From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by sourceware.org (Postfix) with ESMTPS id A05A03858D32 for ; Thu, 25 May 2023 16:15:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A05A03858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34PGEoPA031893; Thu, 25 May 2023 16:15:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=corp-2023-03-30; bh=JgZWyXk0jiVsut+oa8NUOGIGzhktqmPdwLI//SrRphE=; b=T3UExQaCm8uHqKhBRCB5QEHi6IIgQP2FpxYzxGuiGUsFK6yU6LdObS+h31sqVcf6njDQ euPkfPmbyf2xNI8PlZcSBsfFwDdeBH+SMCnKt84CFqjdGUREfu9PymA3EzbTe7WFszps Tx1otK2Sy3iH1ivHfTh7I3b7mP2OznBIqehUOGqXJUPQJdIbc5DA3u9EE1s7kckijqdr ATSyxm22ujTQjZfrif3dFcUICf9yVs0NRQZTNKpKP7lsOS7YT/wSSCjKKgReUasuyVLH O9WLAsU4tcVj6CDZveZSMt3QC+eJdgGLyu8irAAKFRL2qrpoc1jOM/CHXxmMWNmEEgub 5w== Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3qtb0y802a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 May 2023 16:15:00 +0000 Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 34PFhWBE015767; Thu, 25 May 2023 16:15:00 GMT Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3qqk6nccf9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 May 2023 16:15:00 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FefzgErxKmDNNx2iLqHnyXnvOLjdpgFrseq37hfukSsVdcy/HPfe1SfrELpOxSAhT+dvDcX8e+GJ0xIRXgW5VUfg+a4gQvk4OMGdHOuWAGyGsEtXgYbY7U6fi/AGDv4g0KuPa5I8UQbQpsI7iKwYvsg5aWIZDLdqZLQbEf5vGxpBMAHL3w4KbzUBgHN1r55mFfwC9+G23EyeDu8Qnk4zUeCEFzoWIAWI5kEnkOP6hj3f2ToxOoqZCQYUIpqOve90KJB70fM22LRJRqxCBPsoGh4FLk8v1t4PwWqRavK578inD0VN4DqQ+7w1rhorb8ktbSONLrYTNyAZqcue7FcK+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JgZWyXk0jiVsut+oa8NUOGIGzhktqmPdwLI//SrRphE=; b=Lvx2U62SSHHx52NVo9zT2znXp1eg8eSKRGDqOpfRkOz+lPVl6I3/5EaTxhFiN5Fq0emEXr3KKsdapE4ZSiT0uDDh4VLtFImgH9dJv16ieTkdEp0Zu1bAg68whtuZZUZNrochzj7iIdNNlJfcVYzzm76i4r9AP9+B3jkKpNr8hHB6noXFD+RWy4IevOJTfke6hdguzifNJ82FOaP1EIa+5fjk493x7BzlKiPNYKqjpaoUNVMsabmSPIIp1DRMBe2+Uq7N9KB5fvm3XcRZPy0EQxoCIv0pYm4Q2jAsM02HdANBagK3u8nT/qqHRFVuFd2waAC6Jw22D/Fr3Yxj0LNZlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JgZWyXk0jiVsut+oa8NUOGIGzhktqmPdwLI//SrRphE=; b=Rnb3Uq1XquIvOjXL5IYcoiFqL4YFAoWozWBoYInxWxlEbgtN4GqXtrLJPUIOcV2E8lrKauDqASAUf/dM2hCCeFRYNHGHTYhejTGDxoBdFePvOP9lS0u3iAA9+WqHOaInFXV2x4W+6XRkrDaK8zS5JGBMzntnvhnuhpIAmq+XHe4= Received: from CH2PR10MB4344.namprd10.prod.outlook.com (2603:10b6:610:af::19) by BLAPR10MB5041.namprd10.prod.outlook.com (2603:10b6:208:30e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15; Thu, 25 May 2023 16:14:57 +0000 Received: from CH2PR10MB4344.namprd10.prod.outlook.com ([fe80::7aa1:df38:105a:21fa]) by CH2PR10MB4344.namprd10.prod.outlook.com ([fe80::7aa1:df38:105a:21fa%7]) with mapi id 15.20.6411.028; Thu, 25 May 2023 16:14:57 +0000 From: Qing Zhao To: joseph@codesourcery.com, richard.guenther@gmail.com, jakub@redhat.com, gcc-patches@gcc.gnu.org Cc: keescook@chromium.org, siddhesh@gotplt.org, uecker@tugraz.at, isanbard@gmail.com, Qing Zhao Subject: [V1][PATCH 0/3] New attribute "element_count" to annotate bounds for C99 FAM(PR108896) Date: Thu, 25 May 2023 16:14:47 +0000 Message-Id: <20230525161450.3704901-1-qing.zhao@oracle.com> X-Mailer: git-send-email 2.31.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: LO4P123CA0139.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:193::18) To CH2PR10MB4344.namprd10.prod.outlook.com (2603:10b6:610:af::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PR10MB4344:EE_|BLAPR10MB5041:EE_ X-MS-Office365-Filtering-Correlation-Id: 2bb6781b-7324-4081-a501-08db5d3b2eee X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3GlCUIZTlb5qVvmrauG97Kj3C4avXFHn40TxwSa540wBd41vGsyFPP2yfs+X+A6WBUERPeChoAagmVnjzeB1+G0MrRkMtgIAEsalZ73XyaHEoQ2dcxwpA73RYx63meimTC/kWn6hfmS3xVIgBDLpmak3oGI9PdBKyocgQDFrPwPLfGv9k2R14w7x3BGyR7gc7ELxJ+ByzT4vBGnMagf3mzhXdMmtzZIf0b7R2ZgA+JsuGX2HD6z45mYXB4FWMwWCcEDKoSP4GtCsEEw9W19hpEESy1556IUFgPfKcbrNPg5qHF0So3F5Hzbq/uTFzR2cku6+CG4VUpOJMixRnKcqn9J1V3QaYbTmg9kooefN/xh7EjxW7BNkAuzb9p8g689JK7ZBkvhHhvaHgir1uVFCdvbj4HtcYJ7JAlHFuz5DSN0sR8hBocAzMnnfjucAn5ashqTyWf61IxNB7nRiDW17Q6U/jiphVi/dHK8KD6M0GNB5HFQVtuJoUx44Tshj0ScVbAvwIvuhemNW3szoujUczYbeT27uSMKisEFZWvSw8QPUOBqWTG1DWSy9MiqoK8ANgo+LZEURyKdLGlRZ/eZduA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PR10MB4344.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(346002)(39860400002)(366004)(396003)(376002)(136003)(451199021)(2906002)(86362001)(83380400001)(186003)(2616005)(38100700002)(8936002)(36756003)(5660300002)(8676002)(316002)(44832011)(41300700001)(966005)(6506007)(107886003)(26005)(6512007)(6666004)(1076003)(4326008)(66476007)(66556008)(66946007)(478600001)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?8k6+zQKoIx3GMexuQnlBkU8UrlepuRVyGhoDcDDpZhf820sXwDH2bBJ1cc98?= =?us-ascii?Q?HYn1il8KQDwEQViY06U/rxFl1xGQbuk+JSYh7HrDpOphcOS+0ibZemzofoDU?= =?us-ascii?Q?7cq61a6NpMtgHy5nlZiFz14xJmPLEL9AoD4xEz9eX2AeigpGwTUFLvKhrXVO?= =?us-ascii?Q?u1yKscDVvRDwk+AWh22ZYpL9fLVhI3xVHE73Krr12L1O++Dnk/BAxBZHZq56?= =?us-ascii?Q?85ANKzD4g3mLiMMz8eAEzzOwQLOb3mBQ31xOHAPEl3am5Ksphv/1K4mD5Bt1?= =?us-ascii?Q?D4Z9Tp1p7nY6A0M2uvyDk9b5i28eNzEKF99urMPqVMnj7o+G+6L0a4DsJLGk?= =?us-ascii?Q?An7VtCL1U7KCA67ma2t3/WX73nQ7llbBNx4wftqmLjLk103O7ykwozT41XA3?= =?us-ascii?Q?26T+/+7Z+xV3FX+b7HfqFE9XCJnvATV+IDXkoBTZTf0uYwwVfeCQntTvoNS9?= =?us-ascii?Q?uOwPVk6Fb96q+E1ONfDDUPJgGUajyfpTZHw6qDKF6tEI5DoXveV6v8MAUwNh?= =?us-ascii?Q?vR6SdKRaCAr56WHDGr9MYbxJDpFTTzllYM21OZEE+eqCu62Ic/b7WfbGhPTF?= =?us-ascii?Q?0nrrOrRx07uSOgivgxkEfj9KSPWoWt4U7ufyHFsr92a/Sxl//pUzAC17HigO?= =?us-ascii?Q?DMeANpN6bR+6rdwNH92CshZMGXYjz9i7o3HTtlV2BY5mghzqhDgY4kh7tucy?= =?us-ascii?Q?nvRGmiPZxsIbkCxw44mgHoQGR4MTQZucF1jEGhy8XimrTxj3+AaC6XHRlIoz?= =?us-ascii?Q?GAzVRBBILDeAvS+caIOAAyQVpiDTP/p8BIWURfOa4Lp2LLmcmMEsASXenYYL?= =?us-ascii?Q?OMsaTe7D/SND6E64pk1uSGdyCKVSf6Wzzmv0CqIY+OkkQjIvDraCWG6ywunG?= =?us-ascii?Q?0vZ8z/ZRak19pElI83iofiYr+xXttFwcI3bNzY+C/mpf9gB390VLbJ8p8OBZ?= =?us-ascii?Q?yPiifw4ZKgBehr7CzdwaUJvTWc4sle1B9TE2OLFzAmMDIDJn6xgm3d8Q9fjV?= =?us-ascii?Q?Mio2xBOO+D9zIDwPouYvi9o/X185CqF3//TuJSw5anguxSiV8I1prI84rzzj?= =?us-ascii?Q?JNTBXxoIcfGqSlKrfLeEfspnSYjobDnATr9Tou61YChfo7yndx5AxIjdCrsB?= =?us-ascii?Q?MgikNqHM5wai/DkhMSt0jda85JGIVwVu3RI52oIyXiIE58EJisk/DNHeXHed?= =?us-ascii?Q?hHaqVI9QvT0q3sCqLLHvXO5Ku3JKJ4Suc95Ydcy0zC0/jqq3ZeiTnUziNo9d?= =?us-ascii?Q?eIl0fZ1BDGMBv08xtKoUw7wRZodFhsuJSleTBedWb8Z7i24QsfvbVUKsmPUU?= =?us-ascii?Q?ShLUJF7a/9KbLz9M/vgizUoIf0Eo+aBCUw9d8yk+1B/zfu8G6DQiRDDJmWwN?= =?us-ascii?Q?dJHIS7NZioYOufI0ltsU73H3wKY7bvpMMX8vuBor02sXaVd+ViKVMjsT0xFQ?= =?us-ascii?Q?LHOqBzfRo+pZOnh55PY7wJK+lUiy6NZ4CbgCSOokGhDHowthdUE/iHbJjYIN?= =?us-ascii?Q?xSgFVy+1JPZKL0m5sDY8lhN2epRAtiPlk2mzMxkQji0BUEmc5xPjGyksl+53?= =?us-ascii?Q?WCuRf2S5uGue25hRZiT7CyerL0p4M7780GFgnQqz?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: =?us-ascii?Q?SIYbC/sNFv/lFiGlXla5Jc0fwftNC2Ph6NB3z3oF2dKg6aESDBhduxcetpsL?= =?us-ascii?Q?ZM34qnj2JEtDjM8oESRlAsTbiVxWQ9QXXGXU3FWYoR1u+Fj56m5QdIYKIEf0?= =?us-ascii?Q?HP817rVo4WR+Go887LMh0gm7/WbIVKWq/XSEaAc7KeXrSCO1Nq5Dn9N8JYpf?= =?us-ascii?Q?t1Lcvney9gGNw/nCe58E3aE8JiOXvq0fDQqT5ASjUIoqaXxBzugogjkl/gmo?= =?us-ascii?Q?ARYxSLjtfbjGLyoF19GHwMYA77D2a4gBmQhYHK7mc52wnS1VYZ3cMmJzlw0k?= =?us-ascii?Q?Lc8xGpDS0D6bsZx7jfLcg2AwXCpKKHuVQV81KOegG4jIEXAEzAZWe5BUgW61?= =?us-ascii?Q?0E90yJtgCGMXquA9gKE471cugu2IskhSsSJjAoXEjHhTAb5A0IfNL01iOzn6?= =?us-ascii?Q?N8ylPtfQZfKZa6HF4U8WrJUDeEFmBwMF1I0SMQBCuOoisDQuZaQCT+4U/dES?= =?us-ascii?Q?UwiueYsqks0RiRvfQxLfDWsk1Z4laE35gaupbBEyrYOUoWZn6mDRMzVSMyUY?= =?us-ascii?Q?Os76TUbvvQOUFm1I94FZWZx7FvyX0amZgfwimlaWsszL4x2tTtSOz/IS3Yqv?= =?us-ascii?Q?7GBykApko5ubG0Cc7JplJ0akdIm17VR/CcJwrsnJ27JmQkw98/79Z2ykpv3r?= =?us-ascii?Q?KJPeORrXT6NBHLpTnw17YuH9gmXptJyBuBIIcrvgAmUnUF3N6J3SKlzg0a01?= =?us-ascii?Q?ruk1RepOniS9d5HryG3en4XOlZIL6U1KF7DsNPgoqwySOutyVx7ZcgpHDsoB?= =?us-ascii?Q?oDBzVUBd0Q+vWpyw5vw7aU7pFXgp4v7OVq4SNCHbg1hNOgESIuuDDss3+olV?= =?us-ascii?Q?y6bQHeSq+JJpHpFTCzsw9Uqv6B2CVu876RmUYV23FhhJlIAAcNLe+xxNXwaw?= =?us-ascii?Q?VrImBYeyt0U7Amrmd+fU5vYTxN59z32DoWTVzsqlZco0OZr/sZ4/ST+yJWl9?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2bb6781b-7324-4081-a501-08db5d3b2eee X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4344.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2023 16:14:57.6592 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7S0ZLrr+cVJX8csOWzFZ5mS1f+dSAl9S9otTHC6j6XkiuPDWi8/MofR8g0kqINkaCV3Gs05+W0YsfvvCYlaROA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5041 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-25_09,2023-05-25_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305250134 X-Proofpoint-GUID: Wt2rTDt1wG88K7gOfsEnAWL3i1gpSa39 X-Proofpoint-ORIG-GUID: Wt2rTDt1wG88K7gOfsEnAWL3i1gpSa39 X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi, This patch set introduces a new attribute "element_count" to annotate bounds for C99 flexible array member. A gcc bugzilla PR108896 has been created to record this task: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 A nice writeup "Bounded Flexible Arrays in C" https://people.kernel.org/kees/bounded-flexible-arrays-in-c. written by Kees Cook, from Kernel Self-Protection Project, provides a solid background and motivation of this new attribute: "With flexible arrays now a first-class citizen in Linux and the compilers, it becomes possible to extend their available diagnostics. What the compiler is missing is knowledge of how the length of a given flexible array is tracked. For well-described flexible array structs, this means associating the member holding the element count with the flexible array member. This idea is not new, though prior implementation (https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2660.pdf) proposals have wanted to make changes to the C language syntax. A simpler approach is the addition of struct member attributes, and is under discussion and early development by both the GCC and Clang developer communities." The basic idea is to annotate the flexible array member with a new attribute "element_count" to track its number of elements to another field in the same structure, for example: struct object { .. size_t count; /* carries the number of elements info for the FAM flex. */ int flex[]; }; will become: struct object { .. size_t count: /* carries the number of elements info for the FAM flex. */ int flex[] __attribute__((element_count ("count"))); }; GCC will pass the number of elements info from the attached attribute to both __builtin_dynamic_object_size and bounds sanitizer to check the out-of-bounds or dynamic object size issues during runtime for flexible array members. This new feature will provide nice protection to flexible array members (which currently are completely ignored by both __builtin_dynamic_object_size and bounds sanitizers). Possible future additions to this initial work include supporting counts from a variable outside the structure, or a field in the outer structure if needed. If the GCC extension works well, this feature might be promoted into new C standard in the future. Clang has a similar initial implemenation which is under review: https://reviews.llvm.org/D148381 Linux kernel also has a patch to use this new feature: https://lore.kernel.org/lkml/20230504211827.GA1666363@dev-arch.thelio-3990X/T/ The patch set include 3 patches: 1/3: Provide element_count attribute to flexible array member field (PR108896) 2/3: Use the element_count atribute info in builtin object size [PR108896]. 3/3: Use the element_count attribute information in bound sanitizer[PR108896] bootstrapped and regression tested on aarch64 and x86. Let me know if you have any comment or suggestion. Thanks. Qing