6 +1875,41 @@ The structure has size zero. In C++, empty structures
are part
of the language. G++ treats empty structures as if they had a single
member of type @code{char}.
+@node Flexible Array Members in Unions
+@section Unions with Flexible Array Members
+@cindex unions with flexible array members
+@cindex unions with FAMs
+
+GCC permits a C99 flexible array member (FAM) to be in a union:
+
+@smallexample
+union with_fam @{
+ int a;
+ int b[];
+@};
+@end smallexample
+
+The size of the union is as if the flexiable array member were omitted
+except that it may have more trailing padding than the omission would imply.
+
+If all the members of a union are flexiable array member, the size of
+such union is zero.
+
+@node Flexible Array Members alone in Structures
+@section Structures with only Flexible Array Members
+@cindex structures with only flexible array members
+@cindex structures with only FAMs
+
+GCC permits a C99 flexible array member (FAM) to be alone in a structure:
+
+@smallexample
+struct only_fam @{
+ int b[];
+@};
+@end smallexample
+
+The size of such structure gives the size zero.
+
@node Variable Length
@section Arrays of Variable Length
@cindex variable-length arrays
--
2.31.1
[RFC][PATCH v1 2/4] C and C++ FE changes to support flexible array members in unions and alone in structures.
gcc/c/ChangeLog:
* c-decl.cc (finish_struct): Change errors to pedwarns for the cases
flexible array members in union or alone in structures.
gcc/cp/ChangeLog:
* class.cc (diagnose_flexarrays): Change error to pdewarn for the case
flexible array members alone in structures.
* decl.cc (grokdeclarator): Change error to pdewarn for the case
flexible array members in unions.
gcc/ChangeLog:
* stor-layout.cc (place_union_field): Use zero sizes for flexible array
member fields.
---
gcc/c/c-decl.cc| 16 +---
gcc/cp/class.cc| 11 ---
gcc/cp/decl.cc | 7 +++
gcc/stor-layout.cc | 9 +++--
4 files changed, 23 insertions(+), 20 deletions(-)
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index 345090dae38b..947f3cd589eb 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -9471,11 +9471,8 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
if (flexible_array_member_type_p (TREE_TYPE (x)))
{
if (TREE_CODE (t) == UNION_TYPE)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in union");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in union is a GCC extension");
else if (!is_last_field)
{
error_at (DECL_SOURCE_LOCATION (x),
@@ -9483,12 +9480,9 @@ finish_struct (location_t loc, tree t, tree fieldlist,
tree attributes,
TREE_TYPE (x) = error_mark_node;
}
else if (!saw_named_field)
- {
- error_at (DECL_SOURCE_LOCATION (x),
- "flexible array member in a struct with no named "
- "members");
- TREE_TYPE (x) = error_mark_node;
- }
+ pedwarn (DECL_SOURCE_LOCATION (x), OPT_Wpedantic,
+"flexible array member in a struct with no named "
+"members is a GCC extension");
}
if (pedantic && TREE_CODE (t) == RECORD_TYPE
diff --git a/gcc/cp/class.cc b/gcc/cp/class.cc
index 5f258729940b..0c8afb72550f 100644
--- a/gcc/cp/class.cc
+++ b/gcc/cp/class.cc
@@ -7624,6 +7624,7 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
bool diagd = false;
const char *msg = 0;
+ const char *msg_fam = 0;
if (TYPE_DOMAIN (TREE_TYPE (fmem->array)))
{
@@ -7649,15 +7650,19 @@ diagnose_flexarrays (tree t, const flexmems_t *fmem)
if (fmem->after[0])
msg = G_("flexible array member %qD not at end of %q#T");
else if (!fmem->first)
- msg = G_("flexible array member %qD in an otherwise empty %q#T");
+ msg_fam = G_("flexible array member %qD in an otherwise"
+" empty %q#T is a GCC extension");
- if (msg)
+ if (msg || msg_fam)
{
location_t loc = DECL_SOURCE_LOCATION (fmem->array);
diagd = true;
auto_diagnostic_group d;
- error_at (loc, msg, fmem->array, t);
+ if (msg)
+ error_at (loc, msg, fmem->array, t);
+ else
+ pedwarn (loc, OPT_Wpedantic, msg_fam, fmem->array, t);
/* In the unlikely event that the member following the flexible
array member is declared in a different class, or the member
diff --git a/gcc/cp/decl.cc b/gcc/cp/decl.cc
index 65ab64885ff8..9a91c6f80da1 100644
--- a/gcc/cp/decl.cc
+++ b/gcc/cp/decl.cc
@@ -14566,10 +14566,9 @@ grokdeclarator (const cp_declarator *declarator,
if (ctype
&& (TREE_CODE (ctype) == UNION_TYPE
|| TREE_CODE (ctype) == QUAL_UNION_TYPE))
- {
- error_at (id_loc, "flexible array member in union");
- type = error_mark_node;
- }
+ pedwarn (id_loc, OPT_Wpedantic,
+ "flexible array member in union is a GCC extension");
+
else
{
/* Array is a flexible member. */
diff --git a/gcc/stor-layout.cc b/gcc/stor-layout.cc
index e34be19689c0..10c0809914cd 100644
--- a/gcc/stor-layout.cc
+++ b/gcc/stor-layout.cc
@@ -1245,13 +1245,18 @@ place_union_field (record_layout_info rli, tree field)
&& TYPE_TYPELESS_STORAGE (TREE_TYPE (field)))
TYPE_TYPELESS_STORAGE (rli->t) = 1;
+ /* We might see a flexible array member field (with no DECL_SIZE_UNIT), use
+ zero size for such field. */
+ tree field_size_unit = DECL_SIZE_UNIT (field)
+? DECL_SIZE_UNIT (field)
+: build_int_cst (sizetype, 0);
/* We assume the union's size will be a multiple of a byte so we don't
bother with BITPOS. */
if (TREE_CODE (rli->t) == UNION_TYPE)
-rli->offset = size_binop (MAX_EXPR, rli->offset, DECL_SIZE_UNIT (field));
+rli->offset = size_binop (MAX_EXPR, rli->offset,
[RFC][PATCH v1 0/4] Allow flexible array members in unions and alone in structures [PR53548]
Hi,
The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a struct has been made a long time ago around 2012
for supporting several practical cases including glibc.
A GCC PR has been opened for such request at that time:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548
However, this PR was closed as WONTFIX around 2015 due to the following reason:
"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in union or alone
in structs for a long time. (though I didn't see any official documentation on
such extension)
It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.
However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-lenghth arrays eventually
will be replaced by C99 flexiable array member completely.
Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).
For example, these do not error by default with GCC:
union one {
int a;
int b[0];
};
union two {
int a;
struct {
struct { } __empty;
int b[];
};
};
But these do:
union three {
int a;
int b[];
};
struct four {
int b[];
}
Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428
GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns.
The patch set includes:
1. Documentation change.
Allow flexible array members in unions and alone in structures
[PR53548]
2. C and C++ FE changes to support flexible array members in unions and
alone in structures.
3. Add testing cases for flexible array members in unions and alone in
structures.
4. Adjust testcases for flexible array member in union and alone in
structure extension.
[PATCH v9 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
gcc/c-family/ChangeLog:
* c-ubsan.cc (get_bound_from_access_with_size): New function.
(ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-4.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
---
gcc/c-family/c-ubsan.cc | 42 +
.../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
.../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
.../ubsan/flex-array-counted-by-bounds-4.c| 34 ++
.../ubsan/flex-array-counted-by-bounds.c | 46 +++
5 files changed, 201 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 940982819ddf..7cd3c6aa5b88 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data));
}
+/* Get the tree that represented the number of counted_by, i.e, the maximum
+ number of the elements of the object that the call to .ACCESS_WITH_SIZE
+ points to, this number will be the bound of the corresponding array. */
+static tree
+get_bound_from_access_with_size (tree call)
+{
+ if (!is_access_with_size_p (call))
+return NULL_TREE;
+
+ tree ref_to_size = CALL_EXPR_ARG (call, 1);
+ unsigned int class_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
+ tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
+ tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
+ build_int_cst (ptr_type_node, 0));
+ /* If size is negative value, treat it as zero. */
+ if (!TYPE_UNSIGNED (type))
+ {
+tree cond = fold_build2 (LT_EXPR, boolean_type_node,
+unshare_expr (size), build_zero_cst (type));
+size = fold_build3 (COND_EXPR, type, cond,
+ build_zero_cst (type), size);
+ }
+
+ /* Only when class_of_size is 1, i.e, the number of the elements of
+ the object type, return the size. */
+ if (class_of_size != 1)
+return NULL_TREE;
+ else
+size = fold_convert (sizetype, size);
+
+ return size;
+}
+
+
/* Instrument array bounds for ARRAY_REFs. We create special builtin,
that gets expanded in the sanopt pass, and make an array dimension
of it. ARRAY is the array, *INDEX is an index to the array.
@@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree
*index,
&& COMPLETE_TYPE_P (type)
&& integer_zerop (TYPE_SIZE (type)))
bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
+ else if (INDIRECT_REF_P (array)
+ && is_access_with_size_p ((TREE_OPERAND (array, 0
+ {
+ bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
+ bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
+ bound,
+ build_int_cst (TREE_TYPE (bound), 1));
+ }
else
return NULL_TREE;
}
diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
new file mode 100644
index ..b503320628d2
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
@@ -0,0 +1,45 @@
+/* Test the attribute counted_by and its usage in
+ bounds sanitizer combined with VLA. */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-output "index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int
\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+
+
+#include
+
+void __attribute__((__noinline__)) setup_and_test_vla (int n, int m)
+{
+ struct foo {
+ int n;
+ int p[][n] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n]));
+ f->n = m;
+ f->p[m][n-1]=1;
+ return;
+}
+
+void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, int m)
+{
+ struct foo {
+int n;
+int p[][n2][n1] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc
[PATCH v9 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): New function.
(call_object_size): Call the new function.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
* gcc.dg/flex-array-counted-by-3.c: New test.
* gcc.dg/flex-array-counted-by-4.c: New test.
* gcc.dg/flex-array-counted-by-5.c: New test.
---
.../gcc.dg/builtin-object-size-common.h | 11 ++
.../gcc.dg/flex-array-counted-by-3.c | 63 +++
.../gcc.dg/flex-array-counted-by-4.c | 178 ++
.../gcc.dg/flex-array-counted-by-5.c | 48 +
gcc/tree-object-size.cc | 60 ++
5 files changed, 360 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
index 66ff7cdd953a..b677067c6e6b 100644
--- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
+++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
@@ -30,3 +30,14 @@ unsigned nfails = 0;
__builtin_abort ();\
return 0;\
} while (0)
+
+#define EXPECT(p, _v) do { \
+ size_t v = _v; \
+ if (p == v)\
+__builtin_printf ("ok: %s == %zd\n", #p, p);\
+ else \
+{\
+ __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v);\
+ FAIL (); \
+}\
+} while (0);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
new file mode 100644
index ..78f50230e891
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
@@ -0,0 +1,63 @@
+/* Test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+struct flex {
+ int b;
+ int c[];
+} *array_flex;
+
+struct annotated {
+ int b;
+ int c[] __attribute__ ((counted_by (b)));
+} *array_annotated;
+
+struct nested_annotated {
+ struct {
+union {
+ int b;
+ float f;
+};
+int n;
+ };
+ int c[] __attribute__ ((counted_by (b)));
+} *array_nested_annotated;
+
+void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
+{
+ array_flex
+= (struct flex *)malloc (sizeof (struct flex)
++ normal_count * sizeof (int));
+ array_flex->b = normal_count;
+
+ array_annotated
+= (struct annotated *)malloc (sizeof (struct annotated)
+ + attr_count * sizeof (int));
+ array_annotated->b = attr_count;
+
+ array_nested_annotated
+= (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
++ attr_count * sizeof (int));
+ array_nested_annotated->b = attr_count;
+
+ return;
+}
+
+void __attribute__((__noinline__)) test ()
+{
+EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1);
+EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1),
+ array_annotated->b * sizeof (int));
+EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1),
+ array_nested_annotated->b * sizeof (int));
+}
+
+int main(int argc, char *argv[])
+{
+ setup (10,10);
+ test ();
+ DONE ();
+}
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
new file mode 100644
index ..20103d58ef51
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
@@ -0,0 +1,178 @@
+/* Test the attribute counted_by and its usage in
+__builtin_dynamic_object_size: what's the correct behavior when the
+allocation size mismatched with the value of counted_by attribute?
+We should always use the latest value that is hold by the counted_by
+field. */
+/* { dg-do run } */
+/* { dg-options "-O -fstrict-flex-arrays=3" } */
+
+#include "builtin-object-size-common.h"
+
+struct annotated {
+ size_t foo;
+ char others;
+ char array[] __attribute__((counted_by (foo)));
+};
+
+#define noinline __attribute__((__noinline__))
+#define SIZE_BUMP 10
+#define MAX(a, b) ((a) > (b) ? (a) : (b))
+
+/* In general, Due to type casting, the type for the pointee of a pointer
+ does not say
[PATCH v9 5/5] Add the 6th argument to .ACCESS_WITH_SIZE
to carry the TYPE of the flexible array.
Such information is needed during tree-object-size.cc.
We cannot use the result type or the type of the 1st argument
of the routine .ACCESS_WITH_SIZE to decide the element type
of the original array due to possible type casting in the
source code.
gcc/c/ChangeLog:
* c-typeck.cc (build_access_with_size_for_counted_by): Add the 6th
argument to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): Use the type
of the 6th argument for the type of the element.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-6.c: New test.
---
gcc/c/c-typeck.cc | 11 +++--
gcc/internal-fn.cc| 2 +
.../gcc.dg/flex-array-counted-by-6.c | 46 +++
gcc/tree-object-size.cc | 16 ---
4 files changed, 66 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index ff6685c6c4ba..0ea3b75355a4 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -2640,7 +2640,8 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
to:
- (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1))
+ (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1,
+ (TYPE_OF_ARRAY *)0))
NOTE: The return type of this function is the POINTER type pointing
to the original flexible array type.
@@ -2652,6 +2653,9 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
The 4th argument of the call is a constant 0 with the TYPE of the
object pointed by COUNTED_BY_REF.
+ The 6th argument of the call is a constant 0 with the pointer TYPE
+ to the original flexible array type.
+
*/
static tree
build_access_with_size_for_counted_by (location_t loc, tree ref,
@@ -2664,12 +2668,13 @@ build_access_with_size_for_counted_by (location_t loc,
tree ref,
tree call
= build_call_expr_internal_loc (loc, IFN_ACCESS_WITH_SIZE,
- result_type, 5,
+ result_type, 6,
array_to_pointer_conversion (loc, ref),
counted_by_ref,
build_int_cst (integer_type_node, 1),
build_int_cst (counted_by_type, 0),
- build_int_cst (integer_type_node, -1));
+ build_int_cst (integer_type_node, -1),
+ build_int_cst (result_type, 0));
/* Wrap the call with an INDIRECT_REF with the flexible array type. */
call = build1 (INDIRECT_REF, TREE_TYPE (ref), call);
SET_EXPR_LOCATION (call, loc);
diff --git a/gcc/internal-fn.cc b/gcc/internal-fn.cc
index e744080ee670..34e4a4aea534 100644
--- a/gcc/internal-fn.cc
+++ b/gcc/internal-fn.cc
@@ -3411,6 +3411,8 @@ expand_DEFERRED_INIT (internal_fn, gcall *stmt)
1: read_only
2: write_only
3: read_write
+ 6th argument: A constant 0 with the pointer TYPE to the original flexible
+ array type.
Both the return type and the type of the first argument of this
function have been converted from the incomplete array type to
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
new file mode 100644
index ..65fa01443d95
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
@@ -0,0 +1,46 @@
+/* Test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size: when the type of the flexible array member
+ * is casting to another type. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+typedef unsigned short u16;
+
+struct info {
+ u16 data_len;
+ char data[] __attribute__((counted_by(data_len)));
+};
+
+struct foo {
+ int a;
+ int b;
+};
+
+static __attribute__((__noinline__))
+struct info *setup ()
+{
+ struct info *p;
+ size_t bytes = 3 * sizeof(struct foo);
+
+ p = (struct info *)malloc (sizeof (struct info) + bytes);
+ p->data_len = bytes;
+
+ return p;
+}
+
+static void
+__attribute__((__noinline__)) report (struct info *p)
+{
+ struct foo *bar = (struct foo *)p->data;
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 1), 1), 16);
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 2), 1), 8);
+}
+
+int main(int argc, char *argv[])
+{
+ struct info *p = setup();
+ report(p);
+ return 0;
+}
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 8de264d1dee2..4c1fa9b555fa 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -762,9 +762,11 @@ addr_object_size (struct object_size_info *osi, const_tree
ptr,
1: the number of the elements of the object type;
4th argument
[PATCH v9 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
Including the following changes:
* The definition of the new internal function .ACCESS_WITH_SIZE
in internal-fn.def.
* C FE converts every reference to a FAM with a "counted_by" attribute
to a call to the internal function .ACCESS_WITH_SIZE.
(build_component_ref in c_typeck.cc)
This includes the case when the object is statically allocated and
initialized.
In order to make this working, the routines initializer_constant_valid_p_1
and output_constant in varasm.cc are updated to handle calls to
.ACCESS_WITH_SIZE.
(initializer_constant_valid_p_1 and output_constant in varasm.c)
However, for the reference inside "offsetof", the "counted_by" attribute is
ignored since it's not useful at all.
(c_parser_postfix_expression in c/c-parser.cc)
In addtion to "offsetof", for the reference inside operator "typeof" and
"alignof", we ignore counted_by attribute too.
When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE,
replace the call with its first argument.
* Convert every call to .ACCESS_WITH_SIZE to its first argument.
(expand_ACCESS_WITH_SIZE in internal-fn.cc)
* Adjust alias analysis to exclude the new internal from clobbering anything.
(ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc)
* Adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE when
it's LHS is eliminated as dead code.
(eliminate_unnecessary_stmts in tree-ssa-dce.cc)
* Provide the utility routines to check the call is .ACCESS_WITH_SIZE and
get the reference from the call to .ACCESS_WITH_SIZE.
(is_access_with_size_p and get_ref_from_access_with_size in tree.cc)
gcc/c/ChangeLog:
* c-parser.cc (c_parser_postfix_expression): Ignore the counted-by
attribute when build_component_ref inside offsetof operator.
* c-tree.h (build_component_ref): Add one more parameter.
* c-typeck.cc (build_counted_by_ref): New function.
(build_access_with_size_for_counted_by): New function.
(build_component_ref): Check the counted-by attribute and build
call to .ACCESS_WITH_SIZE.
(build_unary_op): When building ADDR_EXPR for
.ACCESS_WITH_SIZE, use its first argument.
(lvalue_p): Accept call to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* internal-fn.cc (expand_ACCESS_WITH_SIZE): New function.
* internal-fn.def (ACCESS_WITH_SIZE): New internal function.
* tree-ssa-alias.cc (ref_maybe_used_by_call_p_1): Special case
IFN_ACCESS_WITH_SIZE.
(call_may_clobber_ref_p_1): Special case IFN_ACCESS_WITH_SIZE.
* tree-ssa-dce.cc (eliminate_unnecessary_stmts): Eliminate the call
to .ACCESS_WITH_SIZE when its LHS is dead.
* tree.cc (process_call_operands): Adjust side effect for function
.ACCESS_WITH_SIZE.
(is_access_with_size_p): New function.
(get_ref_from_access_with_size): New function.
* tree.h (is_access_with_size_p): New prototype.
(get_ref_from_access_with_size): New prototype.
* varasm.cc (initializer_constant_valid_p_1): Handle call to
.ACCESS_WITH_SIZE.
(output_constant): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-2.c: New test.
---
gcc/c/c-parser.cc | 10 +-
gcc/c/c-tree.h| 2 +-
gcc/c/c-typeck.cc | 128 +-
gcc/internal-fn.cc| 35 +
gcc/internal-fn.def | 4 +
.../gcc.dg/flex-array-counted-by-2.c | 112 +++
gcc/tree-ssa-alias.cc | 2 +
gcc/tree-ssa-dce.cc | 5 +-
gcc/tree.cc | 25 +++-
gcc/tree.h| 8 ++
gcc/varasm.cc | 10 ++
11 files changed, 331 insertions(+), 10 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-2.c
diff --git a/gcc/c/c-parser.cc b/gcc/c/c-parser.cc
index c31349dae2ff..a6ed5ac43bb1 100644
--- a/gcc/c/c-parser.cc
+++ b/gcc/c/c-parser.cc
@@ -10850,9 +10850,12 @@ c_parser_postfix_expression (c_parser *parser)
if (c_parser_next_token_is (parser, CPP_NAME))
{
c_token *comp_tok = c_parser_peek_token (parser);
+ /* Ignore the counted_by attribute for reference inside
+ offsetof since the information is not useful at all. */
offsetof_ref
= build_component_ref (loc, offsetof_ref, comp_tok->value,
-comp_tok->location, UNKNOWN_LOCATION);
+comp_tok->location, UNKNOWN_LOCATION,
+false);
c_parser_consume_token (parser);
while (c_parser_next_token_is (parser, CPP_DOT)
||
[PATCH v9 1/5] Provide counted_by attribute to flexible array member field (PR108896)
'counted_by (COUNT)'
The 'counted_by' attribute may be attached to the C99 flexible
array member of a structure. It indicates that the number of the
elements of the array is given by the field "COUNT" in the
same structure as the flexible array member.
GCC may use this information to improve detection of object size
information
for such structures and provide better results in compile-time diagnostics
and runtime features like the array bound sanitizer and
the '__builtin_dynamic_object_size'.
For instance, the following code:
struct P {
size_t count;
char other;
char array[] __attribute__ ((counted_by (count)));
} *p;
specifies that the 'array' is a flexible array member whose number
of elements is given by the field 'count' in the same structure.
The field that represents the number of the elements should have an
integer type. Otherwise, the compiler reports an error and
ignores the attribute.
When the field that represents the number of the elements is assigned a
negative integer value, the compiler treats the value as zero.
An explicit 'counted_by' annotation defines a relationship between
two objects, 'p->array' and 'p->count', and there are the following
requirementthat on the relationship between this pair:
* 'p->count' must be initialized before the first reference to
'p->array';
* 'p->array' has _at least_ 'p->count' number of elements
available all the time. This relationship must hold even
after any of these related objects are updated during the
program.
It's the user's responsibility to make sure the above requirements
to be kept all the time. Otherwise the compiler reports
warnings, at the same time, the results of the array bound
sanitizer and the '__builtin_dynamic_object_size' is undefined.
One important feature of the attribute is, a reference to the
flexible array member field uses the latest value assigned to
the field that represents the number of the elements before that
reference. For example,
p->count = val1;
p->array[20] = 0; // ref1 to p->array
p->count = val2;
p->array[30] = 0; // ref2 to p->array
in the above, 'ref1' uses 'val1' as the number of the elements
in 'p->array', and 'ref2' uses 'val2' as the number of elements
in 'p->array'.
gcc/c-family/ChangeLog:
PR C/108896
* c-attribs.cc (handle_counted_by_attribute): New function.
(attribute_takes_identifier_p): Add counted_by attribute to the list.
* c-common.cc (c_flexible_array_member_type_p): ...To this.
* c-common.h (c_flexible_array_member_type_p): New prototype.
gcc/c/ChangeLog:
PR C/108896
* c-decl.cc (flexible_array_member_type_p): Renamed and moved to...
(add_flexible_array_elts_to_size): Use renamed function.
(is_flexible_array_member_p): Use renamed function.
(verify_counted_by_attribute): New function.
(finish_struct): Use renamed function and verify counted_by
attribute.
* c-tree.h (lookup_field): New prototype.
* c-typeck.cc (lookup_field): Expose as extern function.
(tagged_types_tu_compatible_p): Check counted_by attribute for
structure type.
gcc/ChangeLog:
PR C/108896
* doc/extend.texi: Document attribute counted_by.
gcc/testsuite/ChangeLog:
PR C/108896
* gcc.dg/flex-array-counted-by.c: New test.
* gcc.dg/flex-array-counted-by-7.c: New test.
* gcc.dg/flex-array-counted-by-8.c: New test.
---
gcc/c-family/c-attribs.cc | 68 +-
gcc/c-family/c-common.cc | 13 ++
gcc/c-family/c-common.h | 1 +
gcc/c/c-decl.cc | 78 ---
gcc/c/c-tree.h| 1 +
gcc/c/c-typeck.cc | 37 -
gcc/doc/extend.texi | 68 ++
.../gcc.dg/flex-array-counted-by-7.c | 8 ++
.../gcc.dg/flex-array-counted-by-8.c | 127 ++
gcc/testsuite/gcc.dg/flex-array-counted-by.c | 62 +
10 files changed, 442 insertions(+), 21 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-7.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-8.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by.c
diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
index 40a0cf90295d..39e5824ee7a5 100644
--- a/gcc/c-family/c-attribs.cc
+++ b/gcc/c-family/c-attribs.cc
@@ -105,6 +105,8 @@ static tree handle_warn_if_not_aligned_attribute (tree *,
tree, tree,
int, bool *);
static tree handle_strict_flex_array_attribute
[PATCH v9 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
Hi, This is the 9th version of the patch. Compare with the 8th version, the difference are: updates per Joseph's comments: 1. in C FE, add checking for counted_by attribute for the new multiple definitions of the same tag for C23 in the routine "tagged_types_tu_compatible_p". Add a new testing case flex-array-counted-by-8.c for this. This is for Patch 1; 2. two minor typo fixes in c-typeck.cc. This is for Patch 2; Approval status: Patch 2's C FE change has been approved with minor typo fixes (the above 2); Patch 4 has been approved; Patch 5's C FE change has been approved; Review status: Patch 3, Patch 2 and Patch 5's Middle-end change have been review by Sid, No issue. More review needed: Patch 1's new change to C FE (the above 1); Patch 2, 3 and 5's middle-end change need to be approved The 8th version is here: https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648559.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648560.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648561.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648562.html https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648563.html It based on the following original proposal: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html Represent the missing dependence for the "counted_by" attribute and its consumers **The summary of the proposal is: * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size information for every reference to a FAM field; * In C FE, Replace every reference to a FAM field whose TYPE has the "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; * In every consumer of the size information, for example, BDOS or array bound sanitizer, query the size information or ACCESS_MODE information from the new internal function; * When expansing to RTL, replace the internal function with the actual reference to the FAM field; * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the impact to the optimizer and code generation. **The new internal function .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE, ACCESS_MODE, TYPE_OF_REF) INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) which returns the "REF_TO_OBJ" same as the 1st argument; Both the return type and the type of the first argument of this function have been converted from the incomplete array type to the corresponding pointer type. The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is the original imcomplete array type. Please see the following link for why: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html 1st argument "REF_TO_OBJ": The reference to the object; 2nd argument "REF_TO_SIZE": The reference to the size of the object, 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE represents 0: the number of bytes; 1: the number of the elements of the object type; 4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object refed by REF_TO_SIZE 5th argument "ACCESS_MODE": -1: Unknown access semantics 0: none 1: read_only 2: write_only 3: read_write 6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to to the original flexible array type. ** The Patch sets included: 1. Provide counted_by attribute to flexible array member field; which includes: * "counted_by" attribute documentation; * C FE handling of the new attribute; syntax checking, error reporting; * testing cases; 2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE. which includes: * The definition of the new internal function .ACCESS_WITH_SIZE in internal-fn.def. * C FE converts every reference to a FAM with "counted_by" attribute to a call to the internal function .ACCESS_WITH_SIZE. (build_component_ref in c_typeck.cc) This includes the case when the object is statically allocated and initialized. In order to make this working, we should update initializer_constant_valid_p_1 and output_constant in varasm.cc to include calls to .ACCESS_WITH_SIZE. However, for the reference inside "offsetof", ignore the "counted_by" attribute since it's not useful at all. (c_parser_postfix_expression in c/c-parser.cc) In addtion to "offsetof", for the reference inside operator "typeof" and "alignof", we ignore counted_by attribute too. When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE, replace the call with its first argument. * Convert every call to .ACCESS_WITH_SIZE to its first argument. (expand_ACCESS_WITH_SIZE in internal-fn.cc) * adjust alias analysis to exclude the new internal from clobbering anything. (ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc)
Re: [PATCH v8 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
Sid and Richard,
The C FE changes in this patch has been approved by Joseph.
Could you please review the Middle-end change?
thanks.
Qing
> On Apr 10, 2024, at 14:36, Joseph Myers wrote:
>
> On Fri, 29 Mar 2024, Qing Zhao wrote:
>
>> +/* For a SUBDATUM field of a structure or union DATUM, generate a REF to
>> + the object that represents its counted_by per the attribute counted_by
>> + attached to this field if it's a flexible array member field, otherwise
>> + return NULL_TREE.
>> + set COUNTED_BY_TYPE to the TYPE of the counted_by field.
>
> Use an uppercase letter at the start of a sentence, "Set".
>
>> +static tree
>> +build_counted_by_ref (tree datum, tree subdatum, tree *counted_by_type)
>> +{
>> + tree type = TREE_TYPE (datum);
>> + if (!(c_flexible_array_member_type_p (TREE_TYPE (subdatum
>> +return NULL_TREE;
>
> There are redundant parentheses here around the call to
> c_flexible_array_member_type_p.
>
> The C front-end changes in this patch are OK for GCC 15 (after GCC 14 has
> branched, and once a version of patch 1 has also been approved) with those
> fixes.
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
Re: [PATCH v8 5/5] Add the 6th argument to .ACCESS_WITH_SIZE
Sid,
Thanks a lot for your review.
Richard,
Could you please comment on this patch? Is the middle-end part Okay for stage 1?
Thanks.
Qing
On Apr 10, 2024, at 17:48, Siddhesh Poyarekar wrote:
On 2024-03-29 12:07, Qing Zhao wrote:
to carry the TYPE of the flexible array.
Such information is needed during tree-object-size.cc.
We cannot use the result type or the type of the 1st argument
of the routine .ACCESS_WITH_SIZE to decide the element type
of the original array due to possible type casting in the
source code.
gcc/c/ChangeLog:
* c-typeck.cc (build_access_with_size_for_counted_by): Add the 6th
argument to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): Use the type
of the 6th argument for the type of the element.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-6.c: New test.
This version looks fine to me for stage 1, but I'm not a maintainer so you'll
need an ack from one to commit.
Thanks,
Sid
---
gcc/c/c-typeck.cc | 11 +++--
gcc/internal-fn.cc| 2 +
.../gcc.dg/flex-array-counted-by-6.c | 46 +++
gcc/tree-object-size.cc | 16 ---
4 files changed, 66 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index f7b0e08459b0..05948f76039e 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -2608,7 +2608,8 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
to:
- (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1))
+ (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1,
+ (TYPE_OF_ARRAY *)0))
NOTE: The return type of this function is the POINTER type pointing
to the original flexible array type.
@@ -2620,6 +2621,9 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
The 4th argument of the call is a constant 0 with the TYPE of the
object pointed by COUNTED_BY_REF.
+ The 6th argument of the call is a constant 0 with the pointer TYPE
+ to the original flexible array type.
+
*/
static tree
build_access_with_size_for_counted_by (location_t loc, tree ref,
@@ -2632,12 +2636,13 @@ build_access_with_size_for_counted_by (location_t loc,
tree ref,
tree call
= build_call_expr_internal_loc (loc, IFN_ACCESS_WITH_SIZE,
- result_type, 5,
+ result_type, 6,
array_to_pointer_conversion (loc, ref),
counted_by_ref,
build_int_cst (integer_type_node, 1),
build_int_cst (counted_by_type, 0),
- build_int_cst (integer_type_node, -1));
+ build_int_cst (integer_type_node, -1),
+ build_int_cst (result_type, 0));
/* Wrap the call with an INDIRECT_REF with the flexible array type. */
call = build1 (INDIRECT_REF, TREE_TYPE (ref), call);
SET_EXPR_LOCATION (call, loc);
diff --git a/gcc/internal-fn.cc b/gcc/internal-fn.cc
index e744080ee670..34e4a4aea534 100644
--- a/gcc/internal-fn.cc
+++ b/gcc/internal-fn.cc
@@ -3411,6 +3411,8 @@ expand_DEFERRED_INIT (internal_fn, gcall *stmt)
1: read_only
2: write_only
3: read_write
+ 6th argument: A constant 0 with the pointer TYPE to the original flexible
+ array type.
Both the return type and the type of the first argument of this
function have been converted from the incomplete array type to
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
new file mode 100644
index ..65fa01443d95
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
@@ -0,0 +1,46 @@
+/* Test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size: when the type of the flexible array member
+ * is casting to another type. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+typedef unsigned short u16;
+
+struct info {
+ u16 data_len;
+ char data[] __attribute__((counted_by(data_len)));
+};
+
+struct foo {
+ int a;
+ int b;
+};
+
+static __attribute__((__noinline__))
+struct info *setup ()
+{
+ struct info *p;
+ size_t bytes = 3 * sizeof(struct foo);
+
+ p = (struct info *)malloc (sizeof (struct info) + bytes);
+ p->data_len = bytes;
+
+ return p;
+}
+
+static void
+__attribute__((__noinline__)) report (struct info *p)
+{
+ struct foo *bar = (struct foo *)p->data;
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 1), 1), 16);
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 2), 1), 8);
+}
+
+int main(int argc, char *argv[])
+{
+ struct info *p = setup();
+ report(p);
+ return 0;
+}
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 8de264d1dee2..4c1fa9b555fa 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -762,9 +762,11 @@ addr_object_size (struct object_size_info *osi, const_tree
ptr,
1: the number of the e
Re: [PATCH v8 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
Sid,
Thanks a lot for the review.
> On Apr 10, 2024, at 17:46, Siddhesh Poyarekar wrote:
>
> On 2024-03-29 12:07, Qing Zhao wrote:
>> gcc/c-family/ChangeLog:
>> * c-ubsan.cc (get_bound_from_access_with_size): New function.
>> (ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
>> gcc/testsuite/ChangeLog:
>> * gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
>> * gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
>> * gcc.dg/ubsan/flex-array-counted-by-bounds-4.c: New test.
>> * gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
>> ---
>
> This version looks fine to me for stage 1, but I'm not a maintainer so you'll
> need an ack from one to commit.
This patch is purely C FE changes. Joseph already approved it.
thanks.
Qing
>
> Thanks,
> Sid
>
>> gcc/c-family/c-ubsan.cc | 42 +
>> .../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
>> .../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
>> .../ubsan/flex-array-counted-by-bounds-4.c| 34 ++
>> .../ubsan/flex-array-counted-by-bounds.c | 46 +++
>> 5 files changed, 201 insertions(+)
>> create mode 100644
>> gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
>> create mode 100644
>> gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
>> create mode 100644
>> gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c
>> create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
>> diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
>> index 940982819ddf..7cd3c6aa5b88 100644
>> --- a/gcc/c-family/c-ubsan.cc
>> +++ b/gcc/c-family/c-ubsan.cc
>> @@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
>>return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc,
>> data));
>> }
>> +/* Get the tree that represented the number of counted_by, i.e, the maximum
>> + number of the elements of the object that the call to .ACCESS_WITH_SIZE
>> + points to, this number will be the bound of the corresponding array. */
>> +static tree
>> +get_bound_from_access_with_size (tree call)
>> +{
>> + if (!is_access_with_size_p (call))
>> +return NULL_TREE;
>> +
>> + tree ref_to_size = CALL_EXPR_ARG (call, 1);
>> + unsigned int class_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
>> + tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
>> + tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
>> + build_int_cst (ptr_type_node, 0));
>> + /* If size is negative value, treat it as zero. */
>> + if (!TYPE_UNSIGNED (type))
>> + {
>> +tree cond = fold_build2 (LT_EXPR, boolean_type_node,
>> + unshare_expr (size), build_zero_cst (type));
>> +size = fold_build3 (COND_EXPR, type, cond,
>> +build_zero_cst (type), size);
>> + }
>> +
>> + /* Only when class_of_size is 1, i.e, the number of the elements of
>> + the object type, return the size. */
>> + if (class_of_size != 1)
>> +return NULL_TREE;
>> + else
>> +size = fold_convert (sizetype, size);
>> +
>> + return size;
>> +}
>> +
>> +
>> /* Instrument array bounds for ARRAY_REFs. We create special builtin,
>> that gets expanded in the sanopt pass, and make an array dimension
>> of it. ARRAY is the array, *INDEX is an index to the array.
>> @@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array,
>> tree *index,
>>&& COMPLETE_TYPE_P (type)
>>&& integer_zerop (TYPE_SIZE (type)))
>> bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
>> + else if (INDIRECT_REF_P (array)
>> + && is_access_with_size_p ((TREE_OPERAND (array, 0
>> +{
>> + bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
>> + bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
>> + bound,
>> + build_int_cst (TREE_TYPE (bound), 1));
>> +}
>>else
>> return NULL_TREE;
>> }
>> diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
>> b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
>> new file mode 100644
>> index ..b503320628d2
>> --- /dev/null
>> +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bou
Re: [PATCH v8 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
Sid,
Thanks a lot for your review!
> On Apr 10, 2024, at 17:45, Siddhesh Poyarekar wrote:
>
> On 2024-03-29 12:07, Qing Zhao wrote:
>> gcc/ChangeLog:
>> * tree-object-size.cc (access_with_size_object_size): New function.
>> (call_object_size): Call the new function.
>> gcc/testsuite/ChangeLog:
>> * gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
>> * gcc.dg/flex-array-counted-by-3.c: New test.
>> * gcc.dg/flex-array-counted-by-4.c: New test.
>> * gcc.dg/flex-array-counted-by-5.c: New test.
>
> This version looks fine to me for stage 1, but I'm not a maintainer so you'll
> need an ack from one to commit.
Richard,
Could you please comment on this patch? Is this one okay for stage 1?
Thanks
Qing
>
> Thanks,
> Sid
>
>> ---
>> .../gcc.dg/builtin-object-size-common.h | 11 ++
>> .../gcc.dg/flex-array-counted-by-3.c | 63 +++
>> .../gcc.dg/flex-array-counted-by-4.c | 178 ++
>> .../gcc.dg/flex-array-counted-by-5.c | 48 +
>> gcc/tree-object-size.cc | 60 ++
>> 5 files changed, 360 insertions(+)
>> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
>> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
>> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
>> diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
>> b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
>> index 66ff7cdd953a..b677067c6e6b 100644
>> --- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
>> +++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
>> @@ -30,3 +30,14 @@ unsigned nfails = 0;
>>__builtin_abort (); \
>> return 0;
>> \
>>} while (0)
>> +
>> +#define EXPECT(p, _v) do {\
>> + size_t v = _v; \
>> + if (p == v)
>> \
>> +__builtin_printf ("ok: %s == %zd\n", #p, p); \
>> + else
>> \
>> +{
>> \
>> + __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v);
>> \
>> + FAIL ();
>> \
>> +}
>> \
>> +} while (0);
>> diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
>> b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
>> new file mode 100644
>> index ..78f50230e891
>> --- /dev/null
>> +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
>> @@ -0,0 +1,63 @@
>> +/* Test the attribute counted_by and its usage in
>> + * __builtin_dynamic_object_size. */
>> +/* { dg-do run } */
>> +/* { dg-options "-O2" } */
>> +
>> +#include "builtin-object-size-common.h"
>> +
>> +struct flex {
>> + int b;
>> + int c[];
>> +} *array_flex;
>> +
>> +struct annotated {
>> + int b;
>> + int c[] __attribute__ ((counted_by (b)));
>> +} *array_annotated;
>> +
>> +struct nested_annotated {
>> + struct {
>> +union {
>> + int b;
>> + float f;
>> +};
>> +int n;
>> + };
>> + int c[] __attribute__ ((counted_by (b)));
>> +} *array_nested_annotated;
>> +
>> +void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
>> +{
>> + array_flex
>> += (struct flex *)malloc (sizeof (struct flex)
>> + + normal_count * sizeof (int));
>> + array_flex->b = normal_count;
>> +
>> + array_annotated
>> += (struct annotated *)malloc (sizeof (struct annotated)
>> + + attr_count * sizeof (int));
>> + array_annotated->b = attr_count;
>> +
>> + array_nested_annotated
>> += (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
>> + + attr_count * sizeof (int));
>> + array_nested_annotated->b = attr_count;
>> +
>> + return;
>> +}
>> +
>> +void __attribute__((__n
Re: [PATCH v8 1/5] Provide counted_by attribute to flexible array member field (PR108896)
> On Apr 10, 2024, at 17:56, Joseph Myers wrote:
>
> On Wed, 10 Apr 2024, Qing Zhao wrote:
>
>> Okay, the above is very clear, thanks a lot for the explanation.
>> So, basically, for “counted-by” attribute:
>> **The following is good:
>> struct f {
>> int b;
>> int c;
>> int a[] __attribute__ ((counted_by (b))) };
>> struct f {
>> int b;
>> int c;
>> int a[] __attribute__ ((counted_by (b))) };
>>
>> **The following should error:
>>
>> struct f {
>> int b;
>> int c;
>> int a[] __attribute__ ((counted_by (b))) };
>> struct f {
>> int b;
>> int c;
>> int a[] __attribute__ ((counted_by (c))) }; /* error here */
>>
>> For the same tag in different scopes case:
>>
>> struct f {
>> int b;
>> int c;
>> int a[] __attribute__ ((counted_by (b))) } y0;
>>
>> void test1(void)
>> {
>> struct f {
>> int b;
>> int c;
>> int a[] __attribute__ ((counted_by (c))) } x;
>>
>> y0 = x; /* will report incompatible type error here */
>> }
>>
>> Are the above complete?
>
> Yes, that looks like what should be tested (with the addition of the case
> of same tag, different scopes, same counted_by so compatible).
Okay, thanks for the help.
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
Re: [PATCH v8 1/5] Provide counted_by attribute to flexible array member field (PR108896)
> On Apr 11, 2024, at 02:02, Martin Uecker wrote:
>
> Am Mittwoch, dem 10.04.2024 um 19:35 + schrieb Qing Zhao:
>>
>>> On Apr 10, 2024, at 15:05, Martin Uecker wrote:
>>>
>>> Am Mittwoch, dem 10.04.2024 um 20:25 +0200 schrieb Martin Uecker:
>>>> Am Mittwoch, dem 10.04.2024 um 17:35 + schrieb Joseph Myers:
>>>>> On Fri, 29 Mar 2024, Qing Zhao wrote:
>>>>>
>>>>>> + /* Issue error when there is a counted_by attribute with a different
>>>>>> + field as the argument for the same flexible array member field. */
>>>>>
>>>>> There's another case of this to consider, though I'm not sure where best
>>>>> to check for it (Martin might have suggestions) - of course this case
>>>>> will
>>>>> need testcases as well.
>>>>>
>>>>> Suppose, as allowed in C23, a structure is defined twice in the same
>>>>> scope, but the two definitions of the structure use inconsistent
>>>>> counted_by attributes. I'd say that, when the declarations are in the
>>>>> same scope (thus required to be consistent), it should be an error for
>>>>> the
>>>>> two definitions of what is meant to be the same structure to use
>>>>> incompatible counted_by attributes (even though the member declarations
>>>>> are otherwise the same).
>>>>
>>>> I think the right place could be comp_types_attributes in
>>>> attributes.cc. It may be sufficient to set the
>>>> affects_type_identify flag.
>>>>
>>>> This should then give a redefinition error as it should do for
>>>> "packed".
>>>
>>> Thinking about this a bit more, this will not work here, because
>>> the counted_by attribute is not applied to the struct type but
>>> one of the members.
>>>
>>> So probably there should be a check added directly
>>> to tagged_types_tu_compatible_p
>>
>>
>> There are two cases we will check:
>>
>> A. Both definitions are in the same scope;
>> Then if the 2nd definition has a counted-by attribute different from
>> the 1st definition, the 2nd definition will be given a redefinition error;
>>
>> B. These two definitions are in different scope;
>> When these two definitions are used in a way need to be compatible, an
>> incompatible error need to be issued at that
>> Point;
>>
>>
>> My question is, Will the routine “tagged_types_tu_compatible_p” can handle
>> both A and B?
>
> Yes, changing this function should address both cases if I am
> not missing something.
>
Thanks for the help.
Will study this routine in more details and update the patch.
Qing
> Martin
>
>>
>> Thanks.
>>
>> Qing
>>>
>>> Martin
>>>
>>>>
>>>>>
>>>>> In C23 structures defined with the same tag in different scopes are
>>>>> compatible given requirements including compatible types for
>>>>> corresponding
>>>>> elements. It would seem most appropriate to me for such structures with
>>>>> incompatible counted_by attributes to be considered *not* compatible
>>>>> types
>>>>> (but it would be valid to define structures with the same tag, different
>>>>> scopes, and elements the same except for counted_by - just not to use
>>>>> them
>>>>> in any way requiring them to be compatible).
>>>>
>>>> Another option might be to warn about the case when those types
>>>> are then used together in a way where they are required to
>>>> be compatible. Then comp_types_attributes would have to return 2.
>>>>
>>>>
>>>> Martin
>>>>
>>>>>
>>>>>> +The @code{counted_by} attribute may be attached to the C99 flexible
>>>>>> array
>>>>>> +member of a structure. It indicates that the number of the elements of
>>>>>> the
>>>>>> +array is given by the field "@var{count}" in the same structure as the
>>>>>
>>>>> As noted previously, the "" quotes should be removed there (or replaced
>>>>> by
>>>>> ``'' quotes).
>>>>>
>>>>
>>>
>>
>
Re: [PATCH v8 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
Thanks a lot for your review.
Will fix these typos before committing to GCC15.
Qing
> On Apr 10, 2024, at 14:36, Joseph Myers wrote:
>
> On Fri, 29 Mar 2024, Qing Zhao wrote:
>
>> +/* For a SUBDATUM field of a structure or union DATUM, generate a REF to
>> + the object that represents its counted_by per the attribute counted_by
>> + attached to this field if it's a flexible array member field, otherwise
>> + return NULL_TREE.
>> + set COUNTED_BY_TYPE to the TYPE of the counted_by field.
>
> Use an uppercase letter at the start of a sentence, "Set".
>
>> +static tree
>> +build_counted_by_ref (tree datum, tree subdatum, tree *counted_by_type)
>> +{
>> + tree type = TREE_TYPE (datum);
>> + if (!(c_flexible_array_member_type_p (TREE_TYPE (subdatum
>> +return NULL_TREE;
>
> There are redundant parentheses here around the call to
> c_flexible_array_member_type_p.
>
> The C front-end changes in this patch are OK for GCC 15 (after GCC 14 has
> branched, and once a version of patch 1 has also been approved) with those
> fixes.
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
Re: [PATCH v8 1/5] Provide counted_by attribute to flexible array member field (PR108896)
> On Apr 10, 2024, at 15:05, Martin Uecker wrote:
>
> Am Mittwoch, dem 10.04.2024 um 20:25 +0200 schrieb Martin Uecker:
>> Am Mittwoch, dem 10.04.2024 um 17:35 + schrieb Joseph Myers:
>>> On Fri, 29 Mar 2024, Qing Zhao wrote:
>>>
>>>> + /* Issue error when there is a counted_by attribute with a different
>>>> + field as the argument for the same flexible array member field. */
>>>
>>> There's another case of this to consider, though I'm not sure where best
>>> to check for it (Martin might have suggestions) - of course this case will
>>> need testcases as well.
>>>
>>> Suppose, as allowed in C23, a structure is defined twice in the same
>>> scope, but the two definitions of the structure use inconsistent
>>> counted_by attributes. I'd say that, when the declarations are in the
>>> same scope (thus required to be consistent), it should be an error for the
>>> two definitions of what is meant to be the same structure to use
>>> incompatible counted_by attributes (even though the member declarations
>>> are otherwise the same).
>>
>> I think the right place could be comp_types_attributes in
>> attributes.cc. It may be sufficient to set the
>> affects_type_identify flag.
>>
>> This should then give a redefinition error as it should do for
>> "packed".
>
> Thinking about this a bit more, this will not work here, because
> the counted_by attribute is not applied to the struct type but
> one of the members.
>
> So probably there should be a check added directly
> to tagged_types_tu_compatible_p
There are two cases we will check:
A. Both definitions are in the same scope;
Then if the 2nd definition has a counted-by attribute different from the
1st definition, the 2nd definition will be given a redefinition error;
B. These two definitions are in different scope;
When these two definitions are used in a way need to be compatible, an
incompatible error need to be issued at that
Point;
My question is, Will the routine “tagged_types_tu_compatible_p” can handle both
A and B?
Thanks.
Qing
>
> Martin
>
>>
>>>
>>> In C23 structures defined with the same tag in different scopes are
>>> compatible given requirements including compatible types for corresponding
>>> elements. It would seem most appropriate to me for such structures with
>>> incompatible counted_by attributes to be considered *not* compatible types
>>> (but it would be valid to define structures with the same tag, different
>>> scopes, and elements the same except for counted_by - just not to use them
>>> in any way requiring them to be compatible).
>>
>> Another option might be to warn about the case when those types
>> are then used together in a way where they are required to
>> be compatible. Then comp_types_attributes would have to return 2.
>>
>>
>> Martin
>>
>>>
>>>> +The @code{counted_by} attribute may be attached to the C99 flexible array
>>>> +member of a structure. It indicates that the number of the elements of
>>>> the
>>>> +array is given by the field "@var{count}" in the same structure as the
>>>
>>> As noted previously, the "" quotes should be removed there (or replaced by
>>> ``'' quotes).
>>>
>>
>
Re: [PATCH v8 1/5] Provide counted_by attribute to flexible array member field (PR108896)
> On Apr 10, 2024, at 14:44, Joseph Myers wrote:
>
> On Wed, 10 Apr 2024, Qing Zhao wrote:
>
>> A stupid question first, the same scope means the same file? (Or same
>> function)
>
> struct X { int a; };
> struct X { int a; };
>
> is an example of the same scope (file scope, in this case). The
> structures must have the same contents (in an appropriate sense) and are
> then considered the same type.
>
> struct X { int a; };
> void f() { struct X { int a; }; }
>
> is not the same scope - but C23 makes the types compatible (not the same).
> It's OK to have incompatible types with the same tag in different scopes
> as well
>
> struct X { int a; };
> void f() { struct X { long b; }; }
>
> but if you use them in a way requiring compatibility, then the contents
> must be compatible
>
> struct X { int a; } v;
> void f() { struct X { int a; } *p = }
Okay, the above is very clear, thanks a lot for the explanation.
So, basically, for “counted-by” attribute:
**The following is good:
struct f {
int b;
int c;
int a[] __attribute__ ((counted_by (b))) };
struct f {
int b;
int c;
int a[] __attribute__ ((counted_by (b))) };
**The following should error:
struct f {
int b;
int c;
int a[] __attribute__ ((counted_by (b))) };
struct f {
int b;
int c;
int a[] __attribute__ ((counted_by (c))) }; /* error here */
For the same tag in different scopes case:
struct f {
int b;
int c;
int a[] __attribute__ ((counted_by (b))) } y0;
void test1(void)
{
struct f {
int b;
int c;
int a[] __attribute__ ((counted_by (c))) } x;
y0 = x; /* will report incompatible type error here */
}
Are the above complete?
>
>> Is there a testing case for this feature in current GCC source tree I can
>> take a look? (and
>> Then I can use it to construct the new testing case for the counted-by
>> attribute).
>
> See gcc.dg/c23-tag-*.c for many tests of different cases involving the tag
> compatibility rules (and gcc.dg/gnu23-tag-* where GNU extensions are
> involved).
Got it. Will take a look on them.
thanks.
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
Re: [PATCH v8 1/5] Provide counted_by attribute to flexible array member field (PR108896)
Thanks for the comments.
> On Apr 10, 2024, at 13:35, Joseph Myers wrote:
>
> On Fri, 29 Mar 2024, Qing Zhao wrote:
>
>> + /* Issue error when there is a counted_by attribute with a different
>> + field as the argument for the same flexible array member field. */
>
> There's another case of this to consider, though I'm not sure where best
> to check for it (Martin might have suggestions) - of course this case will
> need testcases as well.
Looks like this additional case relates to the new C23 feature, where is the
documentation on this new feature, I need to study a little bit on this, thanks.
>
> Suppose, as allowed in C23, a structure is defined twice in the same
> scope,
A stupid question first, the same scope means the same file? (Or same function)
Is there a testing case for this feature in current GCC source tree I can take
a look? (and
Then I can use it to construct the new testing case for the counted-by
attribute).
> but the two definitions of the structure use inconsistent
> counted_by attributes.
Where in the current C FE to handle the same structure is defined twice in the
same scope? Which routine
In the C FE?
> I'd say that, when the declarations are in the
> same scope (thus required to be consistent), it should be an error for the
> two definitions of what is meant to be the same structure to use
> incompatible counted_by attributes (even though the member declarations
> are otherwise the same).
Agreed. Wil add such checking.
>
> In C23 structures defined with the same tag in different scopes are
> compatible given requirements including compatible types for corresponding
> elements.
Again, which routine in the C FE handle such case? I’d like to take a look at
the current
Handling and how to update it for the counted-by attribute.
> It would seem most appropriate to me for such structures with
> incompatible counted_by attributes to be considered *not* compatible types
Is there a utility routine for checking “compatible type”?
> (but it would be valid to define structures with the same tag, different
> scopes, and elements the same except for counted_by - just not to use them
> in any way requiring them to be compatible).
Updating that routine (checking compatible type) with the new “counted-by”
attribute
Might be enough for this purpose, I guess.
>
>> +The @code{counted_by} attribute may be attached to the C99 flexible array
>> +member of a structure. It indicates that the number of the elements of the
>> +array is given by the field "@var{count}" in the same structure as the
>
> As noted previously, the "" quotes should be removed there (or replaced by
> ``'' quotes).
Okay, will update this.
thanks.
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
Re: [PATCH][Backport][GCC10] Fix SSA corruption due to widening_mul opt on conflict across an abnormal edge [PR111407]
On Apr 2, 2024, at 03:06, Richard Biener wrote:
On Mon, Apr 1, 2024 at 3:36 PM Qing Zhao
mailto:qing.z...@oracle.com>> wrote:
This is a bug in tree-ssa-math-opts.c, when applying the widening mul
optimization, the compiler needs to check whether the operand is in a
ABNORMAL PHI, if YES, we should avoid the transformation.
PR tree-optimization/111407
gcc/ChangeLog:
* tree-ssa-math-opts.c (convert_mult_to_widen): Avoid the transform
when one of the operands is subject to abnormal coalescing.
gcc/testsuite/ChangeLog:
* gcc.dg/pr111407.c: New test.
(cherry picked from commit 4aca1cfd6235090e48a53dab734437740671bbf3)
bootstraped and regression tested on both aarch64 and x86.
Okay for commit to GCC10?
Note the GCC 10 branch is closed. If the patch boostraps/tests on the
11, 12 and 13
branches it is OK there. You do not need approval to backport fixes
for _regressions_
if the patch cherry-picks without major edits and boostraps/tests OK.
Thanks for the info.
I will commit the patches for GCC11, 12, and 13 soon.
Qing
Thanks,
Richard.
thanks.
Qing
---
gcc/testsuite/gcc.dg/pr111407.c | 21 +
gcc/tree-ssa-math-opts.c| 8
2 files changed, 29 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/pr111407.c
diff --git a/gcc/testsuite/gcc.dg/pr111407.c b/gcc/testsuite/gcc.dg/pr111407.c
new file mode 100644
index ..a171074753f9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr111407.c
@@ -0,0 +1,21 @@
+/* PR tree-optimization/111407*/
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+enum { SEND_TOFILE } __sigsetjmp();
+void fclose();
+void foldergets();
+void sendpart_stats(int *p1, int a1, int b1) {
+ int *a = p1;
+ fclose();
+ p1 = 0;
+ long t = b1;
+ if (__sigsetjmp()) {
+ {
+ long t1 = a1;
+ a1+=1;
+ fclose(a1*(long)t1);
+ }
+ }
+ if (p1)
+ fclose();
+}
diff --git a/gcc/tree-ssa-math-opts.c b/gcc/tree-ssa-math-opts.c
index dd0b8c6f0577..47981da20e05 100644
--- a/gcc/tree-ssa-math-opts.c
+++ b/gcc/tree-ssa-math-opts.c
@@ -2543,6 +2543,14 @@ convert_mult_to_widen (gimple *stmt,
gimple_stmt_iterator *gsi)
if (!is_widening_mult_p (stmt, , , , ))
return false;
+ /* if any one of rhs1 and rhs2 is subject to abnormal coalescing,
+ avoid the tranform. */
+ if ((TREE_CODE (rhs1) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
+ || (TREE_CODE (rhs2) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs2)))
+return false;
+
to_mode = SCALAR_INT_TYPE_MODE (type);
from_mode = SCALAR_INT_TYPE_MODE (type1);
if (to_mode == from_mode)
--
2.31.1
[PATCH][Backport][GCC10] Fix SSA corruption due to widening_mul opt on conflict across an abnormal edge [PR111407]
This is a bug in tree-ssa-math-opts.c, when applying the widening mul
optimization, the compiler needs to check whether the operand is in a
ABNORMAL PHI, if YES, we should avoid the transformation.
PR tree-optimization/111407
gcc/ChangeLog:
* tree-ssa-math-opts.c (convert_mult_to_widen): Avoid the transform
when one of the operands is subject to abnormal coalescing.
gcc/testsuite/ChangeLog:
* gcc.dg/pr111407.c: New test.
(cherry picked from commit 4aca1cfd6235090e48a53dab734437740671bbf3)
bootstraped and regression tested on both aarch64 and x86.
Okay for commit to GCC10?
thanks.
Qing
---
gcc/testsuite/gcc.dg/pr111407.c | 21 +
gcc/tree-ssa-math-opts.c| 8
2 files changed, 29 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/pr111407.c
diff --git a/gcc/testsuite/gcc.dg/pr111407.c b/gcc/testsuite/gcc.dg/pr111407.c
new file mode 100644
index ..a171074753f9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr111407.c
@@ -0,0 +1,21 @@
+/* PR tree-optimization/111407*/
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+enum { SEND_TOFILE } __sigsetjmp();
+void fclose();
+void foldergets();
+void sendpart_stats(int *p1, int a1, int b1) {
+ int *a = p1;
+ fclose();
+ p1 = 0;
+ long t = b1;
+ if (__sigsetjmp()) {
+ {
+ long t1 = a1;
+ a1+=1;
+ fclose(a1*(long)t1);
+ }
+ }
+ if (p1)
+ fclose();
+}
diff --git a/gcc/tree-ssa-math-opts.c b/gcc/tree-ssa-math-opts.c
index dd0b8c6f0577..47981da20e05 100644
--- a/gcc/tree-ssa-math-opts.c
+++ b/gcc/tree-ssa-math-opts.c
@@ -2543,6 +2543,14 @@ convert_mult_to_widen (gimple *stmt,
gimple_stmt_iterator *gsi)
if (!is_widening_mult_p (stmt, , , , ))
return false;
+ /* if any one of rhs1 and rhs2 is subject to abnormal coalescing,
+ avoid the tranform. */
+ if ((TREE_CODE (rhs1) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
+ || (TREE_CODE (rhs2) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs2)))
+return false;
+
to_mode = SCALAR_INT_TYPE_MODE (type);
from_mode = SCALAR_INT_TYPE_MODE (type1);
if (to_mode == from_mode)
--
2.31.1
[PATCH][Backport][GCC11] Fix SSA corruption due to widening_mul opt on conflict across an abnormal edge [PR111407]
This is a bug in tree-ssa-math-opts.c, when applying the widening mul
optimization, the compiler needs to check whether the operand is in a
ABNORMAL PHI, if YES, we should avoid the transformation.
PR tree-optimization/111407
gcc/ChangeLog:
* tree-ssa-math-opts.c (convert_mult_to_widen): Avoid the transform
when one of the operands is subject to abnormal coalescing.
gcc/testsuite/ChangeLog:
* gcc.dg/pr111407.c: New test.
(cherry picked from commit 4aca1cfd6235090e48a53dab734437740671bbf3)
bootstraped and regression tested on both aarch64 and x86.
Okay for commit to GCC11?
thanks.
Qing
---
gcc/testsuite/gcc.dg/pr111407.c | 21 +
gcc/tree-ssa-math-opts.c| 8
2 files changed, 29 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/pr111407.c
diff --git a/gcc/testsuite/gcc.dg/pr111407.c b/gcc/testsuite/gcc.dg/pr111407.c
new file mode 100644
index ..a171074753f9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr111407.c
@@ -0,0 +1,21 @@
+/* PR tree-optimization/111407*/
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+enum { SEND_TOFILE } __sigsetjmp();
+void fclose();
+void foldergets();
+void sendpart_stats(int *p1, int a1, int b1) {
+ int *a = p1;
+ fclose();
+ p1 = 0;
+ long t = b1;
+ if (__sigsetjmp()) {
+ {
+ long t1 = a1;
+ a1+=1;
+ fclose(a1*(long)t1);
+ }
+ }
+ if (p1)
+ fclose();
+}
diff --git a/gcc/tree-ssa-math-opts.c b/gcc/tree-ssa-math-opts.c
index adeb70fd6354..dcaf272d73f9 100644
--- a/gcc/tree-ssa-math-opts.c
+++ b/gcc/tree-ssa-math-opts.c
@@ -2678,6 +2678,14 @@ convert_mult_to_widen (gimple *stmt,
gimple_stmt_iterator *gsi)
if (!is_widening_mult_p (stmt, , , , ))
return false;
+ /* if any one of rhs1 and rhs2 is subject to abnormal coalescing,
+ avoid the tranform. */
+ if ((TREE_CODE (rhs1) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
+ || (TREE_CODE (rhs2) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs2)))
+return false;
+
to_mode = SCALAR_INT_TYPE_MODE (type);
from_mode = SCALAR_INT_TYPE_MODE (type1);
if (to_mode == from_mode)
--
2.31.1
[PATCH][Backport][GCC12] Fix SSA corruption due to widening_mul opt on conflict across an abnormal edge [PR111407]
This is a bug in tree-ssa-math-opts.cc, when applying the widening mul
optimization, the compiler needs to check whether the operand is in a
ABNORMAL PHI, if YES, we should avoid the transformation.
PR tree-optimization/111407
gcc/ChangeLog:
* tree-ssa-math-opts.cc (convert_mult_to_widen): Avoid the transform
when one of the operands is subject to abnormal coalescing.
gcc/testsuite/ChangeLog:
* gcc.dg/pr111407.c: New test.
(cherry picked from commit 4aca1cfd6235090e48a53dab734437740671bbf3)
bootstraped and regression tested on both aarch64 and x86.
Okay for commit to GCC12?
thanks.
Qing
---
gcc/testsuite/gcc.dg/pr111407.c | 21 +
gcc/tree-ssa-math-opts.cc | 8
2 files changed, 29 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/pr111407.c
diff --git a/gcc/testsuite/gcc.dg/pr111407.c b/gcc/testsuite/gcc.dg/pr111407.c
new file mode 100644
index ..a171074753f9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr111407.c
@@ -0,0 +1,21 @@
+/* PR tree-optimization/111407*/
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+enum { SEND_TOFILE } __sigsetjmp();
+void fclose();
+void foldergets();
+void sendpart_stats(int *p1, int a1, int b1) {
+ int *a = p1;
+ fclose();
+ p1 = 0;
+ long t = b1;
+ if (__sigsetjmp()) {
+ {
+ long t1 = a1;
+ a1+=1;
+ fclose(a1*(long)t1);
+ }
+ }
+ if (p1)
+ fclose();
+}
diff --git a/gcc/tree-ssa-math-opts.cc b/gcc/tree-ssa-math-opts.cc
index 232e903b0d25..bab0cc5aef4e 100644
--- a/gcc/tree-ssa-math-opts.cc
+++ b/gcc/tree-ssa-math-opts.cc
@@ -2681,6 +2681,14 @@ convert_mult_to_widen (gimple *stmt,
gimple_stmt_iterator *gsi)
if (!is_widening_mult_p (stmt, , , , ))
return false;
+ /* if any one of rhs1 and rhs2 is subject to abnormal coalescing,
+ avoid the tranform. */
+ if ((TREE_CODE (rhs1) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
+ || (TREE_CODE (rhs2) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs2)))
+return false;
+
to_mode = SCALAR_INT_TYPE_MODE (type);
from_mode = SCALAR_INT_TYPE_MODE (type1);
if (to_mode == from_mode)
--
2.31.1
[PATCH][Backport][GCC13] Fix SSA corruption due to widening_mul opt on conflict across an abnormal edge [PR111407]
This is a bug in tree-ssa-math-opts.cc, when applying the widening mul
optimization, the compiler needs to check whether the operand is in a
ABNORMAL PHI, if YES, we should avoid the transformation.
PR tree-optimization/111407
gcc/ChangeLog:
* tree-ssa-math-opts.cc (convert_mult_to_widen): Avoid the transform
when one of the operands is subject to abnormal coalescing.
gcc/testsuite/ChangeLog:
* gcc.dg/pr111407.c: New test.
(cherry picked from commit 4aca1cfd6235090e48a53dab734437740671bbf3)
bootstraped and regression tested on both aarch64 and x86.
Okay for commit to GCC13?
thanks.
Qing
---
gcc/testsuite/gcc.dg/pr111407.c | 21 +
gcc/tree-ssa-math-opts.cc | 8
2 files changed, 29 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/pr111407.c
diff --git a/gcc/testsuite/gcc.dg/pr111407.c b/gcc/testsuite/gcc.dg/pr111407.c
new file mode 100644
index ..a171074753f9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr111407.c
@@ -0,0 +1,21 @@
+/* PR tree-optimization/111407*/
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+enum { SEND_TOFILE } __sigsetjmp();
+void fclose();
+void foldergets();
+void sendpart_stats(int *p1, int a1, int b1) {
+ int *a = p1;
+ fclose();
+ p1 = 0;
+ long t = b1;
+ if (__sigsetjmp()) {
+ {
+ long t1 = a1;
+ a1+=1;
+ fclose(a1*(long)t1);
+ }
+ }
+ if (p1)
+ fclose();
+}
diff --git a/gcc/tree-ssa-math-opts.cc b/gcc/tree-ssa-math-opts.cc
index 15eed3e960c4..ff949e4fec9c 100644
--- a/gcc/tree-ssa-math-opts.cc
+++ b/gcc/tree-ssa-math-opts.cc
@@ -2754,6 +2754,14 @@ convert_mult_to_widen (gimple *stmt,
gimple_stmt_iterator *gsi)
if (!is_widening_mult_p (stmt, , , , ))
return false;
+ /* if any one of rhs1 and rhs2 is subject to abnormal coalescing,
+ avoid the tranform. */
+ if ((TREE_CODE (rhs1) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
+ || (TREE_CODE (rhs2) == SSA_NAME
+ && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs2)))
+return false;
+
to_mode = SCALAR_INT_TYPE_MODE (type);
from_mode = SCALAR_INT_TYPE_MODE (type1);
if (to_mode == from_mode)
--
2.31.1
Re: [PATCH v8 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
Hi, Tom, Thanks a lot for the comments. It’s good to hear that this new attribute might be able to be used to help gdb. We might spend some time to study to use this information in other consumers, for example, gdb, in the future, if necessary and possible. If you have good examples to show the importance of using such information in gdb, please let me know. I’m glad to study a little more. At this time, I agree with Kees, it’s better for the initial patches of the “counted-by” support to focus on the the attribute itself and the immediate security consumers, such as array bound sanitizer and dynamic object size, etc. So, let’s delay the possible support to gdb in a later patch. Does this sound reasonable to you? Qing > On Mar 29, 2024, at 15:16, Kees Cook wrote: > > On Fri, Mar 29, 2024 at 12:09:15PM -0600, Tom Tromey wrote: >>>>>>> Qing Zhao writes: >> >>> This is the 8th version of the patch. >> >>> compare with the 7th version, the difference are: >> >> [...] >> >> Hi. I was curious to know if the information supplied by this attribute >> shows up in the DWARF. It would be good if it did, because that would >> let gdb correctly print these arrays without user intervention. > > Does DWARF have such an annotation? Regardless, I think this could be a > future patch to not hold up landing the initial feature. > > -- > Kees Cook
[PATCH v8 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
gcc/c-family/ChangeLog:
* c-ubsan.cc (get_bound_from_access_with_size): New function.
(ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-4.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
---
gcc/c-family/c-ubsan.cc | 42 +
.../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
.../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
.../ubsan/flex-array-counted-by-bounds-4.c| 34 ++
.../ubsan/flex-array-counted-by-bounds.c | 46 +++
5 files changed, 201 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 940982819ddf..7cd3c6aa5b88 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data));
}
+/* Get the tree that represented the number of counted_by, i.e, the maximum
+ number of the elements of the object that the call to .ACCESS_WITH_SIZE
+ points to, this number will be the bound of the corresponding array. */
+static tree
+get_bound_from_access_with_size (tree call)
+{
+ if (!is_access_with_size_p (call))
+return NULL_TREE;
+
+ tree ref_to_size = CALL_EXPR_ARG (call, 1);
+ unsigned int class_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
+ tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
+ tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
+ build_int_cst (ptr_type_node, 0));
+ /* If size is negative value, treat it as zero. */
+ if (!TYPE_UNSIGNED (type))
+ {
+tree cond = fold_build2 (LT_EXPR, boolean_type_node,
+unshare_expr (size), build_zero_cst (type));
+size = fold_build3 (COND_EXPR, type, cond,
+ build_zero_cst (type), size);
+ }
+
+ /* Only when class_of_size is 1, i.e, the number of the elements of
+ the object type, return the size. */
+ if (class_of_size != 1)
+return NULL_TREE;
+ else
+size = fold_convert (sizetype, size);
+
+ return size;
+}
+
+
/* Instrument array bounds for ARRAY_REFs. We create special builtin,
that gets expanded in the sanopt pass, and make an array dimension
of it. ARRAY is the array, *INDEX is an index to the array.
@@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree
*index,
&& COMPLETE_TYPE_P (type)
&& integer_zerop (TYPE_SIZE (type)))
bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
+ else if (INDIRECT_REF_P (array)
+ && is_access_with_size_p ((TREE_OPERAND (array, 0
+ {
+ bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
+ bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
+ bound,
+ build_int_cst (TREE_TYPE (bound), 1));
+ }
else
return NULL_TREE;
}
diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
new file mode 100644
index ..b503320628d2
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
@@ -0,0 +1,45 @@
+/* Test the attribute counted_by and its usage in
+ bounds sanitizer combined with VLA. */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-output "index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int
\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+
+
+#include
+
+void __attribute__((__noinline__)) setup_and_test_vla (int n, int m)
+{
+ struct foo {
+ int n;
+ int p[][n] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n]));
+ f->n = m;
+ f->p[m][n-1]=1;
+ return;
+}
+
+void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, int m)
+{
+ struct foo {
+int n;
+int p[][n2][n1] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc
[PATCH v8 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): New function.
(call_object_size): Call the new function.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
* gcc.dg/flex-array-counted-by-3.c: New test.
* gcc.dg/flex-array-counted-by-4.c: New test.
* gcc.dg/flex-array-counted-by-5.c: New test.
---
.../gcc.dg/builtin-object-size-common.h | 11 ++
.../gcc.dg/flex-array-counted-by-3.c | 63 +++
.../gcc.dg/flex-array-counted-by-4.c | 178 ++
.../gcc.dg/flex-array-counted-by-5.c | 48 +
gcc/tree-object-size.cc | 60 ++
5 files changed, 360 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
index 66ff7cdd953a..b677067c6e6b 100644
--- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
+++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
@@ -30,3 +30,14 @@ unsigned nfails = 0;
__builtin_abort ();\
return 0;\
} while (0)
+
+#define EXPECT(p, _v) do { \
+ size_t v = _v; \
+ if (p == v)\
+__builtin_printf ("ok: %s == %zd\n", #p, p);\
+ else \
+{\
+ __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v);\
+ FAIL (); \
+}\
+} while (0);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
new file mode 100644
index ..78f50230e891
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
@@ -0,0 +1,63 @@
+/* Test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+struct flex {
+ int b;
+ int c[];
+} *array_flex;
+
+struct annotated {
+ int b;
+ int c[] __attribute__ ((counted_by (b)));
+} *array_annotated;
+
+struct nested_annotated {
+ struct {
+union {
+ int b;
+ float f;
+};
+int n;
+ };
+ int c[] __attribute__ ((counted_by (b)));
+} *array_nested_annotated;
+
+void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
+{
+ array_flex
+= (struct flex *)malloc (sizeof (struct flex)
++ normal_count * sizeof (int));
+ array_flex->b = normal_count;
+
+ array_annotated
+= (struct annotated *)malloc (sizeof (struct annotated)
+ + attr_count * sizeof (int));
+ array_annotated->b = attr_count;
+
+ array_nested_annotated
+= (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
++ attr_count * sizeof (int));
+ array_nested_annotated->b = attr_count;
+
+ return;
+}
+
+void __attribute__((__noinline__)) test ()
+{
+EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1);
+EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1),
+ array_annotated->b * sizeof (int));
+EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1),
+ array_nested_annotated->b * sizeof (int));
+}
+
+int main(int argc, char *argv[])
+{
+ setup (10,10);
+ test ();
+ DONE ();
+}
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
new file mode 100644
index ..20103d58ef51
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
@@ -0,0 +1,178 @@
+/* Test the attribute counted_by and its usage in
+__builtin_dynamic_object_size: what's the correct behavior when the
+allocation size mismatched with the value of counted_by attribute?
+We should always use the latest value that is hold by the counted_by
+field. */
+/* { dg-do run } */
+/* { dg-options "-O -fstrict-flex-arrays=3" } */
+
+#include "builtin-object-size-common.h"
+
+struct annotated {
+ size_t foo;
+ char others;
+ char array[] __attribute__((counted_by (foo)));
+};
+
+#define noinline __attribute__((__noinline__))
+#define SIZE_BUMP 10
+#define MAX(a, b) ((a) > (b) ? (a) : (b))
+
+/* In general, Due to type casting, the type for the pointee of a pointer
+ does not say
[PATCH v8 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
Including the following changes:
* The definition of the new internal function .ACCESS_WITH_SIZE
in internal-fn.def.
* C FE converts every reference to a FAM with a "counted_by" attribute
to a call to the internal function .ACCESS_WITH_SIZE.
(build_component_ref in c_typeck.cc)
This includes the case when the object is statically allocated and
initialized.
In order to make this working, the routines initializer_constant_valid_p_1
and output_constant in varasm.cc are updated to handle calls to
.ACCESS_WITH_SIZE.
(initializer_constant_valid_p_1 and output_constant in varasm.c)
However, for the reference inside "offsetof", the "counted_by" attribute is
ignored since it's not useful at all.
(c_parser_postfix_expression in c/c-parser.cc)
In addtion to "offsetof", for the reference inside operator "typeof" and
"alignof", we ignore counted_by attribute too.
When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE,
replace the call with its first argument.
* Convert every call to .ACCESS_WITH_SIZE to its first argument.
(expand_ACCESS_WITH_SIZE in internal-fn.cc)
* Adjust alias analysis to exclude the new internal from clobbering anything.
(ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc)
* Adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE when
it's LHS is eliminated as dead code.
(eliminate_unnecessary_stmts in tree-ssa-dce.cc)
* Provide the utility routines to check the call is .ACCESS_WITH_SIZE and
get the reference from the call to .ACCESS_WITH_SIZE.
(is_access_with_size_p and get_ref_from_access_with_size in tree.cc)
gcc/c/ChangeLog:
* c-parser.cc (c_parser_postfix_expression): Ignore the counted-by
attribute when build_component_ref inside offsetof operator.
* c-tree.h (build_component_ref): Add one more parameter.
* c-typeck.cc (build_counted_by_ref): New function.
(build_access_with_size_for_counted_by): New function.
(build_component_ref): Check the counted-by attribute and build
call to .ACCESS_WITH_SIZE.
(build_unary_op): When building ADDR_EXPR for
.ACCESS_WITH_SIZE, use its first argument.
(lvalue_p): Accept call to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* internal-fn.cc (expand_ACCESS_WITH_SIZE): New function.
* internal-fn.def (ACCESS_WITH_SIZE): New internal function.
* tree-ssa-alias.cc (ref_maybe_used_by_call_p_1): Special case
IFN_ACCESS_WITH_SIZE.
(call_may_clobber_ref_p_1): Special case IFN_ACCESS_WITH_SIZE.
* tree-ssa-dce.cc (eliminate_unnecessary_stmts): Eliminate the call
to .ACCESS_WITH_SIZE when its LHS is dead.
* tree.cc (process_call_operands): Adjust side effect for function
.ACCESS_WITH_SIZE.
(is_access_with_size_p): New function.
(get_ref_from_access_with_size): New function.
* tree.h (is_access_with_size_p): New prototype.
(get_ref_from_access_with_size): New prototype.
* varasm.cc (initializer_constant_valid_p_1): Handle call to
.ACCESS_WITH_SIZE.
(output_constant): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-2.c: New test.
---
gcc/c/c-parser.cc | 10 +-
gcc/c/c-tree.h| 2 +-
gcc/c/c-typeck.cc | 128 +-
gcc/internal-fn.cc| 35 +
gcc/internal-fn.def | 4 +
.../gcc.dg/flex-array-counted-by-2.c | 112 +++
gcc/tree-ssa-alias.cc | 2 +
gcc/tree-ssa-dce.cc | 5 +-
gcc/tree.cc | 25 +++-
gcc/tree.h| 8 ++
gcc/varasm.cc | 10 ++
11 files changed, 331 insertions(+), 10 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-2.c
diff --git a/gcc/c/c-parser.cc b/gcc/c/c-parser.cc
index c31349dae2ff..a6ed5ac43bb1 100644
--- a/gcc/c/c-parser.cc
+++ b/gcc/c/c-parser.cc
@@ -10850,9 +10850,12 @@ c_parser_postfix_expression (c_parser *parser)
if (c_parser_next_token_is (parser, CPP_NAME))
{
c_token *comp_tok = c_parser_peek_token (parser);
+ /* Ignore the counted_by attribute for reference inside
+ offsetof since the information is not useful at all. */
offsetof_ref
= build_component_ref (loc, offsetof_ref, comp_tok->value,
-comp_tok->location, UNKNOWN_LOCATION);
+comp_tok->location, UNKNOWN_LOCATION,
+false);
c_parser_consume_token (parser);
while (c_parser_next_token_is (parser, CPP_DOT)
||
[PATCH v8 5/5] Add the 6th argument to .ACCESS_WITH_SIZE
to carry the TYPE of the flexible array.
Such information is needed during tree-object-size.cc.
We cannot use the result type or the type of the 1st argument
of the routine .ACCESS_WITH_SIZE to decide the element type
of the original array due to possible type casting in the
source code.
gcc/c/ChangeLog:
* c-typeck.cc (build_access_with_size_for_counted_by): Add the 6th
argument to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): Use the type
of the 6th argument for the type of the element.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-6.c: New test.
---
gcc/c/c-typeck.cc | 11 +++--
gcc/internal-fn.cc| 2 +
.../gcc.dg/flex-array-counted-by-6.c | 46 +++
gcc/tree-object-size.cc | 16 ---
4 files changed, 66 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index f7b0e08459b0..05948f76039e 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -2608,7 +2608,8 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
to:
- (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1))
+ (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1,
+ (TYPE_OF_ARRAY *)0))
NOTE: The return type of this function is the POINTER type pointing
to the original flexible array type.
@@ -2620,6 +2621,9 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
The 4th argument of the call is a constant 0 with the TYPE of the
object pointed by COUNTED_BY_REF.
+ The 6th argument of the call is a constant 0 with the pointer TYPE
+ to the original flexible array type.
+
*/
static tree
build_access_with_size_for_counted_by (location_t loc, tree ref,
@@ -2632,12 +2636,13 @@ build_access_with_size_for_counted_by (location_t loc,
tree ref,
tree call
= build_call_expr_internal_loc (loc, IFN_ACCESS_WITH_SIZE,
- result_type, 5,
+ result_type, 6,
array_to_pointer_conversion (loc, ref),
counted_by_ref,
build_int_cst (integer_type_node, 1),
build_int_cst (counted_by_type, 0),
- build_int_cst (integer_type_node, -1));
+ build_int_cst (integer_type_node, -1),
+ build_int_cst (result_type, 0));
/* Wrap the call with an INDIRECT_REF with the flexible array type. */
call = build1 (INDIRECT_REF, TREE_TYPE (ref), call);
SET_EXPR_LOCATION (call, loc);
diff --git a/gcc/internal-fn.cc b/gcc/internal-fn.cc
index e744080ee670..34e4a4aea534 100644
--- a/gcc/internal-fn.cc
+++ b/gcc/internal-fn.cc
@@ -3411,6 +3411,8 @@ expand_DEFERRED_INIT (internal_fn, gcall *stmt)
1: read_only
2: write_only
3: read_write
+ 6th argument: A constant 0 with the pointer TYPE to the original flexible
+ array type.
Both the return type and the type of the first argument of this
function have been converted from the incomplete array type to
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
new file mode 100644
index ..65fa01443d95
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
@@ -0,0 +1,46 @@
+/* Test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size: when the type of the flexible array member
+ * is casting to another type. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+typedef unsigned short u16;
+
+struct info {
+ u16 data_len;
+ char data[] __attribute__((counted_by(data_len)));
+};
+
+struct foo {
+ int a;
+ int b;
+};
+
+static __attribute__((__noinline__))
+struct info *setup ()
+{
+ struct info *p;
+ size_t bytes = 3 * sizeof(struct foo);
+
+ p = (struct info *)malloc (sizeof (struct info) + bytes);
+ p->data_len = bytes;
+
+ return p;
+}
+
+static void
+__attribute__((__noinline__)) report (struct info *p)
+{
+ struct foo *bar = (struct foo *)p->data;
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 1), 1), 16);
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 2), 1), 8);
+}
+
+int main(int argc, char *argv[])
+{
+ struct info *p = setup();
+ report(p);
+ return 0;
+}
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 8de264d1dee2..4c1fa9b555fa 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -762,9 +762,11 @@ addr_object_size (struct object_size_info *osi, const_tree
ptr,
1: the number of the elements of the object type;
4th argument
[PATCH v8 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
Hi,
This is the 8th version of the patch.
compare with the 7th version, the difference are:
updates per Joseph's comments:
1. Wording changes in diagnostics;
"non flexible" to "non-flexible";
Diagnostics starts with a lowercase letter;
2. Documentation changes:
"named ``@var{count}'' to ``@var{count}'';
use present tense in the documentation;
3. Checking "INTEGRAL_TYPE_P" instead of just INTEGER_TYPE for integer types.
Add testcases for _Bool/enum/_BitInt count fields.
4. Add handling for multiple counted_by attributes on the same field:
Allow duplicates if they name the same field;
Error when they name different fields.
Add testcase for this.
5. Updates for comments style.
The 7th version is at:
https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648087.html
https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648088.html
https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648089.html
https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648090.html
https://gcc.gnu.org/pipermail/gcc-patches/2024-March/648091.html
It based on the following original proposal:
https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html
Represent the missing dependence for the "counted_by" attribute and its
consumers
**The summary of the proposal is:
* Add a new internal function ".ACCESS_WITH_SIZE" to carry the size information
for every reference to a FAM field;
* In C FE, Replace every reference to a FAM field whose TYPE has the
"counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE";
* In every consumer of the size information, for example, BDOS or array bound
sanitizer, query the size information or ACCESS_MODE information from the new
internal function;
* When expansing to RTL, replace the internal function with the actual
reference to the FAM field;
* Some adjustment to ipa alias analysis, and other SSA passes to mitigate the
impact to the optimizer and code generation.
**The new internal function
.ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE,
ACCESS_MODE, TYPE_OF_REF)
INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL)
which returns the "REF_TO_OBJ" same as the 1st argument;
Both the return type and the type of the first argument of this function have
been converted from the incomplete array type to the corresponding pointer type.
The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is
the original imcomplete array type.
Please see the following link for why:
https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html
https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html
1st argument "REF_TO_OBJ": The reference to the object;
2nd argument "REF_TO_SIZE": The reference to the size of the object,
3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE represents
0: the number of bytes;
1: the number of the elements of the object type;
4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object
refed by REF_TO_SIZE
5th argument "ACCESS_MODE":
-1: Unknown access semantics
0: none
1: read_only
2: write_only
3: read_write
6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to
to the original flexible array type.
** The Patch sets included:
1. Provide counted_by attribute to flexible array member field;
which includes:
* "counted_by" attribute documentation;
* C FE handling of the new attribute;
syntax checking, error reporting;
* testing cases;
2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE.
which includes:
* The definition of the new internal function .ACCESS_WITH_SIZE in
internal-fn.def.
* C FE converts every reference to a FAM with "counted_by" attribute to a
call to the internal function .ACCESS_WITH_SIZE.
(build_component_ref in c_typeck.cc)
This includes the case when the object is statically allocated and
initialized.
In order to make this working, we should update
initializer_constant_valid_p_1 and output_constant in varasm.cc to include
calls to .ACCESS_WITH_SIZE.
However, for the reference inside "offsetof", ignore the "counted_by"
attribute since it's not useful at all. (c_parser_postfix_expression in
c/c-parser.cc)
In addtion to "offsetof", for the reference inside operator "typeof" and
"alignof", we ignore counted_by attribute too.
When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE,
replace the call with its first argument.
* Convert every call to .ACCESS_WITH_SIZE to its first argument.
(expand_ACCESS_WITH_SIZE in internal-fn.cc)
* adjust alias analysis to exclude the new internal from clobbering
anything.
(ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in
tree-ssa-alias.cc)
* adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE
when
it's LHS is eliminated as dead code.
[PATCH v8 1/5] Provide counted_by attribute to flexible array member field (PR108896)
'counted_by (COUNT)'
The 'counted_by' attribute may be attached to the C99 flexible
array member of a structure. It indicates that the number of the
elements of the array is given by the field "COUNT" in the
same structure as the flexible array member.
GCC may use this information to improve detection of object size
information
for such structures and provide better results in compile-time diagnostics
and runtime features like the array bound sanitizer and
the '__builtin_dynamic_object_size'.
For instance, the following code:
struct P {
size_t count;
char other;
char array[] __attribute__ ((counted_by (count)));
} *p;
specifies that the 'array' is a flexible array member whose number
of elements is given by the field 'count' in the same structure.
The field that represents the number of the elements should have an
integer type. Otherwise, the compiler reports an error and
ignores the attribute.
When the field that represents the number of the elements is assigned a
negative integer value, the compiler treats the value as zero.
An explicit 'counted_by' annotation defines a relationship between
two objects, 'p->array' and 'p->count', and there are the following
requirementthat on the relationship between this pair:
* 'p->count' must be initialized before the first reference to
'p->array';
* 'p->array' has _at least_ 'p->count' number of elements
available all the time. This relationship must hold even
after any of these related objects are updated during the
program.
It's the user's responsibility to make sure the above requirements
to be kept all the time. Otherwise the compiler reports
warnings, at the same time, the results of the array bound
sanitizer and the '__builtin_dynamic_object_size' is undefined.
One important feature of the attribute is, a reference to the
flexible array member field uses the latest value assigned to
the field that represents the number of the elements before that
reference. For example,
p->count = val1;
p->array[20] = 0; // ref1 to p->array
p->count = val2;
p->array[30] = 0; // ref2 to p->array
in the above, 'ref1' uses 'val1' as the number of the elements
in 'p->array', and 'ref2' uses 'val2' as the number of elements
in 'p->array'.
gcc/c-family/ChangeLog:
PR C/108896
* c-attribs.cc (handle_counted_by_attribute): New function.
(attribute_takes_identifier_p): Add counted_by attribute to the list.
* c-common.cc (c_flexible_array_member_type_p): ...To this.
* c-common.h (c_flexible_array_member_type_p): New prototype.
gcc/c/ChangeLog:
PR C/108896
* c-decl.cc (flexible_array_member_type_p): Renamed and moved to...
(add_flexible_array_elts_to_size): Use renamed function.
(is_flexible_array_member_p): Use renamed function.
(verify_counted_by_attribute): New function.
(finish_struct): Use renamed function and verify counted_by
attribute.
* c-tree.h (lookup_field): New prototype.
* c-typeck.cc (lookup_field): Expose as extern function.
gcc/ChangeLog:
PR C/108896
* doc/extend.texi: Document attribute counted_by.
gcc/testsuite/ChangeLog:
PR C/108896
* gcc.dg/flex-array-counted-by.c: New test.
* gcc.dg/flex-array-counted-by-7.c: New test.
---
gcc/c-family/c-attribs.cc | 68 +++-
gcc/c-family/c-common.cc | 13
gcc/c-family/c-common.h | 1 +
gcc/c/c-decl.cc | 78 +++
gcc/c/c-tree.h| 1 +
gcc/c/c-typeck.cc | 3 +-
gcc/doc/extend.texi | 68
.../gcc.dg/flex-array-counted-by-7.c | 8 ++
gcc/testsuite/gcc.dg/flex-array-counted-by.c | 62 +++
9 files changed, 282 insertions(+), 20 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-7.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by.c
diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
index 40a0cf90295d..39e5824ee7a5 100644
--- a/gcc/c-family/c-attribs.cc
+++ b/gcc/c-family/c-attribs.cc
@@ -105,6 +105,8 @@ static tree handle_warn_if_not_aligned_attribute (tree *,
tree, tree,
int, bool *);
static tree handle_strict_flex_array_attribute (tree *, tree, tree,
int, bool *);
+static tree handle_counted_by_attribute (tree *, tree, tree,
+ int, bool *);
static tree handle_weak_attribute (tree *, tree, tree, int, bool *) ;
Re: [PATCH v7 1/5] Provide counted_by attribute to flexible array member field (PR108896)
> On Mar 26, 2024, at 13:20, Joseph Myers wrote:
>
> On Tue, 26 Mar 2024, Qing Zhao wrote:
>
>>> What happens when there are multiple counted_by attributes on the same
>>> field? As far as I can see, all but one end up being ignored (by the code
>>> that actually uses the attribute).
>>
>> In general, is there any rule for handling multiple same attributes in
>> GCC? i.e, from left to right, the last one wins? Or something else? I’d
>> like to following the consistent rule with other places in GCC.
>
> Sometimes, they are meaningful and all can be respected. (An example is
> the format_arg attribute, where ngettext legitimately has two such
> attributes.)
>
> When not meaningful, an error is appropriate. For example, with section
> attributes you can get
>
>error ("section of %q+D conflicts with previous declaration",
> *node);
>
> if different sections are named. I think that's a suitable model for the
> new attribute here: allow duplicates if they name the same field, but give
> errors if they name different fields, just as with the section attribute.
>
> Once you give an error for multiple attributes naming different fields,
> which one wins is just a question of error recovery; the specific choice
> doesn't matter much, as long as you don't get an ICE in later processing.
Agreed and fixed as suggested.
Thanks.
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
Re: [PATCH v7 1/5] Provide counted_by attribute to flexible array member field (PR108896)
> On Mar 26, 2024, at 11:21, Joseph Myers wrote:
>
> On Tue, 26 Mar 2024, Qing Zhao wrote:
>
>>>> +@cindex @code{counted_by} variable attribute
>>>> +@item counted_by (@var{count})
>>>> +The @code{counted_by} attribute may be attached to the C99 flexible array
>>>> +member of a structure. It indicates that the number of the elements of
>>>> the
>>>> +array is given by the field named "@var{count}" in the same structure as
>>>> the
>>>> +flexible array member.
>>>
>>> You shouldn't use ASCII quotes like that in Texinfo (outside @code etc.
>>> where they represent literal quotes in programming language source code).
>>> You can say ``@var{count}'' if you wish to quote the name.
>> A little confused with the above..
>> So, what should I change in the above statement?
>
> I don't think you actually need quotes (or "named") at all; just
>
> the field @var{count}
>
> in place of
>
> the field named "@var{count}"
>
> would suffice.
Okay, I see. -:)
> But if you use quotes (for an English-language quotation,
> as opposed to when the quotes themselves are part of programming-language
> source code given in the manual), in Texinfo you should use ``'' rather
> than "".
Thanks for the explanation.
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
Re: [PATCH v7 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
Thanks, will update. Qing > On Mar 25, 2024, at 16:50, Joseph Myers wrote: > > On Wed, 20 Mar 2024, Qing Zhao wrote: > >> + the size of the element can be retrived from the result type of the call, >> + which is the pointer to the array type. */ > > Again, start a sentence with an uppercase letter. > >> + /* if not for dynamic object size, return. */ > >> + /* result type is a pointer type to the original flexible array type. */ > > Likewise. > > -- > Joseph S. Myers > josmy...@redhat.com >
Re: [PATCH v7 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
> On Mar 25, 2024, at 16:48, Joseph Myers wrote: > > On Wed, 20 Mar 2024, Qing Zhao wrote: > >> + /* get the TYPE of the counted_by field. */ > > Start comments with an uppercase letter. Okay. > >> + The type of the first argument of this function is a POINTER type >> + to the orignal flexible array type. > > s/orignal/original/ Okay. > >> + If HANDLE_COUNTED_BY is true, check the counted_by attribute and generate >> + call to .ACCESS_WITH_SIZE. otherwise, ignore the attribute. */ > > A sentence should start with an uppercase letter, "Otherwise”. Okay. > >> - /* Ordinary case; arg is a COMPONENT_REF or a decl. */ >> + /* Ordinary case; arg is a COMPONENT_REF or a decl,or a call to >> + .ACCESS_WITH_SIZE. */ > > There should be a space after a comma. Okay. (I remembered that I used contrib/check_GNU_style.sh check all the patches, not sure why such errors were not caught). > >> +/* Get the corresponding reference from the call to a .ACCESS_WITH_SIZE. >> + * i.e the first argument of this call. return NULL_TREE otherwise. */ >> +extern tree get_ref_from_access_with_size (tree); > > Again, start a sentence with an uppercase letter. Okay. > >> +case CALL_EXPR: >> + /* for a call to .ACCESS_WITH_SIZE, check the first argument. */ > > Likewise. Okay. > >> + /* for a call to .ACCESS_WITH_SIZE, check the first argument. */ > > Likewise. Okay. Will update accordingly. thanks. Qing > > -- > Joseph S. Myers > josmy...@redhat.com >
Re: [PATCH v7 1/5] Provide counted_by attribute to flexible array member field (PR108896)
Hi, Joseph,
Thanks a lot for the reviews.
> On Mar 25, 2024, at 16:44, Joseph Myers wrote:
>
> On Wed, 20 Mar 2024, Qing Zhao wrote:
>
>> + /* This attribute only applies to a C99 flexible array member type. */
>> + else if (! c_flexible_array_member_type_p (TREE_TYPE (decl)))
>> +{
>> + error_at (DECL_SOURCE_LOCATION (decl),
>> +"%qE attribute is not allowed for a non"
>> +" flexible array member field",
>
> "non-flexible" not "non flexible" ("non" shouldn't appear as a word on its
> own).
Okay.
>
>> + /* Error when the field is not found in the containing structure. */
>> + if (!counted_by_field)
>> +error_at (DECL_SOURCE_LOCATION (field_decl),
>> + "Argument %qE to the %qE attribute is not a field declaration"
>> + " in the same structure as %qD", fieldname,
>
> Diagnostics should start with a lowercase letter, "argument" not
> "Argument”.
Okay.
>
>> + if (TREE_CODE (TREE_TYPE (real_field)) != INTEGER_TYPE)
>> +error_at (DECL_SOURCE_LOCATION (field_decl),
>> + "Argument %qE to the %qE attribute is not a field declaration"
>> + " with an integer type", fieldname,
>
> Likewise.
Okay.
>
> Generally checks for integer types should allow any INTEGRAL_TYPE_P,
> rather than just INTEGER_TYPE. For example, it should be valid to use
> this attribute with a field with _BitInt type. (It would be fairly
> useless with a _BitInt larger than size_t, but maybe e.g. someone knows
> the size in their code must fit into 24 bits and so uses unsigned
> _BitInt(24) for the field.)
Okay. Will change this.
>
> Of course there should be corresponding testcases for _Bool / enum /
> _BitInt count fields.
And add corresponding testing cases.
>
> What happens when there are multiple counted_by attributes on the same
> field? As far as I can see, all but one end up being ignored (by the code
> that actually uses the attribute).
In general, is there any rule for handling multiple same attributes in GCC?
i.e, from left to right, the last one wins? Or something else? I’d like to
following the consistent rule with other places in GCC.
> I think multiple such attributes using
> different identifiers should be diagnosed, even if all the identifiers are
> indeed integer fields in the same structure - it doesn't seem meaningful
> to say that multiple fields give the count of elements.
Yes, this is reasonable. Shall we ignore all but the last one? And issue
warnings at the same time?
i.e. for the following:
struct trailing_array {
int c1;
int final;
int array_4[] __attribute ((counted_by (c1))) __attribute ((counted_by
(final)));
};
For the above, issue warning by default:
multiple 'counted-by' attribute specified for the same flexible array member
field “array_4”, only the last one “final” is valid.
??
> (Multiple
> attributes with the *same* identifier are probably OK to allow; maybe that
> could arise in code using complicated macros that end up adding the
> attribute more than once.)
Okay.
Shall we issue warnings for this case? (Probably not??)
>
>> +@cindex @code{counted_by} variable attribute
>> +@item counted_by (@var{count})
>> +The @code{counted_by} attribute may be attached to the C99 flexible array
>> +member of a structure. It indicates that the number of the elements of the
>> +array is given by the field named "@var{count}" in the same structure as the
>> +flexible array member.
>
> You shouldn't use ASCII quotes like that in Texinfo (outside @code etc.
> where they represent literal quotes in programming language source code).
> You can say ``@var{count}'' if you wish to quote the name.
A little confused with the above..
So, what should I change in the above statement?
>
>> +The field that represents the number of the elements should have an
>> +integer type. Otherwise, the compiler will report a warning and ignore
>> +the attribute.
>> +When the field that represents the number of the elements is assigned a
>> +negative integer value, the compiler will treat the value as zero.
>
> In general it's best for documentation to be in the present tense (so the
> compiler *reports* a warning rather than "will report", *treats* the value
> as zero rather than "will treat").
thanks, will update them.
>
>> +It's the user's responsibility to make sure the above requirements to
>> +be kept all the time. Otherwise the compiler will report warnings,
>> +at the same time, the results of the array bound sanitizer and the
>> +@code{__builtin_dynamic_object_size} is undefined.
>
> Likewise.
Okay.
Thanks a lot.
Qing
>
> --
> Joseph S. Myers
> josmy...@redhat.com
>
[PATCH v7 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
gcc/c-family/ChangeLog:
* c-ubsan.cc (get_bound_from_access_with_size): New function.
(ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-4.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
---
gcc/c-family/c-ubsan.cc | 42 +
.../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
.../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
.../ubsan/flex-array-counted-by-bounds-4.c| 34 ++
.../ubsan/flex-array-counted-by-bounds.c | 46 +++
5 files changed, 201 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 940982819ddf..7cd3c6aa5b88 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data));
}
+/* Get the tree that represented the number of counted_by, i.e, the maximum
+ number of the elements of the object that the call to .ACCESS_WITH_SIZE
+ points to, this number will be the bound of the corresponding array. */
+static tree
+get_bound_from_access_with_size (tree call)
+{
+ if (!is_access_with_size_p (call))
+return NULL_TREE;
+
+ tree ref_to_size = CALL_EXPR_ARG (call, 1);
+ unsigned int class_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
+ tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
+ tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
+ build_int_cst (ptr_type_node, 0));
+ /* If size is negative value, treat it as zero. */
+ if (!TYPE_UNSIGNED (type))
+ {
+tree cond = fold_build2 (LT_EXPR, boolean_type_node,
+unshare_expr (size), build_zero_cst (type));
+size = fold_build3 (COND_EXPR, type, cond,
+ build_zero_cst (type), size);
+ }
+
+ /* Only when class_of_size is 1, i.e, the number of the elements of
+ the object type, return the size. */
+ if (class_of_size != 1)
+return NULL_TREE;
+ else
+size = fold_convert (sizetype, size);
+
+ return size;
+}
+
+
/* Instrument array bounds for ARRAY_REFs. We create special builtin,
that gets expanded in the sanopt pass, and make an array dimension
of it. ARRAY is the array, *INDEX is an index to the array.
@@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree
*index,
&& COMPLETE_TYPE_P (type)
&& integer_zerop (TYPE_SIZE (type)))
bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
+ else if (INDIRECT_REF_P (array)
+ && is_access_with_size_p ((TREE_OPERAND (array, 0
+ {
+ bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
+ bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
+ bound,
+ build_int_cst (TREE_TYPE (bound), 1));
+ }
else
return NULL_TREE;
}
diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
new file mode 100644
index ..148934975ee5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
@@ -0,0 +1,45 @@
+/* test the attribute counted_by and its usage in
+ bounds sanitizer combined with VLA. */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-output "index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int
\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+
+
+#include
+
+void __attribute__((__noinline__)) setup_and_test_vla (int n, int m)
+{
+ struct foo {
+ int n;
+ int p[][n] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n]));
+ f->n = m;
+ f->p[m][n-1]=1;
+ return;
+}
+
+void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, int m)
+{
+ struct foo {
+int n;
+int p[][n2][n1] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc
[PATCH v7 5/5] Add the 6th argument to .ACCESS_WITH_SIZE
to carry the TYPE of the flexible array.
Such information is needed during tree-object-size.cc.
We cannot use the result type or the type of the 1st argument
of the routine .ACCESS_WITH_SIZE to decide the element type
of the original array due to possible type casting in the
source code.
gcc/c/ChangeLog:
* c-typeck.cc (build_access_with_size_for_counted_by): Add the 6th
argument to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): Use the type
of the 6th argument for the type of the element.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-6.c: New test.
---
gcc/c/c-typeck.cc | 11 +++--
gcc/internal-fn.cc| 2 +
.../gcc.dg/flex-array-counted-by-6.c | 46 +++
gcc/tree-object-size.cc | 16 ---
4 files changed, 66 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index a29a7d7ec029..c17ac6862546 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -2608,7 +2608,8 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
to:
- (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1))
+ (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1,
+ (TYPE_OF_ARRAY *)0))
NOTE: The return type of this function is the POINTER type pointing
to the original flexible array type.
@@ -2620,6 +2621,9 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
The 4th argument of the call is a constant 0 with the TYPE of the
object pointed by COUNTED_BY_REF.
+ The 6th argument of the call is a constant 0 with the pointer TYPE
+ to the original flexible array type.
+
*/
static tree
build_access_with_size_for_counted_by (location_t loc, tree ref,
@@ -2632,12 +2636,13 @@ build_access_with_size_for_counted_by (location_t loc,
tree ref,
tree call
= build_call_expr_internal_loc (loc, IFN_ACCESS_WITH_SIZE,
- result_type, 5,
+ result_type, 6,
array_to_pointer_conversion (loc, ref),
counted_by_ref,
build_int_cst (integer_type_node, 1),
build_int_cst (counted_by_type, 0),
- build_int_cst (integer_type_node, -1));
+ build_int_cst (integer_type_node, -1),
+ build_int_cst (result_type, 0));
/* Wrap the call with an INDIRECT_REF with the flexible array type. */
call = build1 (INDIRECT_REF, TREE_TYPE (ref), call);
SET_EXPR_LOCATION (call, loc);
diff --git a/gcc/internal-fn.cc b/gcc/internal-fn.cc
index e744080ee670..34e4a4aea534 100644
--- a/gcc/internal-fn.cc
+++ b/gcc/internal-fn.cc
@@ -3411,6 +3411,8 @@ expand_DEFERRED_INIT (internal_fn, gcall *stmt)
1: read_only
2: write_only
3: read_write
+ 6th argument: A constant 0 with the pointer TYPE to the original flexible
+ array type.
Both the return type and the type of the first argument of this
function have been converted from the incomplete array type to
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
new file mode 100644
index ..65a401796479
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
@@ -0,0 +1,46 @@
+/* test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. when the type of the flexible array member
+ * is casting to another type. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+typedef unsigned short u16;
+
+struct info {
+ u16 data_len;
+ char data[] __attribute__((counted_by(data_len)));
+};
+
+struct foo {
+ int a;
+ int b;
+};
+
+static __attribute__((__noinline__))
+struct info *setup ()
+{
+ struct info *p;
+ size_t bytes = 3 * sizeof(struct foo);
+
+ p = (struct info *)malloc (sizeof (struct info) + bytes);
+ p->data_len = bytes;
+
+ return p;
+}
+
+static void
+__attribute__((__noinline__)) report (struct info *p)
+{
+ struct foo *bar = (struct foo *)p->data;
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 1), 1), 16);
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 2), 1), 8);
+}
+
+int main(int argc, char *argv[])
+{
+ struct info *p = setup();
+ report(p);
+ return 0;
+}
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index d258d0947545..ee9a0415c21c 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -762,9 +762,11 @@ addr_object_size (struct object_size_info *osi, const_tree
ptr,
1: the number of the elements of the object type;
4th argument
[PATCH v7 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): New function.
(call_object_size): Call the new function.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
* gcc.dg/flex-array-counted-by-3.c: New test.
* gcc.dg/flex-array-counted-by-4.c: New test.
* gcc.dg/flex-array-counted-by-5.c: New test.
---
.../gcc.dg/builtin-object-size-common.h | 11 ++
.../gcc.dg/flex-array-counted-by-3.c | 63 +++
.../gcc.dg/flex-array-counted-by-4.c | 178 ++
.../gcc.dg/flex-array-counted-by-5.c | 48 +
gcc/tree-object-size.cc | 60 ++
5 files changed, 360 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
index 66ff7cdd953a..b677067c6e6b 100644
--- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
+++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
@@ -30,3 +30,14 @@ unsigned nfails = 0;
__builtin_abort ();\
return 0;\
} while (0)
+
+#define EXPECT(p, _v) do { \
+ size_t v = _v; \
+ if (p == v)\
+__builtin_printf ("ok: %s == %zd\n", #p, p);\
+ else \
+{\
+ __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v);\
+ FAIL (); \
+}\
+} while (0);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
new file mode 100644
index ..0066c32ca808
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
@@ -0,0 +1,63 @@
+/* test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+struct flex {
+ int b;
+ int c[];
+} *array_flex;
+
+struct annotated {
+ int b;
+ int c[] __attribute__ ((counted_by (b)));
+} *array_annotated;
+
+struct nested_annotated {
+ struct {
+union {
+ int b;
+ float f;
+};
+int n;
+ };
+ int c[] __attribute__ ((counted_by (b)));
+} *array_nested_annotated;
+
+void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
+{
+ array_flex
+= (struct flex *)malloc (sizeof (struct flex)
++ normal_count * sizeof (int));
+ array_flex->b = normal_count;
+
+ array_annotated
+= (struct annotated *)malloc (sizeof (struct annotated)
+ + attr_count * sizeof (int));
+ array_annotated->b = attr_count;
+
+ array_nested_annotated
+= (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
++ attr_count * sizeof (int));
+ array_nested_annotated->b = attr_count;
+
+ return;
+}
+
+void __attribute__((__noinline__)) test ()
+{
+EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1);
+EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1),
+ array_annotated->b * sizeof (int));
+EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1),
+ array_nested_annotated->b * sizeof (int));
+}
+
+int main(int argc, char *argv[])
+{
+ setup (10,10);
+ test ();
+ DONE ();
+}
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
new file mode 100644
index ..3ce7f3545549
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
@@ -0,0 +1,178 @@
+/* test the attribute counted_by and its usage in
+__builtin_dynamic_object_size: what's the correct behavior when the
+allocation size mismatched with the value of counted_by attribute?
+we should always use the latest value that is hold by the counted_by
+field. */
+/* { dg-do run } */
+/* { dg-options "-O -fstrict-flex-arrays=3" } */
+
+#include "builtin-object-size-common.h"
+
+struct annotated {
+ size_t foo;
+ char others;
+ char array[] __attribute__((counted_by (foo)));
+};
+
+#define noinline __attribute__((__noinline__))
+#define SIZE_BUMP 10
+#define MAX(a, b) ((a) > (b) ? (a) : (b))
+
+/* In general, Due to type casting, the type for the pointee of a pointer
+ does not say
[PATCH v7 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
Including the following changes:
* The definition of the new internal function .ACCESS_WITH_SIZE
in internal-fn.def.
* C FE converts every reference to a FAM with a "counted_by" attribute
to a call to the internal function .ACCESS_WITH_SIZE.
(build_component_ref in c_typeck.cc)
This includes the case when the object is statically allocated and
initialized.
In order to make this working, the routines initializer_constant_valid_p_1
and output_constant in varasm.cc are updated to handle calls to
.ACCESS_WITH_SIZE.
(initializer_constant_valid_p_1 and output_constant in varasm.c)
However, for the reference inside "offsetof", the "counted_by" attribute is
ignored since it's not useful at all.
(c_parser_postfix_expression in c/c-parser.cc)
In addtion to "offsetof", for the reference inside operator "typeof" and
"alignof", we ignore counted_by attribute too.
When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE,
replace the call with its first argument.
* Convert every call to .ACCESS_WITH_SIZE to its first argument.
(expand_ACCESS_WITH_SIZE in internal-fn.cc)
* Adjust alias analysis to exclude the new internal from clobbering anything.
(ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc)
* Adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE when
it's LHS is eliminated as dead code.
(eliminate_unnecessary_stmts in tree-ssa-dce.cc)
* Provide the utility routines to check the call is .ACCESS_WITH_SIZE and
get the reference from the call to .ACCESS_WITH_SIZE.
(is_access_with_size_p and get_ref_from_access_with_size in tree.cc)
gcc/c/ChangeLog:
* c-parser.cc (c_parser_postfix_expression): Ignore the counted-by
attribute when build_component_ref inside offsetof operator.
* c-tree.h (build_component_ref): Add one more parameter.
* c-typeck.cc (build_counted_by_ref): New function.
(build_access_with_size_for_counted_by): New function.
(build_component_ref): Check the counted-by attribute and build
call to .ACCESS_WITH_SIZE.
(build_unary_op): When building ADDR_EXPR for
.ACCESS_WITH_SIZE, use its first argument.
(lvalue_p): Accept call to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* internal-fn.cc (expand_ACCESS_WITH_SIZE): New function.
* internal-fn.def (ACCESS_WITH_SIZE): New internal function.
* tree-ssa-alias.cc (ref_maybe_used_by_call_p_1): Special case
IFN_ACCESS_WITH_SIZE.
(call_may_clobber_ref_p_1): Special case IFN_ACCESS_WITH_SIZE.
* tree-ssa-dce.cc (eliminate_unnecessary_stmts): Eliminate the call
to .ACCESS_WITH_SIZE when its LHS is dead.
* tree.cc (process_call_operands): Adjust side effect for function
.ACCESS_WITH_SIZE.
(is_access_with_size_p): New function.
(get_ref_from_access_with_size): New function.
* tree.h (is_access_with_size_p): New prototype.
(get_ref_from_access_with_size): New prototype.
* varasm.cc (initializer_constant_valid_p_1): Handle call to
.ACCESS_WITH_SIZE.
(output_constant): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-2.c: New test.
---
gcc/c/c-parser.cc | 10 +-
gcc/c/c-tree.h| 2 +-
gcc/c/c-typeck.cc | 128 +-
gcc/internal-fn.cc| 35 +
gcc/internal-fn.def | 4 +
.../gcc.dg/flex-array-counted-by-2.c | 112 +++
gcc/tree-ssa-alias.cc | 2 +
gcc/tree-ssa-dce.cc | 5 +-
gcc/tree.cc | 25 +++-
gcc/tree.h| 8 ++
gcc/varasm.cc | 10 ++
11 files changed, 331 insertions(+), 10 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-2.c
diff --git a/gcc/c/c-parser.cc b/gcc/c/c-parser.cc
index c31349dae2ff..a6ed5ac43bb1 100644
--- a/gcc/c/c-parser.cc
+++ b/gcc/c/c-parser.cc
@@ -10850,9 +10850,12 @@ c_parser_postfix_expression (c_parser *parser)
if (c_parser_next_token_is (parser, CPP_NAME))
{
c_token *comp_tok = c_parser_peek_token (parser);
+ /* Ignore the counted_by attribute for reference inside
+ offsetof since the information is not useful at all. */
offsetof_ref
= build_component_ref (loc, offsetof_ref, comp_tok->value,
-comp_tok->location, UNKNOWN_LOCATION);
+comp_tok->location, UNKNOWN_LOCATION,
+false);
c_parser_consume_token (parser);
while (c_parser_next_token_is (parser, CPP_DOT)
||
[PATCH v7 1/5] Provide counted_by attribute to flexible array member field (PR108896)
'counted_by (COUNT)'
The 'counted_by' attribute may be attached to the C99 flexible
array member of a structure. It indicates that the number of the
elements of the array is given by the field named "COUNT" in the
same structure as the flexible array member.
GCC may use this information to improve detection of object size
information
for such structures and provide better results in compile-time diagnostics
and runtime features like the array bound sanitizer and
the '__builtin_dynamic_object_size'.
For instance, the following code:
struct P {
size_t count;
char other;
char array[] __attribute__ ((counted_by (count)));
} *p;
specifies that the 'array' is a flexible array member whose number
of elements is given by the field 'count' in the same structure.
The field that represents the number of the elements should have an
integer type. Otherwise, the compiler will report a warning and
ignore the attribute.
When the field that represents the number of the elements is assigned a
negative integer value, the compiler will treat the value as zero.
An explicit 'counted_by' annotation defines a relationship between
two objects, 'p->array' and 'p->count', and there are the following
requirementthat on the relationship between this pair:
* 'p->count' must be initialized before the first reference to
'p->array';
* 'p->array' has _at least_ 'p->count' number of elements
available all the time. This relationship must hold even
after any of these related objects are updated during the
program.
It's the user's responsibility to make sure the above requirements
to be kept all the time. Otherwise the compiler will report
warnings, at the same time, the results of the array bound
sanitizer and the '__builtin_dynamic_object_size' is undefined.
One important feature of the attribute is, a reference to the
flexible array member field will use the latest value assigned to
the field that represents the number of the elements before that
reference. For example,
p->count = val1;
p->array[20] = 0; // ref1 to p->array
p->count = val2;
p->array[30] = 0; // ref2 to p->array
in the above, 'ref1' will use 'val1' as the number of the elements
in 'p->array', and 'ref2' will use 'val2' as the number of elements
in 'p->array'.
gcc/c-family/ChangeLog:
PR C/108896
* c-attribs.cc (handle_counted_by_attribute): New function.
(attribute_takes_identifier_p): Add counted_by attribute to the list.
* c-common.cc (c_flexible_array_member_type_p): ...To this.
* c-common.h (c_flexible_array_member_type_p): New prototype.
gcc/c/ChangeLog:
PR C/108896
* c-decl.cc (flexible_array_member_type_p): Renamed and moved to...
(add_flexible_array_elts_to_size): Use renamed function.
(is_flexible_array_member_p): Use renamed function.
(verify_counted_by_attribute): New function.
(finish_struct): Use renamed function and verify counted_by
attribute.
* c-tree.h (lookup_field): New prototype.
* c-typeck.cc (lookup_field): Expose as extern function.
gcc/ChangeLog:
PR C/108896
* doc/extend.texi: Document attribute counted_by.
gcc/testsuite/ChangeLog:
PR C/108896
* gcc.dg/flex-array-counted-by.c: New test.
---
gcc/c-family/c-attribs.cc| 54 +-
gcc/c-family/c-common.cc | 13
gcc/c-family/c-common.h | 1 +
gcc/c/c-decl.cc | 78 +++-
gcc/c/c-tree.h | 1 +
gcc/c/c-typeck.cc| 3 +-
gcc/doc/extend.texi | 67 +
gcc/testsuite/gcc.dg/flex-array-counted-by.c | 40 ++
8 files changed, 237 insertions(+), 20 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by.c
diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
index 40a0cf90295d..51cf91c4fbfd 100644
--- a/gcc/c-family/c-attribs.cc
+++ b/gcc/c-family/c-attribs.cc
@@ -105,6 +105,8 @@ static tree handle_warn_if_not_aligned_attribute (tree *,
tree, tree,
int, bool *);
static tree handle_strict_flex_array_attribute (tree *, tree, tree,
int, bool *);
+static tree handle_counted_by_attribute (tree *, tree, tree,
+ int, bool *);
static tree handle_weak_attribute (tree *, tree, tree, int, bool *) ;
static tree handle_noplt_attribute (tree *, tree, tree, int, bool *) ;
static tree handle_alias_ifunc_attribute (bool, tree *, tree, tree, bool *);
@@ -412,6
[PATCH v7 0/5] New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
Hi, This is the 7th version of the patch. compare with the 6th version, the difference are: updates per Siddhesh's comments: 1. update the error messages in "handle_counted_by_attribute" then update the testing case accordingly; 2. update the error messages in "verify_counted_by_attribute" then update the testing case accordingly; 3. update the documentation of "counted_by" in extend.texi 4. for the 3rd argument of ACCESS_WITH_SIZE, change it as following: + 3rd argument CLASS_OF_SIZE: The size referenced by the REF_TO_SIZE represents + 0: the number of bytes; + 1: the number of the elements of the object type; Update all other places accordingly. 5. update the comments of the routine "access_with_size_object_size" bail out if (object_size_type & OST_DYNAMIC) == 0 for this routine. change the variable name of "type_of_size" to "class_of_size" for consistence. 6. add one more testing case for bound sanitizer to handle the case when counted-by field is zero value. It based on the following original proposal: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html Represent the missing dependence for the "counted_by" attribute and its consumers **The summary of the proposal is: * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size information for every reference to a FAM field; * In C FE, Replace every reference to a FAM field whose TYPE has the "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; * In every consumer of the size information, for example, BDOS or array bound sanitizer, query the size information or ACCESS_MODE information from the new internal function; * When expansing to RTL, replace the internal function with the actual reference to the FAM field; * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the impact to the optimizer and code generation. **The new internal function .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE, ACCESS_MODE, TYPE_OF_REF) INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) which returns the "REF_TO_OBJ" same as the 1st argument; Both the return type and the type of the first argument of this function have been converted from the incomplete array type to the corresponding pointer type. The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is the original imcomplete array type. Please see the following link for why: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html 1st argument "REF_TO_OBJ": The reference to the object; 2nd argument "REF_TO_SIZE": The reference to the size of the object, 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE represents 0: the number of bytes; 1: the number of the elements of the object type; 4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object refed by REF_TO_SIZE 5th argument "ACCESS_MODE": -1: Unknown access semantics 0: none 1: read_only 2: write_only 3: read_write 6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to to the original flexible array type. ** The Patch sets included: 1. Provide counted_by attribute to flexible array member field; which includes: * "counted_by" attribute documentation; * C FE handling of the new attribute; syntax checking, error reporting; * testing cases; 2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE. which includes: * The definition of the new internal function .ACCESS_WITH_SIZE in internal-fn.def. * C FE converts every reference to a FAM with "counted_by" attribute to a call to the internal function .ACCESS_WITH_SIZE. (build_component_ref in c_typeck.cc) This includes the case when the object is statically allocated and initialized. In order to make this working, we should update initializer_constant_valid_p_1 and output_constant in varasm.cc to include calls to .ACCESS_WITH_SIZE. However, for the reference inside "offsetof", ignore the "counted_by" attribute since it's not useful at all. (c_parser_postfix_expression in c/c-parser.cc) In addtion to "offsetof", for the reference inside operator "typeof" and "alignof", we ignore counted_by attribute too. When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE, replace the call with its first argument. * Convert every call to .ACCESS_WITH_SIZE to its first argument. (expand_ACCESS_WITH_SIZE in internal-fn.cc) * adjust alias analysis to exclude the new internal from clobbering anything. (ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc) * adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE when it's LHS is eliminated as dead code. (eliminate_unnecessary_stmts in tree-ssa-dce.cc)
Re: [PATCH][tree-object-size]Pass OST_DYNAMIC information to early_object_size phase
On Mar 19, 2024, at 09:46, Jakub Jelinek wrote:
On Tue, Mar 19, 2024 at 01:14:51PM +, Qing Zhao wrote:
Currently, the OST_DYNAMIC information is not passed to
early_object_sizes phase. Pass this information to it, and adjust the code
and testing case accordingly.
Can you explain why do you think this is desirable?
Having both passes emit the dynamic instrumentation is IMHO undesirable,
the first pass exists just to catch subobject properties which are later
lost.
Okay, thanks for the comments. This makes good sense to me. So, the dynamic
information
was intended to be ignored in the early pass.
I will try to fix the original issue (for the counted-by patches) in the other
direction.
In any case, if this isn't a regression fix, it isn't suitable for
stage4, seems quite risky.
Agreed.
thanks.
Qing
* tree-object-size.cc (early_object_sizes_execute_one): Add one more
argument is_dynamic.
(object_sizes_execute): Call early_object_sizes_execute_one with one
more argument.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-dynamic-object-size-10.c: Update testing case.
---
gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c | 4 ++--
gcc/tree-object-size.cc | 11 ---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
b/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
index 3a2d9821a44e..3c5430b51358 100644
--- a/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
+++ b/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
@@ -7,5 +7,5 @@
/* early_objsz should resolve __builtin_dynamic_object_size like
__builtin_object_size. */
-/* { dg-final { scan-tree-dump "maximum object size 21" "early_objsz" } } */
-/* { dg-final { scan-tree-dump "maximum subobject size 16" "early_objsz" } } */
+/* { dg-final { scan-tree-dump "maximum dynamic object size 21" "early_objsz"
} } */
+/* { dg-final { scan-tree-dump "maximum dynamic subobject size 16"
"early_objsz" } } */
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 018fbc30cbb6..57739eed3abf 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -2050,7 +2050,8 @@ do_valueize (tree t)
since we're only looking for constant bounds. */
static void
-early_object_sizes_execute_one (gimple_stmt_iterator *i, gimple *call)
+early_object_sizes_execute_one (gimple_stmt_iterator *i, gimple *call,
+ bool is_dynamic)
{
tree ost = gimple_call_arg (call, 1);
tree lhs = gimple_call_lhs (call);
@@ -2060,9 +2061,12 @@ early_object_sizes_execute_one (gimple_stmt_iterator *i,
gimple *call)
return;
unsigned HOST_WIDE_INT object_size_type = tree_to_uhwi (ost);
+ if (is_dynamic)
+object_size_type |= OST_DYNAMIC;
+
tree ptr = gimple_call_arg (call, 0);
- if (object_size_type != 1 && object_size_type != 3)
+ if ((object_size_type & OST_SUBOBJECT) == 0)
return;
if (TREE_CODE (ptr) != ADDR_EXPR && TREE_CODE (ptr) != SSA_NAME)
@@ -2071,6 +2075,7 @@ early_object_sizes_execute_one (gimple_stmt_iterator *i,
gimple *call)
tree type = TREE_TYPE (lhs);
tree bytes;
if (!compute_builtin_object_size (ptr, object_size_type, )
+ || (TREE_CODE (bytes) != INTEGER_CST)
|| !int_fits_type_p (bytes, type))
return;
@@ -2153,7 +2158,7 @@ object_sizes_execute (function *fun, bool early)
__builtin_dynamic_object_size too. */
if (early)
{
- early_object_sizes_execute_one (, call);
+ early_object_sizes_execute_one (, call, dynamic);
continue;
}
--
2.31.1
Jakub
[PATCH][tree-object-size]Pass OST_DYNAMIC information to early_object_size phase
Currently, the OST_DYNAMIC information is not passed to
early_object_sizes phase. Pass this information to it, and adjust the code
and testing case accordingly.
bootstrapped and regress tested on both x86 and aarch64. no issue.
Okay for trunk?
thanks.
Qing
gcc/ChangeLog:
* tree-object-size.cc (early_object_sizes_execute_one): Add one more
argument is_dynamic.
(object_sizes_execute): Call early_object_sizes_execute_one with one
more argument.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-dynamic-object-size-10.c: Update testing case.
---
gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c | 4 ++--
gcc/tree-object-size.cc | 11 ---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
b/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
index 3a2d9821a44e..3c5430b51358 100644
--- a/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
+++ b/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-10.c
@@ -7,5 +7,5 @@
/* early_objsz should resolve __builtin_dynamic_object_size like
__builtin_object_size. */
-/* { dg-final { scan-tree-dump "maximum object size 21" "early_objsz" } } */
-/* { dg-final { scan-tree-dump "maximum subobject size 16" "early_objsz" } } */
+/* { dg-final { scan-tree-dump "maximum dynamic object size 21" "early_objsz"
} } */
+/* { dg-final { scan-tree-dump "maximum dynamic subobject size 16"
"early_objsz" } } */
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 018fbc30cbb6..57739eed3abf 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -2050,7 +2050,8 @@ do_valueize (tree t)
since we're only looking for constant bounds. */
static void
-early_object_sizes_execute_one (gimple_stmt_iterator *i, gimple *call)
+early_object_sizes_execute_one (gimple_stmt_iterator *i, gimple *call,
+ bool is_dynamic)
{
tree ost = gimple_call_arg (call, 1);
tree lhs = gimple_call_lhs (call);
@@ -2060,9 +2061,12 @@ early_object_sizes_execute_one (gimple_stmt_iterator *i,
gimple *call)
return;
unsigned HOST_WIDE_INT object_size_type = tree_to_uhwi (ost);
+ if (is_dynamic)
+object_size_type |= OST_DYNAMIC;
+
tree ptr = gimple_call_arg (call, 0);
- if (object_size_type != 1 && object_size_type != 3)
+ if ((object_size_type & OST_SUBOBJECT) == 0)
return;
if (TREE_CODE (ptr) != ADDR_EXPR && TREE_CODE (ptr) != SSA_NAME)
@@ -2071,6 +2075,7 @@ early_object_sizes_execute_one (gimple_stmt_iterator *i,
gimple *call)
tree type = TREE_TYPE (lhs);
tree bytes;
if (!compute_builtin_object_size (ptr, object_size_type, )
+ || (TREE_CODE (bytes) != INTEGER_CST)
|| !int_fits_type_p (bytes, type))
return;
@@ -2153,7 +2158,7 @@ object_sizes_execute (function *fun, bool early)
__builtin_dynamic_object_size too. */
if (early)
{
- early_object_sizes_execute_one (, call);
+ early_object_sizes_execute_one (, call, dynamic);
continue;
}
--
2.31.1
Re: [PATCH v6 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
> On Mar 18, 2024, at 12:30, Siddhesh Poyarekar wrote: > > On 2024-03-18 12:28, Qing Zhao wrote: >>>> This should probably bail out if object_size_type & OST_DYNAMIC == 0. >>> Okay. Will add this. >> When add this into access_with_size_object_size, I found some old bugs in >> early_object_sizes_execute_one, and fixed them as well. > > Would you be able to isolate this fix and post them separately? I reckon > they would be relevant for gcc 14 too. Yes, that’s a good idea, I can do that. No specific testing case for it, though. thanks. Qing > > Thanks, > Sid
Re: [PATCH v6 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
On Mar 13, 2024, at 15:17, Qing Zhao wrote:
On Mar 11, 2024, at 13:11, Siddhesh Poyarekar wrote:
On 2024-02-16 14:47, Qing Zhao wrote:
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): New function.
(call_object_size): Call the new function.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
* gcc.dg/flex-array-counted-by-3.c: New test.
* gcc.dg/flex-array-counted-by-4.c: New test.
* gcc.dg/flex-array-counted-by-5.c: New test.
---
.../gcc.dg/builtin-object-size-common.h | 11 ++
.../gcc.dg/flex-array-counted-by-3.c | 63 +++
.../gcc.dg/flex-array-counted-by-4.c | 178 ++
.../gcc.dg/flex-array-counted-by-5.c | 48 +
gcc/tree-object-size.cc | 59 ++
5 files changed, 359 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
index 66ff7cdd953a..b677067c6e6b 100644
--- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
+++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
@@ -30,3 +30,14 @@ unsigned nfails = 0;
__builtin_abort (); \
return 0; \
} while (0)
+
+#define EXPECT(p, _v) do { \
+ size_t v = _v; \
+ if (p == v) \
+__builtin_printf ("ok: %s == %zd\n", #p, p); \
+ else \
+{ \
+ __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v); \
+ FAIL (); \
+} \
+} while (0);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
new file mode 100644
index ..0066c32ca808
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
@@ -0,0 +1,63 @@
+/* test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+struct flex {
+ int b;
+ int c[];
+} *array_flex;
+
+struct annotated {
+ int b;
+ int c[] __attribute__ ((counted_by (b)));
+} *array_annotated;
+
+struct nested_annotated {
+ struct {
+union {
+ int b;
+ float f;
+};
+int n;
+ };
+ int c[] __attribute__ ((counted_by (b)));
+} *array_nested_annotated;
+
+void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
+{
+ array_flex
+= (struct flex *)malloc (sizeof (struct flex)
+ + normal_count * sizeof (int));
+ array_flex->b = normal_count;
+
+ array_annotated
+= (struct annotated *)malloc (sizeof (struct annotated)
+ + attr_count * sizeof (int));
+ array_annotated->b = attr_count;
+
+ array_nested_annotated
+= (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
+ + attr_count * sizeof (int));
+ array_nested_annotated->b = attr_count;
+
+ return;
+}
+
+void __attribute__((__noinline__)) test ()
+{
+EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1);
+EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1),
+array_annotated->b * sizeof (int));
+EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1),
+array_nested_annotated->b * sizeof (int));
+}
+
+int main(int argc, char *argv[])
+{
+ setup (10,10);
+ test ();
+ DONE ();
+}
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
new file mode 100644
index ..3ce7f3545549
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
@@ -0,0 +1,178 @@
+/* test the attribute counted_by and its usage in
+__builtin_dynamic_object_size: what's the correct behavior when the
+allocation size mismatched with the value of counted_by attribute?
+we should always use the latest value that is hold by the counted_by
+field. */
+/* { dg-do run } */
+/* { dg-options "-O -fstrict-flex-arrays=3" } */
+
+#include "builtin-object-size-common.h"
+
+struct annotated {
+ size_t foo;
+ char others;
+ char array[] __attribute__((counted_by (foo)));
+};
+
+#define noinline __attribute__((__noinline__))
+#define SIZE_BUMP 10
+#define MAX(a, b) ((a) > (b) ? (a) : (b))
+
+/* In general, Due to type casting, the type for the pointee of a pointer
+ does not say anything about the object it points to,
+ So, __builtin_object_size can not directly use the type of the pointee
+ to decide the size of the object the pointer points to.
+
+ there are only two reliable ways:
+ A. observed allocations (call to the allocation functions in the routine)
+ B. observed accesses (read or write access to the location of the
+ pointer points to)
+
+ that provide information abou
Re: [PATCH v6 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
On Mar 13, 2024, at 15:19, Qing Zhao wrote:
On Mar 11, 2024, at 13:15, Siddhesh Poyarekar wrote:
On 2024-02-16 14:47, Qing Zhao wrote:
gcc/c-family/ChangeLog:
* c-ubsan.cc (get_bound_from_access_with_size): New function.
(ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
---
gcc/c-family/c-ubsan.cc | 42 +
.../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
.../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
.../ubsan/flex-array-counted-by-bounds.c | 46 +++
4 files changed, 167 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 940982819ddf..164b29845b3a 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data));
}
+/* Get the tree that represented the number of counted_by, i.e, the maximum
+ number of the elements of the object that the call to .ACCESS_WITH_SIZE
+ points to, this number will be the bound of the corresponding array. */
+static tree
+get_bound_from_access_with_size (tree call)
+{
+ if (!is_access_with_size_p (call))
+return NULL_TREE;
+
+ tree ref_to_size = CALL_EXPR_ARG (call, 1);
+ unsigned int type_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
Again for consistency, this should probably be class_of_size.
Okay, I will update this consistently with the change relate to the 3rd
argument.
+ tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
+ tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
+build_int_cst (ptr_type_node, 0));
+ /* If size is negative value, treat it as zero. */
+ if (!TYPE_UNSIGNED (type))
+ {
+tree cond = fold_build2 (LT_EXPR, boolean_type_node,
+ unshare_expr (size), build_zero_cst (type));
+size = fold_build3 (COND_EXPR, type, cond,
+ build_zero_cst (type), size);
+ }
+
+ /* Only when type_of_size is 1,i.e, the number of the elements of
+ the object type, return the size. */
+ if (type_of_size != 1)
+return NULL_TREE;
+ else
+size = fold_convert (sizetype, size);
+
+ return size;
+}
+
+
/* Instrument array bounds for ARRAY_REFs. We create special builtin,
that gets expanded in the sanopt pass, and make an array dimension
of it. ARRAY is the array, *INDEX is an index to the array.
@@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree
*index,
&& COMPLETE_TYPE_P (type)
&& integer_zerop (TYPE_SIZE (type)))
bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
+ else if (INDIRECT_REF_P (array)
+&& is_access_with_size_p ((TREE_OPERAND (array, 0
+ {
+ bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
+ bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
+bound,
+build_int_cst (TREE_TYPE (bound), 1));
+ }
This will wrap if bound == 0, maybe that needs to be special-cased. And maybe
also add a test for it below.
Will check on this to see whether a new testing is needed.
Checked, the current code can handle the case when bound==0 correctly.
I just add a new testing case for this.
thanks.
Qing
Thanks a lot for the review.
Qing
else
return NULL_TREE;
}
diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
new file mode 100644
index ..148934975ee5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
@@ -0,0 +1,45 @@
+/* test the attribute counted_by and its usage in
+ bounds sanitizer combined with VLA. */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-output "index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int
\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+
+
+#include
+
+void __attribute__((__noinline__)) setup_and_test_vla (int n, int m)
+{
+ struct foo {
+ int n;
+ int p[][n] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(str
Re: [PATCH v6 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
On Mar 11, 2024, at 13:15, Siddhesh Poyarekar wrote:
On 2024-02-16 14:47, Qing Zhao wrote:
gcc/c-family/ChangeLog:
* c-ubsan.cc (get_bound_from_access_with_size): New function.
(ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
---
gcc/c-family/c-ubsan.cc | 42 +
.../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
.../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
.../ubsan/flex-array-counted-by-bounds.c | 46 +++
4 files changed, 167 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 940982819ddf..164b29845b3a 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data));
}
+/* Get the tree that represented the number of counted_by, i.e, the maximum
+ number of the elements of the object that the call to .ACCESS_WITH_SIZE
+ points to, this number will be the bound of the corresponding array. */
+static tree
+get_bound_from_access_with_size (tree call)
+{
+ if (!is_access_with_size_p (call))
+return NULL_TREE;
+
+ tree ref_to_size = CALL_EXPR_ARG (call, 1);
+ unsigned int type_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
Again for consistency, this should probably be class_of_size.
Okay, I will update this consistently with the change relate to the 3rd
argument.
+ tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
+ tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
+build_int_cst (ptr_type_node, 0));
+ /* If size is negative value, treat it as zero. */
+ if (!TYPE_UNSIGNED (type))
+ {
+tree cond = fold_build2 (LT_EXPR, boolean_type_node,
+ unshare_expr (size), build_zero_cst (type));
+size = fold_build3 (COND_EXPR, type, cond,
+ build_zero_cst (type), size);
+ }
+
+ /* Only when type_of_size is 1,i.e, the number of the elements of
+ the object type, return the size. */
+ if (type_of_size != 1)
+return NULL_TREE;
+ else
+size = fold_convert (sizetype, size);
+
+ return size;
+}
+
+
/* Instrument array bounds for ARRAY_REFs. We create special builtin,
that gets expanded in the sanopt pass, and make an array dimension
of it. ARRAY is the array, *INDEX is an index to the array.
@@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree
*index,
&& COMPLETE_TYPE_P (type)
&& integer_zerop (TYPE_SIZE (type)))
bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
+ else if (INDIRECT_REF_P (array)
+&& is_access_with_size_p ((TREE_OPERAND (array, 0
+ {
+ bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
+ bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
+bound,
+build_int_cst (TREE_TYPE (bound), 1));
+ }
This will wrap if bound == 0, maybe that needs to be special-cased. And maybe
also add a test for it below.
Will check on this to see whether a new testing is needed.
Thanks a lot for the review.
Qing
else
return NULL_TREE;
}
diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
new file mode 100644
index ..148934975ee5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
@@ -0,0 +1,45 @@
+/* test the attribute counted_by and its usage in
+ bounds sanitizer combined with VLA. */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-output "index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int
\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+
+
+#include
+
+void __attribute__((__noinline__)) setup_and_test_vla (int n, int m)
+{
+ struct foo {
+ int n;
+ int p[][n] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n]));
+ f->n = m;
+ f->p[m][n-1]=1;
+ return;
+}
+
+void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, int m)
+{
+ struc
Re: [PATCH v6 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
On Mar 11, 2024, at 13:11, Siddhesh Poyarekar wrote:
On 2024-02-16 14:47, Qing Zhao wrote:
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): New function.
(call_object_size): Call the new function.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
* gcc.dg/flex-array-counted-by-3.c: New test.
* gcc.dg/flex-array-counted-by-4.c: New test.
* gcc.dg/flex-array-counted-by-5.c: New test.
---
.../gcc.dg/builtin-object-size-common.h | 11 ++
.../gcc.dg/flex-array-counted-by-3.c | 63 +++
.../gcc.dg/flex-array-counted-by-4.c | 178 ++
.../gcc.dg/flex-array-counted-by-5.c | 48 +
gcc/tree-object-size.cc | 59 ++
5 files changed, 359 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
index 66ff7cdd953a..b677067c6e6b 100644
--- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
+++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
@@ -30,3 +30,14 @@ unsigned nfails = 0;
__builtin_abort (); \
return 0; \
} while (0)
+
+#define EXPECT(p, _v) do { \
+ size_t v = _v; \
+ if (p == v) \
+__builtin_printf ("ok: %s == %zd\n", #p, p); \
+ else \
+{ \
+ __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v); \
+ FAIL (); \
+} \
+} while (0);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
new file mode 100644
index ..0066c32ca808
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
@@ -0,0 +1,63 @@
+/* test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+struct flex {
+ int b;
+ int c[];
+} *array_flex;
+
+struct annotated {
+ int b;
+ int c[] __attribute__ ((counted_by (b)));
+} *array_annotated;
+
+struct nested_annotated {
+ struct {
+union {
+ int b;
+ float f;
+};
+int n;
+ };
+ int c[] __attribute__ ((counted_by (b)));
+} *array_nested_annotated;
+
+void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
+{
+ array_flex
+= (struct flex *)malloc (sizeof (struct flex)
+ + normal_count * sizeof (int));
+ array_flex->b = normal_count;
+
+ array_annotated
+= (struct annotated *)malloc (sizeof (struct annotated)
+ + attr_count * sizeof (int));
+ array_annotated->b = attr_count;
+
+ array_nested_annotated
+= (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
+ + attr_count * sizeof (int));
+ array_nested_annotated->b = attr_count;
+
+ return;
+}
+
+void __attribute__((__noinline__)) test ()
+{
+EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1);
+EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1),
+array_annotated->b * sizeof (int));
+EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1),
+array_nested_annotated->b * sizeof (int));
+}
+
+int main(int argc, char *argv[])
+{
+ setup (10,10);
+ test ();
+ DONE ();
+}
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
new file mode 100644
index ..3ce7f3545549
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
@@ -0,0 +1,178 @@
+/* test the attribute counted_by and its usage in
+__builtin_dynamic_object_size: what's the correct behavior when the
+allocation size mismatched with the value of counted_by attribute?
+we should always use the latest value that is hold by the counted_by
+field. */
+/* { dg-do run } */
+/* { dg-options "-O -fstrict-flex-arrays=3" } */
+
+#include "builtin-object-size-common.h"
+
+struct annotated {
+ size_t foo;
+ char others;
+ char array[] __attribute__((counted_by (foo)));
+};
+
+#define noinline __attribute__((__noinline__))
+#define SIZE_BUMP 10
+#define MAX(a, b) ((a) > (b) ? (a) : (b))
+
+/* In general, Due to type casting, the type for the pointee of a pointer
+ does not say anything about the object it points to,
+ So, __builtin_object_size can not directly use the type of the pointee
+ to decide the size of the object the pointer points to.
+
+ there are only two reliable ways:
+ A. observed allocations (call to the allocation functions in the routine)
+ B. observed accesses (read or write access to the location of the
+ pointer points to)
+
+ that provide information about the type/existence of an object at
+ the corr
Re: [PATCH v6 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
> On Mar 11, 2024, at 13:09, Siddhesh Poyarekar wrote: > > > > On 2024-02-16 14:47, Qing Zhao wrote: >> Including the following changes: >> * The definition of the new internal function .ACCESS_WITH_SIZE >> in internal-fn.def. >> * C FE converts every reference to a FAM with a "counted_by" attribute >> to a call to the internal function .ACCESS_WITH_SIZE. >> (build_component_ref in c_typeck.cc) >> This includes the case when the object is statically allocated and >> initialized. >> In order to make this working, the routines initializer_constant_valid_p_1 >> and output_constant in varasm.cc are updated to handle calls to >> .ACCESS_WITH_SIZE. >> (initializer_constant_valid_p_1 and output_constant in varasm.c) >> However, for the reference inside "offsetof", the "counted_by" attribute is >> ignored since it's not useful at all. >> (c_parser_postfix_expression in c/c-parser.cc) >> In addtion to "offsetof", for the reference inside operator "typeof" and >> "alignof", we ignore counted_by attribute too. >> When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE, >> replace the call with its first argument. >> * Convert every call to .ACCESS_WITH_SIZE to its first argument. >> (expand_ACCESS_WITH_SIZE in internal-fn.cc) >> * Adjust alias analysis to exclude the new internal from clobbering anything. >> (ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in >> tree-ssa-alias.cc) >> * Adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE >> when >> it's LHS is eliminated as dead code. >> (eliminate_unnecessary_stmts in tree-ssa-dce.cc) >> * Provide the utility routines to check the call is .ACCESS_WITH_SIZE and >> get the reference from the call to .ACCESS_WITH_SIZE. >> (is_access_with_size_p and get_ref_from_access_with_size in tree.cc) >> gcc/c/ChangeLog: >> * c-parser.cc (c_parser_postfix_expression): Ignore the counted-by >> attribute when build_component_ref inside offsetof operator. >> * c-tree.h (build_component_ref): Add one more parameter. >> * c-typeck.cc (build_counted_by_ref): New function. >> (build_access_with_size_for_counted_by): New function. >> (build_component_ref): Check the counted-by attribute and build >> call to .ACCESS_WITH_SIZE. >> (build_unary_op): When building ADDR_EXPR for >> .ACCESS_WITH_SIZE, use its first argument. >> (lvalue_p): Accept call to .ACCESS_WITH_SIZE. >> gcc/ChangeLog: >> * internal-fn.cc (expand_ACCESS_WITH_SIZE): New function. >> * internal-fn.def (ACCESS_WITH_SIZE): New internal function. >> * tree-ssa-alias.cc (ref_maybe_used_by_call_p_1): Special case >> IFN_ACCESS_WITH_SIZE. >> (call_may_clobber_ref_p_1): Special case IFN_ACCESS_WITH_SIZE. >> * tree-ssa-dce.cc (eliminate_unnecessary_stmts): Eliminate the call >> to .ACCESS_WITH_SIZE when its LHS is dead. >> * tree.cc (process_call_operands): Adjust side effect for function >> .ACCESS_WITH_SIZE. >> (is_access_with_size_p): New function. >> (get_ref_from_access_with_size): New function. >> * tree.h (is_access_with_size_p): New prototype. >> (get_ref_from_access_with_size): New prototype. >> * varasm.cc (initializer_constant_valid_p_1): Handle call to >> .ACCESS_WITH_SIZE. >> (output_constant): Handle call to .ACCESS_WITH_SIZE. >> gcc/testsuite/ChangeLog: >> * gcc.dg/flex-array-counted-by-2.c: New test. >> --- >> gcc/c/c-parser.cc | 10 +- >> gcc/c/c-tree.h| 2 +- >> gcc/c/c-typeck.cc | 128 +- >> gcc/internal-fn.cc| 36 + >> gcc/internal-fn.def | 4 + >> .../gcc.dg/flex-array-counted-by-2.c | 112 +++ >> gcc/tree-ssa-alias.cc | 2 + >> gcc/tree-ssa-dce.cc | 5 +- >> gcc/tree.cc | 25 +++- >> gcc/tree.h| 8 ++ >> gcc/varasm.cc | 10 ++ >> 11 files changed, 332 insertions(+), 10 deletions(-) >> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-2.c >> diff --git a/gcc/c/c-parser.cc b/gcc/c/c-parser.cc >> index c31349dae2ff..a6ed5ac43bb1 100644 >> --- a/gcc/c/c-parser.cc >> +++ b/gcc/c/c-parser.c
Re: [PATCH v6 1/5] Provide counted_by attribute to flexible array member field (PR108896)
Sid,
Thanks a lot for your time to review the code.
See my reply below:
On Mar 11, 2024, at 10:57, Siddhesh Poyarekar wrote:
On 2024-02-16 14:47, Qing Zhao wrote:
return true;
else
return targetm.attribute_takes_identifier_p (attr_id);
@@ -2806,6 +2811,53 @@ handle_strict_flex_array_attribute (tree *node, tree
name,
return NULL_TREE;
}
+/* Handle a "counted_by" attribute; arguments as in
+ struct attribute_spec.handler. */
+
+static tree
+handle_counted_by_attribute (tree *node, tree name,
+ tree args, int ARG_UNUSED (flags),
+ bool *no_add_attrs)
+{
+ tree decl = *node;
+ tree argval = TREE_VALUE (args);
+
+ /* This attribute only applies to field decls of a structure. */
+ if (TREE_CODE (decl) != FIELD_DECL)
+{
+ error_at (DECL_SOURCE_LOCATION (decl),
+ "%qE attribute may not be specified for non-field"
+ " declaration %q+D", name, decl);
+ *no_add_attrs = true;
+}
+ /* This attribute only applies to field with array type. */
+ else if (TREE_CODE (TREE_TYPE (decl)) != ARRAY_TYPE)
+{
+ error_at (DECL_SOURCE_LOCATION (decl),
+ "%qE attribute may not be specified for a non-array field",
+ name);
+ *no_add_attrs = true;
+}
+ /* This attribute only applies to a C99 flexible array member type. */
+ else if (! c_flexible_array_member_type_p (TREE_TYPE (decl)))
+{
+ error_at (DECL_SOURCE_LOCATION (decl),
+ "%qE attribute may not be specified for a non"
+ " flexible array member field",
+ name);
+ *no_add_attrs = true;
+}
How about "not allowed" instead of "may not be specified"?
Okay, will update them.
+ /* The argument should be an identifier. */
+ else if (TREE_CODE (argval) != IDENTIFIER_NODE)
+{
+ error_at (DECL_SOURCE_LOCATION (decl),
+ "% argument not an identifier");
+ *no_add_attrs = true;
+}
Validate that the attribute only applies to a C99 flexible array member of a
structure and the argument should be an identifier node. OK.
verify_counted_by_attribute does more extensive validation on argval.
Yes.
+
+ return NULL_TREE;
+}
+
/* Handle a "weak" attribute; arguments as in
struct attribute_spec.handler. */
diff --git a/gcc/c-family/c-common.cc b/gcc/c-family/c-common.cc
index e15eff698dfd..56d828e3dfaf 100644
--- a/gcc/c-family/c-common.cc
+++ b/gcc/c-family/c-common.cc
@@ -9909,6 +9909,19 @@ c_common_finalize_early_debug (void)
(*debug_hooks->early_global_decl) (cnode->decl);
}
+/* Determine whether TYPE is a ISO C99 flexible array memeber type "[]". */
s/memeber/member/
Okay, will update it.
+bool
+c_flexible_array_member_type_p (const_tree type)
+{
+ if (TREE_CODE (type) == ARRAY_TYPE
+ && TYPE_SIZE (type) == NULL_TREE
+ && TYPE_DOMAIN (type) != NULL_TREE
+ && TYPE_MAX_VALUE (TYPE_DOMAIN (type)) == NULL_TREE)
+return true;
+
+ return false;
+}
+
Moved from c/c-decl.cc<http://c-decl.cc/>. OK.
/* Get the LEVEL of the strict_flex_array for the ARRAY_FIELD based on the
values of attribute strict_flex_array and the flag_strict_flex_arrays. */
unsigned int
diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
index 2d5f53998855..3e0eed0548b0 100644
--- a/gcc/c-family/c-common.h
+++ b/gcc/c-family/c-common.h
@@ -904,6 +904,7 @@ extern tree fold_for_warn (tree);
extern tree c_common_get_narrower (tree, int *);
extern bool get_attribute_operand (tree, unsigned HOST_WIDE_INT *);
extern void c_common_finalize_early_debug (void);
+extern bool c_flexible_array_member_type_p (const_tree);
extern unsigned int c_strict_flex_array_level_of (tree);
extern bool c_option_is_from_cpp_diagnostics (int);
extern tree c_hardbool_type_attr_1 (tree, tree *, tree *);
diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc
index fe20bc21c926..4348123502e4 100644
--- a/gcc/c/c-decl.cc
+++ b/gcc/c/c-decl.cc
@@ -5301,19 +5301,6 @@ set_array_declarator_inner (struct c_declarator *decl,
return decl;
}
-/* Determine whether TYPE is a ISO C99 flexible array memeber type "[]". */
-static bool
-flexible_array_member_type_p (const_tree type)
-{
- if (TREE_CODE (type) == ARRAY_TYPE
- && TYPE_SIZE (type) == NULL_TREE
- && TYPE_DOMAIN (type) != NULL_TREE
- && TYPE_MAX_VALUE (TYPE_DOMAIN (type)) == NULL_TREE)
-return true;
-
- return false;
-}
-
/* Determine whether TYPE is a one-element array type "[1]". */
static bool
one_element_array_type_p (const_tree type)
@@ -5350,7 +5337,7 @@ add_flexible_array_elts_to_size (tree decl, tree init)
elt = CONSTRUCTOR_ELTS (init)->last ().value;
type = TREE_TYPE (elt);
- if (flexible_array_member_type_p (type))
+ if (c_flexible_array_member_type_p (type))
{
complete_array_type (, elt, false);
DECL_SIZE (decl)
@@ -9317,7 +9304,7 @@ is_flexible_array_member_p (
Re: [PATCH v6 0/5]New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
Ping on this patch set. Thanks a lot! Qing > On Feb 16, 2024, at 14:47, Qing Zhao wrote: > > Hi, > > This is the 6th version of the patch. > > compare with the 5th version, the only difference is: > > 1. Add the 6th argument to .ACCESS_WITH_SIZE > to carry the TYPE of the flexible array. > Such information is needed during tree-object-size.cc. > > previously, we use the result type of the routine > .ACCESS_WITH_SIZE to decide the element type of the > original array, however, the result type of the routine > might be changed during tree optimizations due to > possible type casting in the source code. > > > compare with the 4th version, the major difference are: > > 1. Change the return type of the routine .ACCESS_WITH_SIZE > FROM: > Pointer to the type of the element of the flexible array; > TO: > Pointer to the type of the flexible array; >And then wrap the call with an indirection reference. > > 2. Adjust all other parts with this change, (this will simplify the bound > sanitizer instrument); > > 3. Add the fixes to the kernel building failures, which include: >A. The operator “typeof” cannot return correct type for a->array; >B. The operator “&” cannot return correct address for a->array; > > 4. Correctly handle the case when the value of “counted-by” is zero or > negative as following > 4.1. Update the counted-by doc with the following: >When the counted-by field is assigned a negative integer value, the > compiler will treat the value as zero. > 4.2. Adjust __bdos and array bound sanitizer to handle correctly when > “counted-by” is zero. > > > It based on the following proposal: > > https://gcc.gnu.org/pipermail/gcc-patches/2023-November/635884.html > Represent the missing dependence for the "counted_by" attribute and its > consumers > > **The summary of the proposal is: > > * Add a new internal function ".ACCESS_WITH_SIZE" to carry the size > information for every reference to a FAM field; > * In C FE, Replace every reference to a FAM field whose TYPE has the > "counted_by" attribute with the new internal function ".ACCESS_WITH_SIZE"; > * In every consumer of the size information, for example, BDOS or array bound > sanitizer, query the size information or ACCESS_MODE information from the new > internal function; > * When expansing to RTL, replace the internal function with the actual > reference to the FAM field; > * Some adjustment to ipa alias analysis, and other SSA passes to mitigate the > impact to the optimizer and code generation. > > > **The new internal function > > .ACCESS_WITH_SIZE (REF_TO_OBJ, REF_TO_SIZE, CLASS_OF_SIZE, TYPE_OF_SIZE, > ACCESS_MODE, TYPE_OF_REF) > > INTERNAL_FN (ACCESS_WITH_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) > > which returns the "REF_TO_OBJ" same as the 1st argument; > > Both the return type and the type of the first argument of this function have > been converted from the incomplete array type to the corresponding pointer > type. > > The call to .ACCESS_WITH_SIZE is wrapped with an INDIRECT_REF, whose type is > the original imcomplete array type. > > Please see the following link for why: > https://gcc.gnu.org/pipermail/gcc-patches/2023-November/638793.html > https://gcc.gnu.org/pipermail/gcc-patches/2023-December/639605.html > > 1st argument "REF_TO_OBJ": The reference to the object; > 2nd argument "REF_TO_SIZE": The reference to the size of the object, > 3rd argument "CLASS_OF_SIZE": The size referenced by the REF_TO_SIZE > represents > 0: unknown; > 1: the number of the elements of the object type; > 2: the number of bytes; > 4th argument "TYPE_OF_SIZE": A constant 0 with the TYPE of the object > refed by REF_TO_SIZE > 5th argument "ACCESS_MODE": > -1: Unknown access semantics > 0: none > 1: read_only > 2: write_only > 3: read_write > 6th argument "TYPE_OF_REF": A constant 0 with the pointer TYPE to > the original flexible array type. > > ** The Patch sets included: > > 1. Provide counted_by attribute to flexible array member field; > which includes: > * "counted_by" attribute documentation; > * C FE handling of the new attribute; >syntax checking, error reporting; > * testing cases; > > 2. Convert "counted_by" attribute to/from .ACCESS_WITH_SIZE. > which includes: > * The definition of the new internal function .ACCESS_WITH_SIZE in > internal-fn.def. > * C FE converts every reference to a FAM with "cou
[PATCH v6 1/5] Provide counted_by attribute to flexible array member field (PR108896)
'counted_by (COUNT)'
The 'counted_by' attribute may be attached to the C99 flexible
array member of a structure. It indicates that the number of the
elements of the array is given by the field named "COUNT" in the
same structure as the flexible array member. GCC uses this
information to improve the results of the array bound sanitizer and
the '__builtin_dynamic_object_size'.
For instance, the following code:
struct P {
size_t count;
char other;
char array[] __attribute__ ((counted_by (count)));
} *p;
specifies that the 'array' is a flexible array member whose number
of elements is given by the field 'count' in the same structure.
The field that represents the number of the elements should have an
integer type. Otherwise, the compiler will report a warning and
ignore the attribute.
When the field that represents the number of the elements is assigned a
negative integer value, the compiler will treat the value as zero.
An explicit 'counted_by' annotation defines a relationship between
two objects, 'p->array' and 'p->count', and there are the following
requirementthat on the relationship between this pair:
* 'p->count' should be initialized before the first reference to
'p->array';
* 'p->array' has _at least_ 'p->count' number of elements
available all the time. This relationship must hold even
after any of these related objects are updated during the
program.
It's the user's responsibility to make sure the above requirements
to be kept all the time. Otherwise the compiler will report
warnings, at the same time, the results of the array bound
sanitizer and the '__builtin_dynamic_object_size' is undefined.
One important feature of the attribute is, a reference to the
flexible array member field will use the latest value assigned to
the field that represents the number of the elements before that
reference. For example,
p->count = val1;
p->array[20] = 0; // ref1 to p->array
p->count = val2;
p->array[30] = 0; // ref2 to p->array
in the above, 'ref1' will use 'val1' as the number of the elements
in 'p->array', and 'ref2' will use 'val2' as the number of elements
in 'p->array'.
gcc/c-family/ChangeLog:
PR C/108896
* c-attribs.cc (handle_counted_by_attribute): New function.
(attribute_takes_identifier_p): Add counted_by attribute to the list.
* c-common.cc (c_flexible_array_member_type_p): ...To this.
* c-common.h (c_flexible_array_member_type_p): New prototype.
gcc/c/ChangeLog:
PR C/108896
* c-decl.cc (flexible_array_member_type_p): Renamed and moved to...
(add_flexible_array_elts_to_size): Use renamed function.
(is_flexible_array_member_p): Use renamed function.
(verify_counted_by_attribute): New function.
(finish_struct): Use renamed function and verify counted_by
attribute.
* c-tree.h (lookup_field): New prototype.
* c-typeck.cc (lookup_field): Expose as extern function.
gcc/ChangeLog:
PR C/108896
* doc/extend.texi: Document attribute counted_by.
gcc/testsuite/ChangeLog:
PR C/108896
* gcc.dg/flex-array-counted-by.c: New test.
---
gcc/c-family/c-attribs.cc| 54 -
gcc/c-family/c-common.cc | 13 +++
gcc/c-family/c-common.h | 1 +
gcc/c/c-decl.cc | 85
gcc/c/c-tree.h | 1 +
gcc/c/c-typeck.cc| 3 +-
gcc/doc/extend.texi | 64 +++
gcc/testsuite/gcc.dg/flex-array-counted-by.c | 40 +
8 files changed, 241 insertions(+), 20 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by.c
diff --git a/gcc/c-family/c-attribs.cc b/gcc/c-family/c-attribs.cc
index 40a0cf90295d..4395c0656b14 100644
--- a/gcc/c-family/c-attribs.cc
+++ b/gcc/c-family/c-attribs.cc
@@ -105,6 +105,8 @@ static tree handle_warn_if_not_aligned_attribute (tree *,
tree, tree,
int, bool *);
static tree handle_strict_flex_array_attribute (tree *, tree, tree,
int, bool *);
+static tree handle_counted_by_attribute (tree *, tree, tree,
+ int, bool *);
static tree handle_weak_attribute (tree *, tree, tree, int, bool *) ;
static tree handle_noplt_attribute (tree *, tree, tree, int, bool *) ;
static tree handle_alias_ifunc_attribute (bool, tree *, tree, tree, bool *);
@@ -412,6 +414,8 @@ const struct attribute_spec c_common_gnu_attributes[] =
handle_warn_if_not_aligned_attribute, NULL },
[PATCH v6 5/5] Add the 6th argument to .ACCESS_WITH_SIZE
to carry the TYPE of the flexible array.
Such information is needed during tree-object-size.cc.
We cannot use the result type or the type of the 1st argument
of the routine .ACCESS_WITH_SIZE to decide the element type
of the original array due to possible type casting in the
source code.
gcc/c/ChangeLog:
* c-typeck.cc (build_access_with_size_for_counted_by): Add the 6th
argument to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): Use the type
of the 6th argument for the type of the element.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-6.c: New test.
---
gcc/c/c-typeck.cc | 11 +++--
.../gcc.dg/flex-array-counted-by-6.c | 46 +++
gcc/tree-object-size.cc | 16 ---
3 files changed, 64 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index a29a7d7ec029..c17ac6862546 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -2608,7 +2608,8 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
to:
- (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1))
+ (*.ACCESS_WITH_SIZE (REF, COUNTED_BY_REF, 1, (TYPE_OF_SIZE)0, -1,
+ (TYPE_OF_ARRAY *)0))
NOTE: The return type of this function is the POINTER type pointing
to the original flexible array type.
@@ -2620,6 +2621,9 @@ build_counted_by_ref (tree datum, tree subdatum, tree
*counted_by_type)
The 4th argument of the call is a constant 0 with the TYPE of the
object pointed by COUNTED_BY_REF.
+ The 6th argument of the call is a constant 0 with the pointer TYPE
+ to the original flexible array type.
+
*/
static tree
build_access_with_size_for_counted_by (location_t loc, tree ref,
@@ -2632,12 +2636,13 @@ build_access_with_size_for_counted_by (location_t loc,
tree ref,
tree call
= build_call_expr_internal_loc (loc, IFN_ACCESS_WITH_SIZE,
- result_type, 5,
+ result_type, 6,
array_to_pointer_conversion (loc, ref),
counted_by_ref,
build_int_cst (integer_type_node, 1),
build_int_cst (counted_by_type, 0),
- build_int_cst (integer_type_node, -1));
+ build_int_cst (integer_type_node, -1),
+ build_int_cst (result_type, 0));
/* Wrap the call with an INDIRECT_REF with the flexible array type. */
call = build1 (INDIRECT_REF, TREE_TYPE (ref), call);
SET_EXPR_LOCATION (call, loc);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
new file mode 100644
index ..65a401796479
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-6.c
@@ -0,0 +1,46 @@
+/* test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. when the type of the flexible array member
+ * is casting to another type. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+typedef unsigned short u16;
+
+struct info {
+ u16 data_len;
+ char data[] __attribute__((counted_by(data_len)));
+};
+
+struct foo {
+ int a;
+ int b;
+};
+
+static __attribute__((__noinline__))
+struct info *setup ()
+{
+ struct info *p;
+ size_t bytes = 3 * sizeof(struct foo);
+
+ p = (struct info *)malloc (sizeof (struct info) + bytes);
+ p->data_len = bytes;
+
+ return p;
+}
+
+static void
+__attribute__((__noinline__)) report (struct info *p)
+{
+ struct foo *bar = (struct foo *)p->data;
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 1), 1), 16);
+ EXPECT(__builtin_dynamic_object_size((char *)(bar + 2), 1), 8);
+}
+
+int main(int argc, char *argv[])
+{
+ struct info *p = setup();
+ report(p);
+ return 0;
+}
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 630b0a7aaa4b..c3098c521a43 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -763,17 +763,21 @@ addr_object_size (struct object_size_info *osi,
const_tree ptr,
2: the number of bytes;
4th argument TYPE_OF_SIZE: A constant 0 with the TYPE of the object
refed by REF_TO_SIZE
+ 6th argument: A constant 0 with the pointer TYPE to the original flexible
+ array type.
- the size of the element can be retrived from the result type of the call,
- which is the pointer to the array type. */
+ the size of the element can be retrived from the TYPE of the 6th argument
+ of the call, which is the pointer to the array type. */
static tree
access_with_size_object_size (const gcall *call, int object_size_type)
{
gcc_assert (gimple_call_internal_p (call,
[PATCH v6 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer.
gcc/c-family/ChangeLog:
* c-ubsan.cc (get_bound_from_access_with_size): New function.
(ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test.
* gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test.
---
gcc/c-family/c-ubsan.cc | 42 +
.../ubsan/flex-array-counted-by-bounds-2.c| 45 ++
.../ubsan/flex-array-counted-by-bounds-3.c| 34 ++
.../ubsan/flex-array-counted-by-bounds.c | 46 +++
4 files changed, 167 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c
create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c
diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc
index 940982819ddf..164b29845b3a 100644
--- a/gcc/c-family/c-ubsan.cc
+++ b/gcc/c-family/c-ubsan.cc
@@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc)
return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data));
}
+/* Get the tree that represented the number of counted_by, i.e, the maximum
+ number of the elements of the object that the call to .ACCESS_WITH_SIZE
+ points to, this number will be the bound of the corresponding array. */
+static tree
+get_bound_from_access_with_size (tree call)
+{
+ if (!is_access_with_size_p (call))
+return NULL_TREE;
+
+ tree ref_to_size = CALL_EXPR_ARG (call, 1);
+ unsigned int type_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2));
+ tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3));
+ tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size),
+ build_int_cst (ptr_type_node, 0));
+ /* If size is negative value, treat it as zero. */
+ if (!TYPE_UNSIGNED (type))
+ {
+tree cond = fold_build2 (LT_EXPR, boolean_type_node,
+unshare_expr (size), build_zero_cst (type));
+size = fold_build3 (COND_EXPR, type, cond,
+ build_zero_cst (type), size);
+ }
+
+ /* Only when type_of_size is 1,i.e, the number of the elements of
+ the object type, return the size. */
+ if (type_of_size != 1)
+return NULL_TREE;
+ else
+size = fold_convert (sizetype, size);
+
+ return size;
+}
+
+
/* Instrument array bounds for ARRAY_REFs. We create special builtin,
that gets expanded in the sanopt pass, and make an array dimension
of it. ARRAY is the array, *INDEX is an index to the array.
@@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree
*index,
&& COMPLETE_TYPE_P (type)
&& integer_zerop (TYPE_SIZE (type)))
bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1);
+ else if (INDIRECT_REF_P (array)
+ && is_access_with_size_p ((TREE_OPERAND (array, 0
+ {
+ bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0)));
+ bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound),
+ bound,
+ build_int_cst (TREE_TYPE (bound), 1));
+ }
else
return NULL_TREE;
}
diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
new file mode 100644
index ..148934975ee5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c
@@ -0,0 +1,45 @@
+/* test the attribute counted_by and its usage in
+ bounds sanitizer combined with VLA. */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-output "index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int
\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int
\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+
+
+#include
+
+void __attribute__((__noinline__)) setup_and_test_vla (int n, int m)
+{
+ struct foo {
+ int n;
+ int p[][n] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n]));
+ f->n = m;
+ f->p[m][n-1]=1;
+ return;
+}
+
+void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, int m)
+{
+ struct foo {
+int n;
+int p[][n2][n1] __attribute__((counted_by(n)));
+ } *f;
+
+ f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n2][n1]));
+ f->n = m;
+ f->p[m][n2][n1]=1;
+ return;
+}
+
+int main(int argc, char *argv[])
+{
+ setup_and_test_vla (10, 11);
+ setup_and_test_vla_1 (10, 11, 20);
+ return 0;
[PATCH v6 3/5] Use the .ACCESS_WITH_SIZE in builtin object size.
gcc/ChangeLog:
* tree-object-size.cc (access_with_size_object_size): New function.
(call_object_size): Call the new function.
gcc/testsuite/ChangeLog:
* gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT.
* gcc.dg/flex-array-counted-by-3.c: New test.
* gcc.dg/flex-array-counted-by-4.c: New test.
* gcc.dg/flex-array-counted-by-5.c: New test.
---
.../gcc.dg/builtin-object-size-common.h | 11 ++
.../gcc.dg/flex-array-counted-by-3.c | 63 +++
.../gcc.dg/flex-array-counted-by-4.c | 178 ++
.../gcc.dg/flex-array-counted-by-5.c | 48 +
gcc/tree-object-size.cc | 59 ++
5 files changed, 359 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
index 66ff7cdd953a..b677067c6e6b 100644
--- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h
+++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h
@@ -30,3 +30,14 @@ unsigned nfails = 0;
__builtin_abort ();\
return 0;\
} while (0)
+
+#define EXPECT(p, _v) do { \
+ size_t v = _v; \
+ if (p == v)\
+__builtin_printf ("ok: %s == %zd\n", #p, p);\
+ else \
+{\
+ __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v);\
+ FAIL (); \
+}\
+} while (0);
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
new file mode 100644
index ..0066c32ca808
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c
@@ -0,0 +1,63 @@
+/* test the attribute counted_by and its usage in
+ * __builtin_dynamic_object_size. */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+#include "builtin-object-size-common.h"
+
+struct flex {
+ int b;
+ int c[];
+} *array_flex;
+
+struct annotated {
+ int b;
+ int c[] __attribute__ ((counted_by (b)));
+} *array_annotated;
+
+struct nested_annotated {
+ struct {
+union {
+ int b;
+ float f;
+};
+int n;
+ };
+ int c[] __attribute__ ((counted_by (b)));
+} *array_nested_annotated;
+
+void __attribute__((__noinline__)) setup (int normal_count, int attr_count)
+{
+ array_flex
+= (struct flex *)malloc (sizeof (struct flex)
++ normal_count * sizeof (int));
+ array_flex->b = normal_count;
+
+ array_annotated
+= (struct annotated *)malloc (sizeof (struct annotated)
+ + attr_count * sizeof (int));
+ array_annotated->b = attr_count;
+
+ array_nested_annotated
+= (struct nested_annotated *)malloc (sizeof (struct nested_annotated)
++ attr_count * sizeof (int));
+ array_nested_annotated->b = attr_count;
+
+ return;
+}
+
+void __attribute__((__noinline__)) test ()
+{
+EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1);
+EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1),
+ array_annotated->b * sizeof (int));
+EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1),
+ array_nested_annotated->b * sizeof (int));
+}
+
+int main(int argc, char *argv[])
+{
+ setup (10,10);
+ test ();
+ DONE ();
+}
diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
new file mode 100644
index ..3ce7f3545549
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c
@@ -0,0 +1,178 @@
+/* test the attribute counted_by and its usage in
+__builtin_dynamic_object_size: what's the correct behavior when the
+allocation size mismatched with the value of counted_by attribute?
+we should always use the latest value that is hold by the counted_by
+field. */
+/* { dg-do run } */
+/* { dg-options "-O -fstrict-flex-arrays=3" } */
+
+#include "builtin-object-size-common.h"
+
+struct annotated {
+ size_t foo;
+ char others;
+ char array[] __attribute__((counted_by (foo)));
+};
+
+#define noinline __attribute__((__noinline__))
+#define SIZE_BUMP 10
+#define MAX(a, b) ((a) > (b) ? (a) : (b))
+
+/* In general, Due to type casting, the type for the pointee of a pointer
+ does not say
[PATCH v6 2/5] Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE.
Including the following changes:
* The definition of the new internal function .ACCESS_WITH_SIZE
in internal-fn.def.
* C FE converts every reference to a FAM with a "counted_by" attribute
to a call to the internal function .ACCESS_WITH_SIZE.
(build_component_ref in c_typeck.cc)
This includes the case when the object is statically allocated and
initialized.
In order to make this working, the routines initializer_constant_valid_p_1
and output_constant in varasm.cc are updated to handle calls to
.ACCESS_WITH_SIZE.
(initializer_constant_valid_p_1 and output_constant in varasm.c)
However, for the reference inside "offsetof", the "counted_by" attribute is
ignored since it's not useful at all.
(c_parser_postfix_expression in c/c-parser.cc)
In addtion to "offsetof", for the reference inside operator "typeof" and
"alignof", we ignore counted_by attribute too.
When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE,
replace the call with its first argument.
* Convert every call to .ACCESS_WITH_SIZE to its first argument.
(expand_ACCESS_WITH_SIZE in internal-fn.cc)
* Adjust alias analysis to exclude the new internal from clobbering anything.
(ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc)
* Adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE when
it's LHS is eliminated as dead code.
(eliminate_unnecessary_stmts in tree-ssa-dce.cc)
* Provide the utility routines to check the call is .ACCESS_WITH_SIZE and
get the reference from the call to .ACCESS_WITH_SIZE.
(is_access_with_size_p and get_ref_from_access_with_size in tree.cc)
gcc/c/ChangeLog:
* c-parser.cc (c_parser_postfix_expression): Ignore the counted-by
attribute when build_component_ref inside offsetof operator.
* c-tree.h (build_component_ref): Add one more parameter.
* c-typeck.cc (build_counted_by_ref): New function.
(build_access_with_size_for_counted_by): New function.
(build_component_ref): Check the counted-by attribute and build
call to .ACCESS_WITH_SIZE.
(build_unary_op): When building ADDR_EXPR for
.ACCESS_WITH_SIZE, use its first argument.
(lvalue_p): Accept call to .ACCESS_WITH_SIZE.
gcc/ChangeLog:
* internal-fn.cc (expand_ACCESS_WITH_SIZE): New function.
* internal-fn.def (ACCESS_WITH_SIZE): New internal function.
* tree-ssa-alias.cc (ref_maybe_used_by_call_p_1): Special case
IFN_ACCESS_WITH_SIZE.
(call_may_clobber_ref_p_1): Special case IFN_ACCESS_WITH_SIZE.
* tree-ssa-dce.cc (eliminate_unnecessary_stmts): Eliminate the call
to .ACCESS_WITH_SIZE when its LHS is dead.
* tree.cc (process_call_operands): Adjust side effect for function
.ACCESS_WITH_SIZE.
(is_access_with_size_p): New function.
(get_ref_from_access_with_size): New function.
* tree.h (is_access_with_size_p): New prototype.
(get_ref_from_access_with_size): New prototype.
* varasm.cc (initializer_constant_valid_p_1): Handle call to
.ACCESS_WITH_SIZE.
(output_constant): Handle call to .ACCESS_WITH_SIZE.
gcc/testsuite/ChangeLog:
* gcc.dg/flex-array-counted-by-2.c: New test.
---
gcc/c/c-parser.cc | 10 +-
gcc/c/c-tree.h| 2 +-
gcc/c/c-typeck.cc | 128 +-
gcc/internal-fn.cc| 36 +
gcc/internal-fn.def | 4 +
.../gcc.dg/flex-array-counted-by-2.c | 112 +++
gcc/tree-ssa-alias.cc | 2 +
gcc/tree-ssa-dce.cc | 5 +-
gcc/tree.cc | 25 +++-
gcc/tree.h| 8 ++
gcc/varasm.cc | 10 ++
11 files changed, 332 insertions(+), 10 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-2.c
diff --git a/gcc/c/c-parser.cc b/gcc/c/c-parser.cc
index c31349dae2ff..a6ed5ac43bb1 100644
--- a/gcc/c/c-parser.cc
+++ b/gcc/c/c-parser.cc
@@ -10850,9 +10850,12 @@ c_parser_postfix_expression (c_parser *parser)
if (c_parser_next_token_is (parser, CPP_NAME))
{
c_token *comp_tok = c_parser_peek_token (parser);
+ /* Ignore the counted_by attribute for reference inside
+ offsetof since the information is not useful at all. */
offsetof_ref
= build_component_ref (loc, offsetof_ref, comp_tok->value,
-comp_tok->location, UNKNOWN_LOCATION);
+comp_tok->location, UNKNOWN_LOCATION,
+false);
c_parser_consume_token (parser);
while (c_parser_next_token_is (parser, CPP_DOT)
||
[PATCH v6 0/5]New attribute "counted_by" to annotate bounds for C99 FAM(PR108896)
e inside operator "typeof" and "alignof", we ignore counted_by attribute too. When building ADDR_EXPR for the .ACCESS_WITH_SIZE in C FE, replace the call with its first argument. * Convert every call to .ACCESS_WITH_SIZE to its first argument. (expand_ACCESS_WITH_SIZE in internal-fn.cc) * adjust alias analysis to exclude the new internal from clobbering anything. (ref_maybe_used_by_call_p_1 and call_may_clobber_ref_p_1 in tree-ssa-alias.cc) * adjust dead code elimination to eliminate the call to .ACCESS_WITH_SIZE when it's LHS is eliminated as dead code. (eliminate_unnecessary_stmts in tree-ssa-dce.cc) * Provide the utility routines to check the call is .ACCESS_WITH_SIZE and get the reference from the call to .ACCESS_WITH_SIZE. (is_access_with_size_p and get_ref_from_access_with_size in tree.cc) * testing cases. (for offsetof, static initialization, generation of calls to .ACCESS_WITH_SIZE, code runs correctly after calls to .ACCESS_WITH_SIZE are converted back) 3. Use the .ACCESS_WITH_SIZE in builtin object size (sub-object only) which includes: * use the size info of the .ACCESS_WITH_SIZE for sub-object. * when the size is a negative integer, treat it as zero. * testing cases. 4 Use the .ACCESS_WITH_SIZE in bound sanitizer which includes: * Instrument array_ref with a call to .ACCESS_WITH_SIZE for bound sanitizer. * when the size is a negative integer, treat it as zero. * testing cases. 5. Add the 6th argument to .ACCESS_WITH_SIZE to carry the TYPE of the flexible array. which includes: * Add the 6th argument to .ACCESS_WITH_SIZE. * use the type of the 6th argument of the routine in tree-object-size.cc * testing case. **Remaining works: 6 Improve __bdos to use the counted_by info in whole-object size for the structure with FAM. 7 Emit warnings when the user breaks the requirments for the new counted_by attribute compilation time: -Wcounted-by run time: -fsanitizer=counted-by * The initialization to the size field should be done before the first reference to the FAM field. * the array has at least # of elements specified by the size field all the time during the program. I have bootstrapped and regression tested on both x86 and aarch64, no issue. Linux kernel linux-6.8-rc4 has been built and exposed one bug with the new counted-by, fixed. Let me know your comments. thanks. Qing Qing Zhao (5): Provide counted_by attribute to flexible array member field (PR108896) Convert references with "counted_by" attributes to/from .ACCESS_WITH_SIZE. Use the .ACCESS_WITH_SIZE in builtin object size. Use the .ACCESS_WITH_SIZE in bound sanitizer. Add the 6th argument to .ACCESS_WITH_SIZE
