[Bug c/108896] provide "element_count" attribute to give more context to __builtin_dynamic_object_size() and -fsanitize=bounds

["muecker at gwdg dot de" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896

--- Comment #13 from Martin Uecker <muecker at gwdg dot de> ---
Am Donnerstag, dem 02.03.2023 um 19:47 +0000 schrieb qinzhao at gcc dot
gnu.org:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
> 
> --- Comment #11 from qinzhao at gcc dot gnu.org ---
> (In reply to Martin Uecker from comment #9)
> > 
> > https://www.open-std.org/jtc1/sc22/wg14/www/wg14_document_log
> thanks for the info. 
> > 
> > But we made variably modified types mandatory in C23 to
> > help with bounds checking and this already works quite
> > nicely with GCC / Clang:
> > 
> > https://godbolt.org/z/ddfsdWPMj
> nice!
> can you provide a pointer to the section in C23 that made this change?

VLAs and VM types exist since C99 and were made optional in C11.
The minimal change we adopted to make support for VM types 
(but not VLAs) mandatory again was:

https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2778.pdf

UBSan support in GCC to diagnose such out of bounds accesses
was added here:

https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=04fd785e38c4c37ae4f71704397a27a924baf4d9

> > 
> > > when this variable length concept is extended to global scope, not sure how to
> > > implement the size expression? need some study here.
> > 
> > Here, we want to use a member of the struct as a size 
> > expression. This could work equally at function and file scope.
> > But the semantics need to be worked out.  I have started to work
> > on a patch for GCC a couple of weeks ago using PLACEHOLDER_EXPR,
> > but did not get very far.
> > 
> > The idea is to evaluate the size expression whenever the member
> > with the size is accesses. If the size is not set before, this
> > would be undefined behavior.
> > 
> > Other languages such as Ada support this, so in principle this
> > should be a piece of cake.

> Oh, Ada can support this already?
> how does Ada implement this?

I think using PLACEHOLDER_EXPR that are insert into the size
expression and then replaced later by the struct being accessed, 
e.g.

struct foo {
 int len;
 char buf[PLACEHOLDER_EXPR.len]
};

and then later when we have

struct foo x;

x->buf

we would replace in the size of the type for x->buf the placeholder
with x itself.


> then we can just borrow Ada's implementation idea to implement this in C if
> this is approved as an GCC extension for C. 

Yes, this was what I wanted to do...  My main use case is not flexible
array members but VM types in struct:

struct foo {
  int len;
  char (*buf)[.len];
};


This has less issues because the size of the struct then does not depend
on the length.

But I am still trying to understand how this all works in GCC.


Martin