From: Martin Uecker <uecker@tugraz.at>
To: Bill Wendling <isanbard@gmail.com>, Qing Zhao <qing.zhao@oracle.com>
Cc: Jakub Jelinek <jakub@redhat.com>,
Richard Biener <richard.guenther@gmail.com>,
Kees Cook <keescook@chromium.org>,
Joseph Myers <joseph@codesourcery.com>,
Siddhesh Poyarekar <siddhesh@gotplt.org>,
GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: RFC: the proposal to resolve the missing dependency issue for counted_by attribute
Date: Fri, 03 Nov 2023 07:07:36 +0100 [thread overview]
Message-ID: <3df84ff288be72e6e6198e0221389395d53f2d63.camel@tugraz.at> (raw)
In-Reply-To: <CAEzuVAdHsO2dQTmFXBFYen1eCx52nsZrjC3qRxtrUfB+fsjHNQ@mail.gmail.com>
Am Donnerstag, dem 02.11.2023 um 17:28 -0700 schrieb Bill Wendling:
> On Thu, Nov 2, 2023 at 1:36 PM Qing Zhao <qing.zhao@oracle.com> wrote:
> >
> > Thanks a lot for raising these issues.
> >
> > If I understand correctly, the major question we need to answer is:
> >
> > For the following example: (Jakub mentioned this in an early message)
> >
> > 1 struct S { int a; char b __attribute__((counted_by (a))) []; };
> > 2 struct S s;
> > 3 s.a = 5;
> > 4 char *p = &s.b[2];
> > 5 int i1 = __builtin_dynamic_object_size (p, 0);
> > 6 s.a = 3;
> > 7 int i2 = __builtin_dynamic_object_size (p, 0);
> >
> > Should the 2nd __bdos call (line 7) get
> > A. the latest value of s.a (line 6) for it’s size?
> > Or B. the value when the s.b was referenced (line 3, line 4)?
> >
> I personally think it should be (A). The user is specifically
> indicating that the size has somehow changed, and the compiler should
> behave accordingly.
One potential problem for A apart from the potential impact on
optimization is that the information may get lost more
easily. Consider:
char *p = &s.b[2];
f(&s);
int i = __bdos(p, 0);
If the compiler can not see into 'f', the information is lost
because f may have changed the size.
And if I understand it correctly, if the pointers escapes
with .ACCESS_WITH_SIZE, then this is already true for:
char *p = &s.b[2];
g();
int i = __bdos(p, 0);
If we make it UB to change the size, then I guess we could
also delay this choice. Or we implement B but have a UBSan
option based on A that only verifies at run-time that the size
did not change.
Martin
>
> > A should be more convenient for the user to use the dynamic array feature.
> > With B, the user has to modify the source code (to add code to “re-obtain”
> > the pointer after the size was adjusted at line 6) as mentioned by Richard.
> >
> > This depends on how we design the new internal function .ACCESS_WITH_SIZE
> >
> > 1. Size is passed by value to .ACCESS_WITH_SIZE as we currently designed.
> >
> > PTR = .ACCESS_WITH_SIZE (PTR, SIZE, ACCESS_MODE)
> >
> > 2. Size is passed by reference to .ACCESS_WITH_SIZE as Jakub suggested.
> >
> > PTR = .ACCESS_WITH_SIZE(PTR, &SIZE, TYPEOFSIZE, ACCESS_MODE)
> >
> > With 1, We can only provide B, the user needs to modify the source code to get the full feature of dynamic array;
> > With 2, We can provide A, the user will get full support to the dynamic array without restrictions in the source code.
> >
> My understanding of ACCESS_WITH_SIZE is that it's there to add an
> explicit reference to SIZE so that the optimizers won't reorder the
> code incorrectly. If that's the case, then it should act as if
> ACCESS_WITH_SIZE wasn't even there (i.e. it's just a pointer
> dereference into the FAM). We get that with (2) it appears. It would
> be a major headache to make the user go throughout their code base to
> ensure that SIZE was either unmodified, or if it was that extra code
> must be added to ensure the expected behavior.
>
> > However, We have to pay additional cost for supporting A by using 2, which includes:
> >
> > 1. .ACCESS_WITH_SIZE will become an escape point, which will further impact the IPA optimizations, more runtime overhead.
> > Then .ACCESS_WTH_SIZE will not be CONST, right? But it will still be PURE?
> >
> > 2. __builtin_dynamic_object_size will NOT be LEAF anymore. This will also impact some IPA optimizations, more runtime overhead.
> >
> > I think the following are the factors that make the decision:
> >
> > 1. How big the performance impact?
> > 2. How important the dynamic array feature? Is adding some user restrictions as Richard mentioned feasible to support this feature?
> >
> > Maybe we can implement 1 first, if the full support to the dynamic array is needed, we can add 2 then?
> > Or, we can implement both, and compare the performance difference, then decide?
> >
> > Qing
> >
next prev parent reply other threads:[~2023-11-03 6:07 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 16:26 Qing Zhao
2023-10-31 17:35 ` Siddhesh Poyarekar
2023-10-31 18:35 ` Qing Zhao
2023-10-31 22:14 ` Joseph Myers
2023-11-01 14:47 ` Qing Zhao
2023-11-01 15:00 ` Martin Uecker
2023-11-01 15:48 ` Qing Zhao
2023-11-02 7:57 ` Richard Biener
2023-11-02 8:27 ` Jakub Jelinek
2023-11-02 10:18 ` Richard Biener
2023-11-02 10:39 ` Jakub Jelinek
2023-11-02 11:52 ` Richard Biener
2023-11-02 12:09 ` Jakub Jelinek
2023-11-02 20:35 ` Qing Zhao
2023-11-03 0:28 ` Bill Wendling
2023-11-03 6:07 ` Martin Uecker [this message]
2023-11-03 6:22 ` Jakub Jelinek
2023-11-03 6:32 ` Martin Uecker
2023-11-03 16:20 ` Qing Zhao
2023-11-03 16:30 ` Jakub Jelinek
2023-11-03 16:36 ` Qing Zhao
2023-11-03 14:32 ` Qing Zhao
2023-11-03 14:46 ` Jakub Jelinek
2023-11-03 15:22 ` Qing Zhao
2023-11-03 19:33 ` Qing Zhao
2023-11-02 20:47 ` Qing Zhao
2023-11-02 20:45 ` Qing Zhao
2023-11-02 13:50 ` Qing Zhao
2023-11-02 13:54 ` Richard Biener
2023-11-02 14:26 ` Qing Zhao
2023-11-02 14:12 ` Martin Uecker
2023-11-02 15:41 ` Siddhesh Poyarekar
2023-11-03 0:13 ` Bill Wendling
2023-11-03 19:28 ` Qing Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3df84ff288be72e6e6198e0221389395d53f2d63.camel@tugraz.at \
--to=uecker@tugraz.at \
--cc=gcc-patches@gcc.gnu.org \
--cc=isanbard@gmail.com \
--cc=jakub@redhat.com \
--cc=joseph@codesourcery.com \
--cc=keescook@chromium.org \
--cc=qing.zhao@oracle.com \
--cc=richard.guenther@gmail.com \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).