From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Cgae=EC=chromium.org=keescook@sourceware.org>
Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431])
	by sourceware.org (Postfix) with ESMTPS id A6BD33858D28
	for <gcc-patches@gcc.gnu.org>; Thu, 17 Aug 2023 06:38:57 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A6BD33858D28
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=chromium.org
Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-6887918ed20so1784390b3a.2
        for <gcc-patches@gcc.gnu.org>; Wed, 16 Aug 2023 23:38:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1692254336; x=1692859136;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=Iyoy5QYOF3Zrf88ntarMn6BJ/wQfIAY8iZRm+E7mTNM=;
        b=TBpMHN4HH+8j1mo8sVqiV9Z4uAxq9tAqu8iD0umUfdkbSN+sPdl2XiwZJC2j2IIS7M
         4MduKHwCcswhXtBuabOdsdkopsps88CDi+S11NVNAuX586ur4lVyJKjp/tMB2xpj1450
         tvNTQrkjL2kAounVvlUpafthCShxpmwItuHFY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1692254336; x=1692859136;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Iyoy5QYOF3Zrf88ntarMn6BJ/wQfIAY8iZRm+E7mTNM=;
        b=fAGxII/5po93kz9Xwlj0GFfrlgkP09d9jyIXVnl1YVR6a9YnlB/zYEvn7WSAwAsWyY
         vagQRYBUao0KjEEftZfLx3JaXlE3EVpnYfgcNV7I6YMoR8Wd/AO07oBl4nm1Zmyy6Xfp
         rV+YmL4hdeUe+K/SbIQ3aam7xAxLWi4qA2bfShL+ZSeXqppMxIBqOxzFL1XcO+42aTR3
         hw5xSmOPPq2eycq8LsDDonKIhiy1y0TS2GkYAwu1owXfPmTOQMTg+HquanLJl4q8qjbx
         x/prWuRw5+6J/UdWSNJSZVRzXzQ2jPvo8uVzyWyAnd/6/KkE5EIT/C95a/px9RUic0XI
         UxBg==
X-Gm-Message-State: AOJu0YzuTr2x7xeGWj/VZkQD0TXdCupVQJpl+WYGLPnhBvLF0CB4QW6t
	k9+y5Wzym0ujGb6oIAoKilsx7A==
X-Google-Smtp-Source: AGHT+IF35PseHE9O6H2at4fEs3PiS08AE7P/Bo7UMokjoVOeksROffBKQ67rGrpHGj4TP2EPwVc6xA==
X-Received: by 2002:a05:6a00:138c:b0:668:81c5:2f8d with SMTP id t12-20020a056a00138c00b0066881c52f8dmr5185094pfg.3.1692254336482;
        Wed, 16 Aug 2023 23:38:56 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241])
        by smtp.gmail.com with ESMTPSA id bm17-20020a056a00321100b00640ddad2e0dsm12093906pfb.47.2023.08.16.23.38.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Aug 2023 23:38:55 -0700 (PDT)
Date: Wed, 16 Aug 2023 23:38:55 -0700
From: Kees Cook <keescook@chromium.org>
To: Qing Zhao <qing.zhao@oracle.com>
Cc: joseph@codesourcery.com, richard.guenther@gmail.com, jakub@redhat.com,
	gcc-patches@gcc.gnu.org, siddhesh@gotplt.org, uecker@tugraz.at,
	isanbard@gmail.com
Subject: Re: [V2][PATCH 0/3] New attribute "counted_by" to annotate bounds
 for C99 FAM(PR108896)
Message-ID: <202308162337.11DAF21835@keescook>
References: <20230804194431.993958-1-qing.zhao@oracle.com>
 <202308162226.19D3A36@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <202308162226.19D3A36@keescook>
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,WEIRD_PORT autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

On Wed, Aug 16, 2023 at 10:31:30PM -0700, Kees Cook wrote:
> On Fri, Aug 04, 2023 at 07:44:28PM +0000, Qing Zhao wrote:
> > This is the 2nd version of the patch, per our discussion based on the
> > review comments for the 1st version, the major changes in this version
> 
> I've been using Coccinelle to find and annotate[1] structures (193 so
> far...), and I've encountered 2 cases of GCC internal errors. I'm working
> on a minimized test case, but just in case these details are immediately
> helpful, here's what I'm seeing:

Okay, I got it minimized:

$ cat poc.c
struct a {
  unsigned long c;
  char d[] __attribute__((__counted_by__(c)));
} *b;

void f(long);

void e(void) {
  long g = __builtin_dynamic_object_size(b->d, 1);
  f(g);
}
$ gcc -O2 -c -o /dev/null poc.c
poc.c: In function 'e':
poc.c:8:6: error: incorrect sharing of tree nodes
    8 | void e(void) {
      |      ^
*b.0_1
_2 = &b.0_1->d;
during GIMPLE pass: objsz
poc.c:8:6: internal compiler error: verify_gimple failed
0xfe97fd verify_gimple_in_cfg(function*, bool, bool)
        ../../../../gcc/gcc/tree-cfg.cc:5646
0xe84894 execute_function_todo
        ../../../../gcc/gcc/passes.cc:2088
0xe84dee execute_todo
        ../../../../gcc/gcc/passes.cc:2142

-- 
Kees Cook