| Message ID | 20240412135430.4122328-4-qing.zhao@oracle.com |
|---|---|
| State | New |
| Headers | show |
| Series | New attribute "counted_by" to annotate bounds for C99 FAM(PR108896) | expand |
On Fri, Apr 12, 2024 at 3:54 PM Qing Zhao <qing.zhao@oracle.com> wrote: > I have no comments here, if Siddesh is OK with this I approve. > gcc/ChangeLog: > > * tree-object-size.cc (access_with_size_object_size): New function. > (call_object_size): Call the new function. > > gcc/testsuite/ChangeLog: > > * gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT. > * gcc.dg/flex-array-counted-by-3.c: New test. > * gcc.dg/flex-array-counted-by-4.c: New test. > * gcc.dg/flex-array-counted-by-5.c: New test. > --- > .../gcc.dg/builtin-object-size-common.h | 11 ++ > .../gcc.dg/flex-array-counted-by-3.c | 63 +++++++ > .../gcc.dg/flex-array-counted-by-4.c | 178 ++++++++++++++++++ > .../gcc.dg/flex-array-counted-by-5.c | 48 +++++ > gcc/tree-object-size.cc | 60 ++++++ > 5 files changed, 360 insertions(+) > create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c > create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c > create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c > > diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h b/gcc/testsuite/gcc.dg/builtin-object-size-common.h > index 66ff7cdd953a..b677067c6e6b 100644 > --- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h > +++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h > @@ -30,3 +30,14 @@ unsigned nfails = 0; > __builtin_abort (); \ > return 0; \ > } while (0) > + > +#define EXPECT(p, _v) do { \ > + size_t v = _v; \ > + if (p == v) \ > + __builtin_printf ("ok: %s == %zd\n", #p, p); \ > + else \ > + { \ > + __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v); \ > + FAIL (); \ > + } \ > +} while (0); > diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c > new file mode 100644 > index 000000000000..78f50230e891 > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c > @@ -0,0 +1,63 @@ > +/* Test the attribute counted_by and its usage in > + * __builtin_dynamic_object_size. */ > +/* { dg-do run } */ > +/* { dg-options "-O2" } */ > + > +#include "builtin-object-size-common.h" > + > +struct flex { > + int b; > + int c[]; > +} *array_flex; > + > +struct annotated { > + int b; > + int c[] __attribute__ ((counted_by (b))); > +} *array_annotated; > + > +struct nested_annotated { > + struct { > + union { > + int b; > + float f; > + }; > + int n; > + }; > + int c[] __attribute__ ((counted_by (b))); > +} *array_nested_annotated; > + > +void __attribute__((__noinline__)) setup (int normal_count, int attr_count) > +{ > + array_flex > + = (struct flex *)malloc (sizeof (struct flex) > + + normal_count * sizeof (int)); > + array_flex->b = normal_count; > + > + array_annotated > + = (struct annotated *)malloc (sizeof (struct annotated) > + + attr_count * sizeof (int)); > + array_annotated->b = attr_count; > + > + array_nested_annotated > + = (struct nested_annotated *)malloc (sizeof (struct nested_annotated) > + + attr_count * sizeof (int)); > + array_nested_annotated->b = attr_count; > + > + return; > +} > + > +void __attribute__((__noinline__)) test () > +{ > + EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1); > + EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1), > + array_annotated->b * sizeof (int)); > + EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1), > + array_nested_annotated->b * sizeof (int)); > +} > + > +int main(int argc, char *argv[]) > +{ > + setup (10,10); > + test (); > + DONE (); > +} > diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c > new file mode 100644 > index 000000000000..20103d58ef51 > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c > @@ -0,0 +1,178 @@ > +/* Test the attribute counted_by and its usage in > +__builtin_dynamic_object_size: what's the correct behavior when the > +allocation size mismatched with the value of counted_by attribute? > +We should always use the latest value that is hold by the counted_by > +field. */ > +/* { dg-do run } */ > +/* { dg-options "-O -fstrict-flex-arrays=3" } */ > + > +#include "builtin-object-size-common.h" > + > +struct annotated { > + size_t foo; > + char others; > + char array[] __attribute__((counted_by (foo))); > +}; > + > +#define noinline __attribute__((__noinline__)) > +#define SIZE_BUMP 10 > +#define MAX(a, b) ((a) > (b) ? (a) : (b)) > + > +/* In general, Due to type casting, the type for the pointee of a pointer > + does not say anything about the object it points to, > + So, __builtin_object_size can not directly use the type of the pointee > + to decide the size of the object the pointer points to. > + > + There are only two reliable ways: > + A. observed allocations (call to the allocation functions in the routine) > + B. observed accesses (read or write access to the location of the > + pointer points to) > + > + That provide information about the type/existence of an object at > + the corresponding address. > + > + For A, we use the "alloc_size" attribute for the corresponding allocation > + functions to determine the object size; > + (We treat counted_by attribute the same as the "alloc_size" attribute) > + > + For B, we use the SIZE info of the TYPE attached to the corresponding access. > + > + The only other way in C which ensures that a pointer actually points > + to an object of the correct type is 'static': > + > + void foo(struct P *p[static 1]); > + > + See https://gcc.gnu.org/pipermail/gcc-patches/2023-July/624814.html > + for more details. */ > + > +/* In the following function, malloc allocated more space than the value > + of counted_by attribute. Then what's the correct behavior we expect > + the __builtin_dynamic_object_size should have for each of the cases? */ > + > +static struct annotated * noinline alloc_buf_more (size_t index) > +{ > + struct annotated *p; > + size_t allocated_size > + = MAX (sizeof (struct annotated), > + (__builtin_offsetof (struct annotated, array[0]) > + + (index + SIZE_BUMP) * sizeof (char))); > + p = (struct annotated *) malloc (allocated_size); > + > + p->foo = index; > + > + /* When checking the observed access p->array, we have info on both > + observered allocation and observed access, > + A.1 from observed allocation: > + allocated_size - offsetof (struct annotated, array[0]) > + > + A.2 from the counted-by attribute: > + p->foo * sizeof (char) > + > + We always use the latest value that is hold by the counted-by field. > + */ > + > + EXPECT(__builtin_dynamic_object_size(p->array, 0), > + (p->foo) * sizeof(char)); > + > + EXPECT(__builtin_dynamic_object_size(p->array, 1), > + (p->foo) * sizeof(char)); > + > + EXPECT(__builtin_dynamic_object_size(p->array, 2), > + (p->foo) * sizeof(char)); > + > + EXPECT(__builtin_dynamic_object_size(p->array, 3), > + (p->foo) * sizeof(char)); > + > + /* When checking the pointer p, we only have info on the observed allocation. > + So, the object size info can only been obtained from the call to malloc. > + For both MAXIMUM and MINIMUM: A = (index + SIZE_BUMP) * sizeof (char) */ > + EXPECT(__builtin_dynamic_object_size(p, 0), allocated_size); > + EXPECT(__builtin_dynamic_object_size(p, 1), allocated_size); > + EXPECT(__builtin_dynamic_object_size(p, 2), allocated_size); > + EXPECT(__builtin_dynamic_object_size(p, 3), allocated_size); > + return p; > +} > + > +/* In the following function, malloc allocated less space than the value > + of counted_by attribute. Then what's the correct behavior we expect > + the __builtin_dynamic_object_size should have for each of the cases? > + NOTE: this is an user error, GCC should issue warnings for such case. > + This is a seperate issue we should address later. */ > + > +static struct annotated * noinline alloc_buf_less (size_t index) > +{ > + struct annotated *p; > + size_t allocated_size > + = MAX (sizeof (struct annotated), > + (__builtin_offsetof (struct annotated, array[0]) > + + (index) * sizeof (char))); > + p = (struct annotated *) malloc (allocated_size); > + > + p->foo = index + SIZE_BUMP; > + > + /* When checking the observed access p->array, we have info on both > + observered allocation and observed access, > + A.1 from observed allocation: > + allocated_size - offsetof (struct annotated, array[0]) > + A.2 from the counted-by attribute: > + p->foo * sizeof (char) > + > + We always use the latest value that is hold by the counted-by field. > + */ > + > + EXPECT(__builtin_dynamic_object_size(p->array, 0), > + (p->foo) * sizeof(char)); > + > + EXPECT(__builtin_dynamic_object_size(p->array, 1), > + (p->foo) * sizeof(char)); > + > + EXPECT(__builtin_dynamic_object_size(p->array, 2), > + (p->foo) * sizeof(char)); > + > + EXPECT(__builtin_dynamic_object_size(p->array, 3), > + (p->foo) * sizeof(char)); > + > + /* When checking the pointer p, we only have info on the observed > + allocation. So, the object size info can only been obtained from > + the call to malloc. */ > + EXPECT(__builtin_dynamic_object_size(p, 0), allocated_size); > + EXPECT(__builtin_dynamic_object_size(p, 1), allocated_size); > + EXPECT(__builtin_dynamic_object_size(p, 2), allocated_size); > + EXPECT(__builtin_dynamic_object_size(p, 3), allocated_size); > + return p; > +} > + > +int main () > +{ > + struct annotated *p, *q; > + p = alloc_buf_more (10); > + q = alloc_buf_less (10); > + > + /* When checking the access p->array, we only have info on the counted-by > + value. */ > + EXPECT(__builtin_dynamic_object_size(p->array, 0), p->foo * sizeof(char)); > + EXPECT(__builtin_dynamic_object_size(p->array, 1), p->foo * sizeof(char)); > + EXPECT(__builtin_dynamic_object_size(p->array, 2), p->foo * sizeof(char)); > + EXPECT(__builtin_dynamic_object_size(p->array, 3), p->foo * sizeof(char)); > + /* When checking the pointer p, we have no observed allocation nor observed > + access, therefore, we cannot determine the size info here. */ > + EXPECT(__builtin_dynamic_object_size(p, 0), -1); > + EXPECT(__builtin_dynamic_object_size(p, 1), -1); > + EXPECT(__builtin_dynamic_object_size(p, 2), 0); > + EXPECT(__builtin_dynamic_object_size(p, 3), 0); > + > + /* When checking the access p->array, we only have info on the counted-by > + value. */ > + EXPECT(__builtin_dynamic_object_size(q->array, 0), q->foo * sizeof(char)); > + EXPECT(__builtin_dynamic_object_size(q->array, 1), q->foo * sizeof(char)); > + EXPECT(__builtin_dynamic_object_size(q->array, 2), q->foo * sizeof(char)); > + EXPECT(__builtin_dynamic_object_size(q->array, 3), q->foo * sizeof(char)); > + /* When checking the pointer p, we have no observed allocation nor observed > + access, therefore, we cannot determine the size info here. */ > + EXPECT(__builtin_dynamic_object_size(q, 0), -1); > + EXPECT(__builtin_dynamic_object_size(q, 1), -1); > + EXPECT(__builtin_dynamic_object_size(q, 2), 0); > + EXPECT(__builtin_dynamic_object_size(q, 3), 0); > + > + DONE (); > +} > diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c > new file mode 100644 > index 000000000000..68f9b0f7c8d2 > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c > @@ -0,0 +1,48 @@ > +/* Test the attribute counted_by and its usage in > + * __builtin_dynamic_object_size: when the counted_by field is negative. */ > +/* { dg-do run } */ > +/* { dg-options "-O2" } */ > + > +#include "builtin-object-size-common.h" > + > +struct annotated { > + int b; > + int c[] __attribute__ ((counted_by (b))); > +} *array_annotated; > + > +struct nested_annotated { > + struct { > + union { > + int b; > + float f; > + }; > + int n; > + }; > + int c[] __attribute__ ((counted_by (b))); > +} *array_nested_annotated; > + > +void __attribute__((__noinline__)) setup (int attr_count) > +{ > + array_annotated > + = (struct annotated *)malloc (sizeof (struct annotated)); > + array_annotated->b = attr_count; > + > + array_nested_annotated > + = (struct nested_annotated *)malloc (sizeof (struct nested_annotated)); > + array_nested_annotated->b = attr_count -1; > + > + return; > +} > + > +void __attribute__((__noinline__)) test () > +{ > + EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1), 0); > + EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1), 0); > +} > + > +int main(int argc, char *argv[]) > +{ > + setup (-10); > + test (); > + DONE (); > +} > diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc > index 018fbc30cbb6..8de264d1dee2 100644 > --- a/gcc/tree-object-size.cc > +++ b/gcc/tree-object-size.cc > @@ -37,6 +37,7 @@ along with GCC; see the file COPYING3. If not see > #include "attribs.h" > #include "builtins.h" > #include "gimplify-me.h" > +#include "gimplify.h" > > struct object_size_info > { > @@ -60,6 +61,7 @@ static tree compute_object_offset (tree, const_tree); > static bool addr_object_size (struct object_size_info *, > const_tree, int, tree *, tree *t = NULL); > static tree alloc_object_size (const gcall *, int); > +static tree access_with_size_object_size (const gcall *, int); > static tree pass_through_call (const gcall *); > static void collect_object_sizes_for (struct object_size_info *, tree); > static void expr_object_size (struct object_size_info *, tree, tree); > @@ -749,6 +751,60 @@ addr_object_size (struct object_size_info *osi, const_tree ptr, > return false; > } > > +/* Compute __builtin_object_size for a CALL to .ACCESS_WITH_SIZE, > + OBJECT_SIZE_TYPE is the second argument from __builtin_object_size. > + The 2nd, 3rd, and the 4th parameters of the call determine the size of > + the CALL: > + > + 2nd argument REF_TO_SIZE: The reference to the size of the object, > + 3rd argument CLASS_OF_SIZE: The size referenced by the REF_TO_SIZE represents > + 0: the number of bytes; > + 1: the number of the elements of the object type; > + 4th argument TYPE_OF_SIZE: A constant 0 with its TYPE being the same as the TYPE > + of the object referenced by REF_TO_SIZE > + > + The size of the element can be retrived from the result type of the call, > + which is the pointer to the array type. */ > +static tree > +access_with_size_object_size (const gcall *call, int object_size_type) > +{ > + /* If not for dynamic object size, return. */ > + if ((object_size_type & OST_DYNAMIC) == 0) > + return size_unknown (object_size_type); > + > + gcc_assert (gimple_call_internal_p (call, IFN_ACCESS_WITH_SIZE)); > + /* Result type is a pointer type to the original flexible array type. */ > + tree result_type = gimple_call_return_type (call); > + gcc_assert (POINTER_TYPE_P (result_type)); > + tree element_size = TYPE_SIZE_UNIT (TREE_TYPE (TREE_TYPE (result_type))); > + tree ref_to_size = gimple_call_arg (call, 1); > + unsigned int class_of_size = TREE_INT_CST_LOW (gimple_call_arg (call, 2)); > + tree type = TREE_TYPE (gimple_call_arg (call, 3)); > + > + tree size = fold_build2 (MEM_REF, type, ref_to_size, > + build_int_cst (ptr_type_node, 0)); > + > + /* If size is negative value, treat it as zero. */ > + if (!TYPE_UNSIGNED (type)) > + { > + tree cond_expr = fold_build2 (LT_EXPR, boolean_type_node, > + unshare_expr (size), build_zero_cst (type)); > + size = fold_build3 (COND_EXPR, integer_type_node, cond_expr, > + build_zero_cst (type), size); > + } > + > + if (class_of_size == 1) > + size = size_binop (MULT_EXPR, > + fold_convert (sizetype, size), > + fold_convert (sizetype, element_size)); > + else > + size = fold_convert (sizetype, size); > + > + if (!todo) > + todo = TODO_update_ssa_only_virtuals; > + > + return size; > +} > > /* Compute __builtin_object_size for CALL, which is a GIMPLE_CALL. > Handles calls to functions declared with attribute alloc_size. > @@ -1350,8 +1406,12 @@ call_object_size (struct object_size_info *osi, tree ptr, gcall *call) > > bool is_strdup = gimple_call_builtin_p (call, BUILT_IN_STRDUP); > bool is_strndup = gimple_call_builtin_p (call, BUILT_IN_STRNDUP); > + bool is_access_with_size > + = gimple_call_internal_p (call, IFN_ACCESS_WITH_SIZE); > if (is_strdup || is_strndup) > bytes = strdup_object_size (call, object_size_type, is_strndup); > + else if (is_access_with_size) > + bytes = access_with_size_object_size (call, object_size_type); > else > bytes = alloc_object_size (call, object_size_type); > > -- > 2.31.1 >
> On May 28, 2024, at 03:39, Richard Biener <richard.guenther@gmail.com> wrote: > > On Fri, Apr 12, 2024 at 3:54 PM Qing Zhao <qing.zhao@oracle.com> wrote: >> > > I have no comments here, if Siddesh is OK with this I approve. thanks. Qing > >> gcc/ChangeLog: >> >> * tree-object-size.cc (access_with_size_object_size): New function. >> (call_object_size): Call the new function. >> >> gcc/testsuite/ChangeLog: >> >> * gcc.dg/builtin-object-size-common.h: Add a new macro EXPECT. >> * gcc.dg/flex-array-counted-by-3.c: New test. >> * gcc.dg/flex-array-counted-by-4.c: New test. >> * gcc.dg/flex-array-counted-by-5.c: New test. >> --- >> .../gcc.dg/builtin-object-size-common.h | 11 ++ >> .../gcc.dg/flex-array-counted-by-3.c | 63 +++++++ >> .../gcc.dg/flex-array-counted-by-4.c | 178 ++++++++++++++++++ >> .../gcc.dg/flex-array-counted-by-5.c | 48 +++++ >> gcc/tree-object-size.cc | 60 ++++++ >> 5 files changed, 360 insertions(+) >> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-3.c >> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-4.c >> create mode 100644 gcc/testsuite/gcc.dg/flex-array-counted-by-5.c >> >> diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h b/gcc/testsuite/gcc.dg/builtin-object-size-common.h >> index 66ff7cdd953a..b677067c6e6b 100644 >> --- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h >> +++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h >> @@ -30,3 +30,14 @@ unsigned nfails = 0; >> __builtin_abort (); \ >> return 0; \ >> } while (0) >> + >> +#define EXPECT(p, _v) do { \ >> + size_t v = _v; \ >> + if (p == v) \ >> + __builtin_printf ("ok: %s == %zd\n", #p, p); \ >> + else \ >> + { \ >> + __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v); \ >> + FAIL (); \ >> + } \ >> +} while (0); >> diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c >> new file mode 100644 >> index 000000000000..78f50230e891 >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c >> @@ -0,0 +1,63 @@ >> +/* Test the attribute counted_by and its usage in >> + * __builtin_dynamic_object_size. */ >> +/* { dg-do run } */ >> +/* { dg-options "-O2" } */ >> + >> +#include "builtin-object-size-common.h" >> + >> +struct flex { >> + int b; >> + int c[]; >> +} *array_flex; >> + >> +struct annotated { >> + int b; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_annotated; >> + >> +struct nested_annotated { >> + struct { >> + union { >> + int b; >> + float f; >> + }; >> + int n; >> + }; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_nested_annotated; >> + >> +void __attribute__((__noinline__)) setup (int normal_count, int attr_count) >> +{ >> + array_flex >> + = (struct flex *)malloc (sizeof (struct flex) >> + + normal_count * sizeof (int)); >> + array_flex->b = normal_count; >> + >> + array_annotated >> + = (struct annotated *)malloc (sizeof (struct annotated) >> + + attr_count * sizeof (int)); >> + array_annotated->b = attr_count; >> + >> + array_nested_annotated >> + = (struct nested_annotated *)malloc (sizeof (struct nested_annotated) >> + + attr_count * sizeof (int)); >> + array_nested_annotated->b = attr_count; >> + >> + return; >> +} >> + >> +void __attribute__((__noinline__)) test () >> +{ >> + EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1); >> + EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1), >> + array_annotated->b * sizeof (int)); >> + EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1), >> + array_nested_annotated->b * sizeof (int)); >> +} >> + >> +int main(int argc, char *argv[]) >> +{ >> + setup (10,10); >> + test (); >> + DONE (); >> +} >> diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c >> new file mode 100644 >> index 000000000000..20103d58ef51 >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c >> @@ -0,0 +1,178 @@ >> +/* Test the attribute counted_by and its usage in >> +__builtin_dynamic_object_size: what's the correct behavior when the >> +allocation size mismatched with the value of counted_by attribute? >> +We should always use the latest value that is hold by the counted_by >> +field. */ >> +/* { dg-do run } */ >> +/* { dg-options "-O -fstrict-flex-arrays=3" } */ >> + >> +#include "builtin-object-size-common.h" >> + >> +struct annotated { >> + size_t foo; >> + char others; >> + char array[] __attribute__((counted_by (foo))); >> +}; >> + >> +#define noinline __attribute__((__noinline__)) >> +#define SIZE_BUMP 10 >> +#define MAX(a, b) ((a) > (b) ? (a) : (b)) >> + >> +/* In general, Due to type casting, the type for the pointee of a pointer >> + does not say anything about the object it points to, >> + So, __builtin_object_size can not directly use the type of the pointee >> + to decide the size of the object the pointer points to. >> + >> + There are only two reliable ways: >> + A. observed allocations (call to the allocation functions in the routine) >> + B. observed accesses (read or write access to the location of the >> + pointer points to) >> + >> + That provide information about the type/existence of an object at >> + the corresponding address. >> + >> + For A, we use the "alloc_size" attribute for the corresponding allocation >> + functions to determine the object size; >> + (We treat counted_by attribute the same as the "alloc_size" attribute) >> + >> + For B, we use the SIZE info of the TYPE attached to the corresponding access. >> + >> + The only other way in C which ensures that a pointer actually points >> + to an object of the correct type is 'static': >> + >> + void foo(struct P *p[static 1]); >> + >> + See https://gcc.gnu.org/pipermail/gcc-patches/2023-July/624814.html >> + for more details. */ >> + >> +/* In the following function, malloc allocated more space than the value >> + of counted_by attribute. Then what's the correct behavior we expect >> + the __builtin_dynamic_object_size should have for each of the cases? */ >> + >> +static struct annotated * noinline alloc_buf_more (size_t index) >> +{ >> + struct annotated *p; >> + size_t allocated_size >> + = MAX (sizeof (struct annotated), >> + (__builtin_offsetof (struct annotated, array[0]) >> + + (index + SIZE_BUMP) * sizeof (char))); >> + p = (struct annotated *) malloc (allocated_size); >> + >> + p->foo = index; >> + >> + /* When checking the observed access p->array, we have info on both >> + observered allocation and observed access, >> + A.1 from observed allocation: >> + allocated_size - offsetof (struct annotated, array[0]) >> + >> + A.2 from the counted-by attribute: >> + p->foo * sizeof (char) >> + >> + We always use the latest value that is hold by the counted-by field. >> + */ >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 0), >> + (p->foo) * sizeof(char)); >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 1), >> + (p->foo) * sizeof(char)); >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 2), >> + (p->foo) * sizeof(char)); >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 3), >> + (p->foo) * sizeof(char)); >> + >> + /* When checking the pointer p, we only have info on the observed allocation. >> + So, the object size info can only been obtained from the call to malloc. >> + For both MAXIMUM and MINIMUM: A = (index + SIZE_BUMP) * sizeof (char) */ >> + EXPECT(__builtin_dynamic_object_size(p, 0), allocated_size); >> + EXPECT(__builtin_dynamic_object_size(p, 1), allocated_size); >> + EXPECT(__builtin_dynamic_object_size(p, 2), allocated_size); >> + EXPECT(__builtin_dynamic_object_size(p, 3), allocated_size); >> + return p; >> +} >> + >> +/* In the following function, malloc allocated less space than the value >> + of counted_by attribute. Then what's the correct behavior we expect >> + the __builtin_dynamic_object_size should have for each of the cases? >> + NOTE: this is an user error, GCC should issue warnings for such case. >> + This is a seperate issue we should address later. */ >> + >> +static struct annotated * noinline alloc_buf_less (size_t index) >> +{ >> + struct annotated *p; >> + size_t allocated_size >> + = MAX (sizeof (struct annotated), >> + (__builtin_offsetof (struct annotated, array[0]) >> + + (index) * sizeof (char))); >> + p = (struct annotated *) malloc (allocated_size); >> + >> + p->foo = index + SIZE_BUMP; >> + >> + /* When checking the observed access p->array, we have info on both >> + observered allocation and observed access, >> + A.1 from observed allocation: >> + allocated_size - offsetof (struct annotated, array[0]) >> + A.2 from the counted-by attribute: >> + p->foo * sizeof (char) >> + >> + We always use the latest value that is hold by the counted-by field. >> + */ >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 0), >> + (p->foo) * sizeof(char)); >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 1), >> + (p->foo) * sizeof(char)); >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 2), >> + (p->foo) * sizeof(char)); >> + >> + EXPECT(__builtin_dynamic_object_size(p->array, 3), >> + (p->foo) * sizeof(char)); >> + >> + /* When checking the pointer p, we only have info on the observed >> + allocation. So, the object size info can only been obtained from >> + the call to malloc. */ >> + EXPECT(__builtin_dynamic_object_size(p, 0), allocated_size); >> + EXPECT(__builtin_dynamic_object_size(p, 1), allocated_size); >> + EXPECT(__builtin_dynamic_object_size(p, 2), allocated_size); >> + EXPECT(__builtin_dynamic_object_size(p, 3), allocated_size); >> + return p; >> +} >> + >> +int main () >> +{ >> + struct annotated *p, *q; >> + p = alloc_buf_more (10); >> + q = alloc_buf_less (10); >> + >> + /* When checking the access p->array, we only have info on the counted-by >> + value. */ >> + EXPECT(__builtin_dynamic_object_size(p->array, 0), p->foo * sizeof(char)); >> + EXPECT(__builtin_dynamic_object_size(p->array, 1), p->foo * sizeof(char)); >> + EXPECT(__builtin_dynamic_object_size(p->array, 2), p->foo * sizeof(char)); >> + EXPECT(__builtin_dynamic_object_size(p->array, 3), p->foo * sizeof(char)); >> + /* When checking the pointer p, we have no observed allocation nor observed >> + access, therefore, we cannot determine the size info here. */ >> + EXPECT(__builtin_dynamic_object_size(p, 0), -1); >> + EXPECT(__builtin_dynamic_object_size(p, 1), -1); >> + EXPECT(__builtin_dynamic_object_size(p, 2), 0); >> + EXPECT(__builtin_dynamic_object_size(p, 3), 0); >> + >> + /* When checking the access p->array, we only have info on the counted-by >> + value. */ >> + EXPECT(__builtin_dynamic_object_size(q->array, 0), q->foo * sizeof(char)); >> + EXPECT(__builtin_dynamic_object_size(q->array, 1), q->foo * sizeof(char)); >> + EXPECT(__builtin_dynamic_object_size(q->array, 2), q->foo * sizeof(char)); >> + EXPECT(__builtin_dynamic_object_size(q->array, 3), q->foo * sizeof(char)); >> + /* When checking the pointer p, we have no observed allocation nor observed >> + access, therefore, we cannot determine the size info here. */ >> + EXPECT(__builtin_dynamic_object_size(q, 0), -1); >> + EXPECT(__builtin_dynamic_object_size(q, 1), -1); >> + EXPECT(__builtin_dynamic_object_size(q, 2), 0); >> + EXPECT(__builtin_dynamic_object_size(q, 3), 0); >> + >> + DONE (); >> +} >> diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c >> new file mode 100644 >> index 000000000000..68f9b0f7c8d2 >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c >> @@ -0,0 +1,48 @@ >> +/* Test the attribute counted_by and its usage in >> + * __builtin_dynamic_object_size: when the counted_by field is negative. */ >> +/* { dg-do run } */ >> +/* { dg-options "-O2" } */ >> + >> +#include "builtin-object-size-common.h" >> + >> +struct annotated { >> + int b; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_annotated; >> + >> +struct nested_annotated { >> + struct { >> + union { >> + int b; >> + float f; >> + }; >> + int n; >> + }; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_nested_annotated; >> + >> +void __attribute__((__noinline__)) setup (int attr_count) >> +{ >> + array_annotated >> + = (struct annotated *)malloc (sizeof (struct annotated)); >> + array_annotated->b = attr_count; >> + >> + array_nested_annotated >> + = (struct nested_annotated *)malloc (sizeof (struct nested_annotated)); >> + array_nested_annotated->b = attr_count -1; >> + >> + return; >> +} >> + >> +void __attribute__((__noinline__)) test () >> +{ >> + EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1), 0); >> + EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1), 0); >> +} >> + >> +int main(int argc, char *argv[]) >> +{ >> + setup (-10); >> + test (); >> + DONE (); >> +} >> diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc >> index 018fbc30cbb6..8de264d1dee2 100644 >> --- a/gcc/tree-object-size.cc >> +++ b/gcc/tree-object-size.cc >> @@ -37,6 +37,7 @@ along with GCC; see the file COPYING3. If not see >> #include "attribs.h" >> #include "builtins.h" >> #include "gimplify-me.h" >> +#include "gimplify.h" >> >> struct object_size_info >> { >> @@ -60,6 +61,7 @@ static tree compute_object_offset (tree, const_tree); >> static bool addr_object_size (struct object_size_info *, >> const_tree, int, tree *, tree *t = NULL); >> static tree alloc_object_size (const gcall *, int); >> +static tree access_with_size_object_size (const gcall *, int); >> static tree pass_through_call (const gcall *); >> static void collect_object_sizes_for (struct object_size_info *, tree); >> static void expr_object_size (struct object_size_info *, tree, tree); >> @@ -749,6 +751,60 @@ addr_object_size (struct object_size_info *osi, const_tree ptr, >> return false; >> } >> >> +/* Compute __builtin_object_size for a CALL to .ACCESS_WITH_SIZE, >> + OBJECT_SIZE_TYPE is the second argument from __builtin_object_size. >> + The 2nd, 3rd, and the 4th parameters of the call determine the size of >> + the CALL: >> + >> + 2nd argument REF_TO_SIZE: The reference to the size of the object, >> + 3rd argument CLASS_OF_SIZE: The size referenced by the REF_TO_SIZE represents >> + 0: the number of bytes; >> + 1: the number of the elements of the object type; >> + 4th argument TYPE_OF_SIZE: A constant 0 with its TYPE being the same as the TYPE >> + of the object referenced by REF_TO_SIZE >> + >> + The size of the element can be retrived from the result type of the call, >> + which is the pointer to the array type. */ >> +static tree >> +access_with_size_object_size (const gcall *call, int object_size_type) >> +{ >> + /* If not for dynamic object size, return. */ >> + if ((object_size_type & OST_DYNAMIC) == 0) >> + return size_unknown (object_size_type); >> + >> + gcc_assert (gimple_call_internal_p (call, IFN_ACCESS_WITH_SIZE)); >> + /* Result type is a pointer type to the original flexible array type. */ >> + tree result_type = gimple_call_return_type (call); >> + gcc_assert (POINTER_TYPE_P (result_type)); >> + tree element_size = TYPE_SIZE_UNIT (TREE_TYPE (TREE_TYPE (result_type))); >> + tree ref_to_size = gimple_call_arg (call, 1); >> + unsigned int class_of_size = TREE_INT_CST_LOW (gimple_call_arg (call, 2)); >> + tree type = TREE_TYPE (gimple_call_arg (call, 3)); >> + >> + tree size = fold_build2 (MEM_REF, type, ref_to_size, >> + build_int_cst (ptr_type_node, 0)); >> + >> + /* If size is negative value, treat it as zero. */ >> + if (!TYPE_UNSIGNED (type)) >> + { >> + tree cond_expr = fold_build2 (LT_EXPR, boolean_type_node, >> + unshare_expr (size), build_zero_cst (type)); >> + size = fold_build3 (COND_EXPR, integer_type_node, cond_expr, >> + build_zero_cst (type), size); >> + } >> + >> + if (class_of_size == 1) >> + size = size_binop (MULT_EXPR, >> + fold_convert (sizetype, size), >> + fold_convert (sizetype, element_size)); >> + else >> + size = fold_convert (sizetype, size); >> + >> + if (!todo) >> + todo = TODO_update_ssa_only_virtuals; >> + >> + return size; >> +} >> >> /* Compute __builtin_object_size for CALL, which is a GIMPLE_CALL. >> Handles calls to functions declared with attribute alloc_size. >> @@ -1350,8 +1406,12 @@ call_object_size (struct object_size_info *osi, tree ptr, gcall *call) >> >> bool is_strdup = gimple_call_builtin_p (call, BUILT_IN_STRDUP); >> bool is_strndup = gimple_call_builtin_p (call, BUILT_IN_STRNDUP); >> + bool is_access_with_size >> + = gimple_call_internal_p (call, IFN_ACCESS_WITH_SIZE); >> if (is_strdup || is_strndup) >> bytes = strdup_object_size (call, object_size_type, is_strndup); >> + else if (is_access_with_size) >> + bytes = access_with_size_object_size (call, object_size_type); >> else >> bytes = alloc_object_size (call, object_size_type); >> >> -- >> 2.31.1 >>
diff --git a/gcc/testsuite/gcc.dg/builtin-object-size-common.h b/gcc/testsuite/gcc.dg/builtin-object-size-common.h index 66ff7cdd953a..b677067c6e6b 100644 --- a/gcc/testsuite/gcc.dg/builtin-object-size-common.h +++ b/gcc/testsuite/gcc.dg/builtin-object-size-common.h @@ -30,3 +30,14 @@ unsigned nfails = 0; __builtin_abort (); \ return 0; \ } while (0) + +#define EXPECT(p, _v) do { \ + size_t v = _v; \ + if (p == v) \ + __builtin_printf ("ok: %s == %zd\n", #p, p); \ + else \ + { \ + __builtin_printf ("WAT: %s == %zd (expected %zd)\n", #p, p, v); \ + FAIL (); \ + } \ +} while (0); diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c new file mode 100644 index 000000000000..78f50230e891 --- /dev/null +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-3.c @@ -0,0 +1,63 @@ +/* Test the attribute counted_by and its usage in + * __builtin_dynamic_object_size. */ +/* { dg-do run } */ +/* { dg-options "-O2" } */ + +#include "builtin-object-size-common.h" + +struct flex { + int b; + int c[]; +} *array_flex; + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +struct nested_annotated { + struct { + union { + int b; + float f; + }; + int n; + }; + int c[] __attribute__ ((counted_by (b))); +} *array_nested_annotated; + +void __attribute__((__noinline__)) setup (int normal_count, int attr_count) +{ + array_flex + = (struct flex *)malloc (sizeof (struct flex) + + normal_count * sizeof (int)); + array_flex->b = normal_count; + + array_annotated + = (struct annotated *)malloc (sizeof (struct annotated) + + attr_count * sizeof (int)); + array_annotated->b = attr_count; + + array_nested_annotated + = (struct nested_annotated *)malloc (sizeof (struct nested_annotated) + + attr_count * sizeof (int)); + array_nested_annotated->b = attr_count; + + return; +} + +void __attribute__((__noinline__)) test () +{ + EXPECT(__builtin_dynamic_object_size(array_flex->c, 1), -1); + EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1), + array_annotated->b * sizeof (int)); + EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1), + array_nested_annotated->b * sizeof (int)); +} + +int main(int argc, char *argv[]) +{ + setup (10,10); + test (); + DONE (); +} diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c new file mode 100644 index 000000000000..20103d58ef51 --- /dev/null +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-4.c @@ -0,0 +1,178 @@ +/* Test the attribute counted_by and its usage in +__builtin_dynamic_object_size: what's the correct behavior when the +allocation size mismatched with the value of counted_by attribute? +We should always use the latest value that is hold by the counted_by +field. */ +/* { dg-do run } */ +/* { dg-options "-O -fstrict-flex-arrays=3" } */ + +#include "builtin-object-size-common.h" + +struct annotated { + size_t foo; + char others; + char array[] __attribute__((counted_by (foo))); +}; + +#define noinline __attribute__((__noinline__)) +#define SIZE_BUMP 10 +#define MAX(a, b) ((a) > (b) ? (a) : (b)) + +/* In general, Due to type casting, the type for the pointee of a pointer + does not say anything about the object it points to, + So, __builtin_object_size can not directly use the type of the pointee + to decide the size of the object the pointer points to. + + There are only two reliable ways: + A. observed allocations (call to the allocation functions in the routine) + B. observed accesses (read or write access to the location of the + pointer points to) + + That provide information about the type/existence of an object at + the corresponding address. + + For A, we use the "alloc_size" attribute for the corresponding allocation + functions to determine the object size; + (We treat counted_by attribute the same as the "alloc_size" attribute) + + For B, we use the SIZE info of the TYPE attached to the corresponding access. + + The only other way in C which ensures that a pointer actually points + to an object of the correct type is 'static': + + void foo(struct P *p[static 1]); + + See https://gcc.gnu.org/pipermail/gcc-patches/2023-July/624814.html + for more details. */ + +/* In the following function, malloc allocated more space than the value + of counted_by attribute. Then what's the correct behavior we expect + the __builtin_dynamic_object_size should have for each of the cases? */ + +static struct annotated * noinline alloc_buf_more (size_t index) +{ + struct annotated *p; + size_t allocated_size + = MAX (sizeof (struct annotated), + (__builtin_offsetof (struct annotated, array[0]) + + (index + SIZE_BUMP) * sizeof (char))); + p = (struct annotated *) malloc (allocated_size); + + p->foo = index; + + /* When checking the observed access p->array, we have info on both + observered allocation and observed access, + A.1 from observed allocation: + allocated_size - offsetof (struct annotated, array[0]) + + A.2 from the counted-by attribute: + p->foo * sizeof (char) + + We always use the latest value that is hold by the counted-by field. + */ + + EXPECT(__builtin_dynamic_object_size(p->array, 0), + (p->foo) * sizeof(char)); + + EXPECT(__builtin_dynamic_object_size(p->array, 1), + (p->foo) * sizeof(char)); + + EXPECT(__builtin_dynamic_object_size(p->array, 2), + (p->foo) * sizeof(char)); + + EXPECT(__builtin_dynamic_object_size(p->array, 3), + (p->foo) * sizeof(char)); + + /* When checking the pointer p, we only have info on the observed allocation. + So, the object size info can only been obtained from the call to malloc. + For both MAXIMUM and MINIMUM: A = (index + SIZE_BUMP) * sizeof (char) */ + EXPECT(__builtin_dynamic_object_size(p, 0), allocated_size); + EXPECT(__builtin_dynamic_object_size(p, 1), allocated_size); + EXPECT(__builtin_dynamic_object_size(p, 2), allocated_size); + EXPECT(__builtin_dynamic_object_size(p, 3), allocated_size); + return p; +} + +/* In the following function, malloc allocated less space than the value + of counted_by attribute. Then what's the correct behavior we expect + the __builtin_dynamic_object_size should have for each of the cases? + NOTE: this is an user error, GCC should issue warnings for such case. + This is a seperate issue we should address later. */ + +static struct annotated * noinline alloc_buf_less (size_t index) +{ + struct annotated *p; + size_t allocated_size + = MAX (sizeof (struct annotated), + (__builtin_offsetof (struct annotated, array[0]) + + (index) * sizeof (char))); + p = (struct annotated *) malloc (allocated_size); + + p->foo = index + SIZE_BUMP; + + /* When checking the observed access p->array, we have info on both + observered allocation and observed access, + A.1 from observed allocation: + allocated_size - offsetof (struct annotated, array[0]) + A.2 from the counted-by attribute: + p->foo * sizeof (char) + + We always use the latest value that is hold by the counted-by field. + */ + + EXPECT(__builtin_dynamic_object_size(p->array, 0), + (p->foo) * sizeof(char)); + + EXPECT(__builtin_dynamic_object_size(p->array, 1), + (p->foo) * sizeof(char)); + + EXPECT(__builtin_dynamic_object_size(p->array, 2), + (p->foo) * sizeof(char)); + + EXPECT(__builtin_dynamic_object_size(p->array, 3), + (p->foo) * sizeof(char)); + + /* When checking the pointer p, we only have info on the observed + allocation. So, the object size info can only been obtained from + the call to malloc. */ + EXPECT(__builtin_dynamic_object_size(p, 0), allocated_size); + EXPECT(__builtin_dynamic_object_size(p, 1), allocated_size); + EXPECT(__builtin_dynamic_object_size(p, 2), allocated_size); + EXPECT(__builtin_dynamic_object_size(p, 3), allocated_size); + return p; +} + +int main () +{ + struct annotated *p, *q; + p = alloc_buf_more (10); + q = alloc_buf_less (10); + + /* When checking the access p->array, we only have info on the counted-by + value. */ + EXPECT(__builtin_dynamic_object_size(p->array, 0), p->foo * sizeof(char)); + EXPECT(__builtin_dynamic_object_size(p->array, 1), p->foo * sizeof(char)); + EXPECT(__builtin_dynamic_object_size(p->array, 2), p->foo * sizeof(char)); + EXPECT(__builtin_dynamic_object_size(p->array, 3), p->foo * sizeof(char)); + /* When checking the pointer p, we have no observed allocation nor observed + access, therefore, we cannot determine the size info here. */ + EXPECT(__builtin_dynamic_object_size(p, 0), -1); + EXPECT(__builtin_dynamic_object_size(p, 1), -1); + EXPECT(__builtin_dynamic_object_size(p, 2), 0); + EXPECT(__builtin_dynamic_object_size(p, 3), 0); + + /* When checking the access p->array, we only have info on the counted-by + value. */ + EXPECT(__builtin_dynamic_object_size(q->array, 0), q->foo * sizeof(char)); + EXPECT(__builtin_dynamic_object_size(q->array, 1), q->foo * sizeof(char)); + EXPECT(__builtin_dynamic_object_size(q->array, 2), q->foo * sizeof(char)); + EXPECT(__builtin_dynamic_object_size(q->array, 3), q->foo * sizeof(char)); + /* When checking the pointer p, we have no observed allocation nor observed + access, therefore, we cannot determine the size info here. */ + EXPECT(__builtin_dynamic_object_size(q, 0), -1); + EXPECT(__builtin_dynamic_object_size(q, 1), -1); + EXPECT(__builtin_dynamic_object_size(q, 2), 0); + EXPECT(__builtin_dynamic_object_size(q, 3), 0); + + DONE (); +} diff --git a/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c b/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c new file mode 100644 index 000000000000..68f9b0f7c8d2 --- /dev/null +++ b/gcc/testsuite/gcc.dg/flex-array-counted-by-5.c @@ -0,0 +1,48 @@ +/* Test the attribute counted_by and its usage in + * __builtin_dynamic_object_size: when the counted_by field is negative. */ +/* { dg-do run } */ +/* { dg-options "-O2" } */ + +#include "builtin-object-size-common.h" + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +struct nested_annotated { + struct { + union { + int b; + float f; + }; + int n; + }; + int c[] __attribute__ ((counted_by (b))); +} *array_nested_annotated; + +void __attribute__((__noinline__)) setup (int attr_count) +{ + array_annotated + = (struct annotated *)malloc (sizeof (struct annotated)); + array_annotated->b = attr_count; + + array_nested_annotated + = (struct nested_annotated *)malloc (sizeof (struct nested_annotated)); + array_nested_annotated->b = attr_count -1; + + return; +} + +void __attribute__((__noinline__)) test () +{ + EXPECT(__builtin_dynamic_object_size(array_annotated->c, 1), 0); + EXPECT(__builtin_dynamic_object_size(array_nested_annotated->c, 1), 0); +} + +int main(int argc, char *argv[]) +{ + setup (-10); + test (); + DONE (); +} diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc index 018fbc30cbb6..8de264d1dee2 100644 --- a/gcc/tree-object-size.cc +++ b/gcc/tree-object-size.cc @@ -37,6 +37,7 @@ along with GCC; see the file COPYING3. If not see #include "attribs.h" #include "builtins.h" #include "gimplify-me.h" +#include "gimplify.h" struct object_size_info { @@ -60,6 +61,7 @@ static tree compute_object_offset (tree, const_tree); static bool addr_object_size (struct object_size_info *, const_tree, int, tree *, tree *t = NULL); static tree alloc_object_size (const gcall *, int); +static tree access_with_size_object_size (const gcall *, int); static tree pass_through_call (const gcall *); static void collect_object_sizes_for (struct object_size_info *, tree); static void expr_object_size (struct object_size_info *, tree, tree); @@ -749,6 +751,60 @@ addr_object_size (struct object_size_info *osi, const_tree ptr, return false; } +/* Compute __builtin_object_size for a CALL to .ACCESS_WITH_SIZE, + OBJECT_SIZE_TYPE is the second argument from __builtin_object_size. + The 2nd, 3rd, and the 4th parameters of the call determine the size of + the CALL: + + 2nd argument REF_TO_SIZE: The reference to the size of the object, + 3rd argument CLASS_OF_SIZE: The size referenced by the REF_TO_SIZE represents + 0: the number of bytes; + 1: the number of the elements of the object type; + 4th argument TYPE_OF_SIZE: A constant 0 with its TYPE being the same as the TYPE + of the object referenced by REF_TO_SIZE + + The size of the element can be retrived from the result type of the call, + which is the pointer to the array type. */ +static tree +access_with_size_object_size (const gcall *call, int object_size_type) +{ + /* If not for dynamic object size, return. */ + if ((object_size_type & OST_DYNAMIC) == 0) + return size_unknown (object_size_type); + + gcc_assert (gimple_call_internal_p (call, IFN_ACCESS_WITH_SIZE)); + /* Result type is a pointer type to the original flexible array type. */ + tree result_type = gimple_call_return_type (call); + gcc_assert (POINTER_TYPE_P (result_type)); + tree element_size = TYPE_SIZE_UNIT (TREE_TYPE (TREE_TYPE (result_type))); + tree ref_to_size = gimple_call_arg (call, 1); + unsigned int class_of_size = TREE_INT_CST_LOW (gimple_call_arg (call, 2)); + tree type = TREE_TYPE (gimple_call_arg (call, 3)); + + tree size = fold_build2 (MEM_REF, type, ref_to_size, + build_int_cst (ptr_type_node, 0)); + + /* If size is negative value, treat it as zero. */ + if (!TYPE_UNSIGNED (type)) + { + tree cond_expr = fold_build2 (LT_EXPR, boolean_type_node, + unshare_expr (size), build_zero_cst (type)); + size = fold_build3 (COND_EXPR, integer_type_node, cond_expr, + build_zero_cst (type), size); + } + + if (class_of_size == 1) + size = size_binop (MULT_EXPR, + fold_convert (sizetype, size), + fold_convert (sizetype, element_size)); + else + size = fold_convert (sizetype, size); + + if (!todo) + todo = TODO_update_ssa_only_virtuals; + + return size; +} /* Compute __builtin_object_size for CALL, which is a GIMPLE_CALL. Handles calls to functions declared with attribute alloc_size. @@ -1350,8 +1406,12 @@ call_object_size (struct object_size_info *osi, tree ptr, gcall *call) bool is_strdup = gimple_call_builtin_p (call, BUILT_IN_STRDUP); bool is_strndup = gimple_call_builtin_p (call, BUILT_IN_STRNDUP); + bool is_access_with_size + = gimple_call_internal_p (call, IFN_ACCESS_WITH_SIZE); if (is_strdup || is_strndup) bytes = strdup_object_size (call, object_size_type, is_strndup); + else if (is_access_with_size) + bytes = access_with_size_object_size (call, object_size_type); else bytes = alloc_object_size (call, object_size_type);