[PATCH, Pointer Bounds Checker 5/x] Attributes

[PATCH, Pointer Bounds Checker 5/x] Attributes

[Ilya Enkovich]

Hi,

This patch introduces attributes used by Pointer Bounds Checker.  Comparing to what was approved for 4.9, this one has additional attribute 'bnd_instrument' to be used for selective instrumentation.

Bootstrapped and tested on linux-x86_64.

OK for trunk?

Thanks,
Ilya
--
gcc/

2014-04-16  Ilya Enkovich  <ilya.enkovich@intel.com>

	* c-family/c-common.c (handle_bnd_variable_size_attribute): New.
	(handle_bnd_legacy): New.
	(handle_bnd_instrument): New.
	(c_common_attribute_table): Add bnd_variable_size, bnd_legacy
	and bnd_instrument.
	* doc/extend.texi: Document bnd_variable_size, bnd_legacy and
	bnd_instrument attributes.


diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
index 1d56bc0..babf89a 100644
--- a/gcc/c-family/c-common.c
+++ b/gcc/c-family/c-common.c
@@ -379,6 +379,9 @@ static tree handle_omp_declare_simd_attribute (tree *, tree, tree, int,
 					       bool *);
 static tree handle_omp_declare_target_attribute (tree *, tree, tree, int,
 						 bool *);
+static tree handle_bnd_variable_size_attribute (tree *, tree, tree, int, bool *);
+static tree handle_bnd_legacy (tree *, tree, tree, int, bool *);
+static tree handle_bnd_instrument (tree *, tree, tree, int, bool *);
 
 static void check_function_nonnull (tree, int, tree *);
 static void check_nonnull_arg (void *, tree, unsigned HOST_WIDE_INT);
@@ -772,6 +775,12 @@ const struct attribute_spec c_common_attribute_table[] =
 			      handle_alloc_align_attribute, false },
   { "assume_aligned",	      1, 2, false, true, true,
 			      handle_assume_aligned_attribute, false },
+  { "bnd_variable_size",      0, 0, true,  false, false,
+			      handle_bnd_variable_size_attribute, false },
+  { "bnd_legacy",             0, 0, true, false, false,
+			      handle_bnd_legacy, false },
+  { "bnd_instrument",         0, 0, true, false, false,
+			      handle_bnd_instrument, false },
   { NULL,                     0, 0, false, false, false, NULL, false }
 };
 
@@ -8118,6 +8127,54 @@ handle_fnspec_attribute (tree *node ATTRIBUTE_UNUSED, tree ARG_UNUSED (name),
   return NULL_TREE;
 }
 
+/* Handle a "bnd_variable_size" attribute; arguments as in
+   struct attribute_spec.handler.  */
+
+static tree
+handle_bnd_variable_size_attribute (tree *node, tree name, tree ARG_UNUSED (args),
+				    int ARG_UNUSED (flags), bool *no_add_attrs)
+{
+  if (TREE_CODE (*node) != FIELD_DECL)
+    {
+      warning (OPT_Wattributes, "%qE attribute ignored", name);
+      *no_add_attrs = true;
+    }
+
+  return NULL_TREE;
+}
+
+/* Handle a "bnd_legacy" attribute; arguments as in
+   struct attribute_spec.handler.  */
+
+static tree
+handle_bnd_legacy (tree *node, tree name, tree ARG_UNUSED (args),
+		   int ARG_UNUSED (flags), bool *no_add_attrs)
+{
+  if (TREE_CODE (*node) != FUNCTION_DECL)
+    {
+      warning (OPT_Wattributes, "%qE attribute ignored", name);
+      *no_add_attrs = true;
+    }
+
+  return NULL_TREE;
+}
+
+/* Handle a "bnd_instrument" attribute; arguments as in
+   struct attribute_spec.handler.  */
+
+static tree
+handle_bnd_instrument (tree *node, tree name, tree ARG_UNUSED (args),
+		       int ARG_UNUSED (flags), bool *no_add_attrs)
+{
+  if (TREE_CODE (*node) != FUNCTION_DECL)
+    {
+      warning (OPT_Wattributes, "%qE attribute ignored", name);
+      *no_add_attrs = true;
+    }
+
+  return NULL_TREE;
+}
+
 /* Handle a "warn_unused" attribute; arguments as in
    struct attribute_spec.handler.  */
 
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 1c74990..3c18829 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -2182,7 +2182,7 @@ attributes are currently defined for functions on all targets:
 @code{returns_nonnull}, @code{gnu_inline},
 @code{externally_visible}, @code{hot}, @code{cold}, @code{artificial},
 @code{no_sanitize_address}, @code{no_address_safety_analysis},
-@code{no_sanitize_undefined},
+@code{no_sanitize_undefined}, @code{bnd_legacy}, @code{bnd_instrument},
 @code{error} and @code{warning}.
 Several other attributes are defined for functions on particular
 target systems.  Other attributes, including @code{section} are
@@ -3684,6 +3684,18 @@ The @code{no_sanitize_undefined} attribute on functions is used
 to inform the compiler that it should not check for undefined behavior
 in the function when compiling with the @option{-fsanitize=undefined} option.
 
+@item bnd_legacy
+@cindex @code{bnd_legacy} function attribute
+The @code{bnd_legacy} attribute on functions is used to inform
+compiler that function should not be instrumented when compiled
+with @option{-fcheck-pointer-bounds} option.
+
+@item bnd_instrument
+@cindex @code{bnd_instrument} function attribute
+The @code{bnd_instrument} attribute on functions is used to inform
+compiler that function should be instrumented when compiled
+with @option{-fchkp-instrument-marked-only} option.
+
 @item regparm (@var{number})
 @cindex @code{regparm} attribute
 @cindex functions that are passed arguments in registers on the 386
@@ -5501,12 +5513,12 @@ placed in either the @code{.bss_below100} section or the
 The keyword @code{__attribute__} allows you to specify special
 attributes of @code{struct} and @code{union} types when you define
 such types.  This keyword is followed by an attribute specification
-inside double parentheses.  Seven attributes are currently defined for
+inside double parentheses.  Eight attributes are currently defined for
 types: @code{aligned}, @code{packed}, @code{transparent_union},
-@code{unused}, @code{deprecated}, @code{visibility}, and
-@code{may_alias}.  Other attributes are defined for functions
-(@pxref{Function Attributes}) and for variables (@pxref{Variable
-Attributes}).
+@code{unused}, @code{deprecated}, @code{visibility}, @code{may_alias}
+and @code{bnd_variable_size}.  Other attributes are defined for
+functions (@pxref{Function Attributes}) and for variables
+(@pxref{Variable Attributes}).
 
 You may also specify any one of these attributes with @samp{__}
 preceding and following its keyword.  This allows you to use these
@@ -5798,6 +5810,35 @@ and caught in another, the class must have default visibility.
 Otherwise the two shared objects are unable to use the same
 typeinfo node and exception handling will break.
 
+@item bnd_variable_size
+When applied to a structure field, this attribute tells Pointer
+Bounds Checker that the size of this field should not be computed
+using static type information.  It may be used to mark variable
+sized static array fields placed at the end of a structure.
+
+@smallexample
+struct S
+@{
+  int size;
+  char data[1];
+@}
+S *p = (S *)malloc (sizeof(S) + 100);
+p->data[10] = 0; //Bounds violation
+@end smallexample
+
+By using an attribute for a field we may avoid bound violation
+we most probably do not want to see:
+
+@smallexample
+struct S
+@{
+  int size;
+  char data[1] __attribute__((bnd_variable_size));
+@}
+S *p = (S *)malloc (sizeof(S) + 100);
+p->data[10] = 0; //OK
+@end smallexample
+
 @end table
 
 To specify multiple attributes, separate them by commas within the

Re: [PATCH, Pointer Bounds Checker 5/x] Attributes

[Ilya Enkovich]

Ping

2014-04-16 16:26 GMT+04:00 Ilya Enkovich <enkovich.gnu@gmail.com>:
> Hi,
>
> This patch introduces attributes used by Pointer Bounds Checker.  Comparing to what was approved for 4.9, this one has additional attribute 'bnd_instrument' to be used for selective instrumentation.
>
> Bootstrapped and tested on linux-x86_64.
>
> OK for trunk?
>
> Thanks,
> Ilya
> --
> gcc/
>
> 2014-04-16  Ilya Enkovich  <ilya.enkovich@intel.com>
>
>         * c-family/c-common.c (handle_bnd_variable_size_attribute): New.
>         (handle_bnd_legacy): New.
>         (handle_bnd_instrument): New.
>         (c_common_attribute_table): Add bnd_variable_size, bnd_legacy
>         and bnd_instrument.
>         * doc/extend.texi: Document bnd_variable_size, bnd_legacy and
>         bnd_instrument attributes.
>
>
> diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
> index 1d56bc0..babf89a 100644
> --- a/gcc/c-family/c-common.c
> +++ b/gcc/c-family/c-common.c
> @@ -379,6 +379,9 @@ static tree handle_omp_declare_simd_attribute (tree *, tree, tree, int,
>                                                bool *);
>  static tree handle_omp_declare_target_attribute (tree *, tree, tree, int,
>                                                  bool *);
> +static tree handle_bnd_variable_size_attribute (tree *, tree, tree, int, bool *);
> +static tree handle_bnd_legacy (tree *, tree, tree, int, bool *);
> +static tree handle_bnd_instrument (tree *, tree, tree, int, bool *);
>
>  static void check_function_nonnull (tree, int, tree *);
>  static void check_nonnull_arg (void *, tree, unsigned HOST_WIDE_INT);
> @@ -772,6 +775,12 @@ const struct attribute_spec c_common_attribute_table[] =
>                               handle_alloc_align_attribute, false },
>    { "assume_aligned",        1, 2, false, true, true,
>                               handle_assume_aligned_attribute, false },
> +  { "bnd_variable_size",      0, 0, true,  false, false,
> +                             handle_bnd_variable_size_attribute, false },
> +  { "bnd_legacy",             0, 0, true, false, false,
> +                             handle_bnd_legacy, false },
> +  { "bnd_instrument",         0, 0, true, false, false,
> +                             handle_bnd_instrument, false },
>    { NULL,                     0, 0, false, false, false, NULL, false }
>  };
>
> @@ -8118,6 +8127,54 @@ handle_fnspec_attribute (tree *node ATTRIBUTE_UNUSED, tree ARG_UNUSED (name),
>    return NULL_TREE;
>  }
>
> +/* Handle a "bnd_variable_size" attribute; arguments as in
> +   struct attribute_spec.handler.  */
> +
> +static tree
> +handle_bnd_variable_size_attribute (tree *node, tree name, tree ARG_UNUSED (args),
> +                                   int ARG_UNUSED (flags), bool *no_add_attrs)
> +{
> +  if (TREE_CODE (*node) != FIELD_DECL)
> +    {
> +      warning (OPT_Wattributes, "%qE attribute ignored", name);
> +      *no_add_attrs = true;
> +    }
> +
> +  return NULL_TREE;
> +}
> +
> +/* Handle a "bnd_legacy" attribute; arguments as in
> +   struct attribute_spec.handler.  */
> +
> +static tree
> +handle_bnd_legacy (tree *node, tree name, tree ARG_UNUSED (args),
> +                  int ARG_UNUSED (flags), bool *no_add_attrs)
> +{
> +  if (TREE_CODE (*node) != FUNCTION_DECL)
> +    {
> +      warning (OPT_Wattributes, "%qE attribute ignored", name);
> +      *no_add_attrs = true;
> +    }
> +
> +  return NULL_TREE;
> +}
> +
> +/* Handle a "bnd_instrument" attribute; arguments as in
> +   struct attribute_spec.handler.  */
> +
> +static tree
> +handle_bnd_instrument (tree *node, tree name, tree ARG_UNUSED (args),
> +                      int ARG_UNUSED (flags), bool *no_add_attrs)
> +{
> +  if (TREE_CODE (*node) != FUNCTION_DECL)
> +    {
> +      warning (OPT_Wattributes, "%qE attribute ignored", name);
> +      *no_add_attrs = true;
> +    }
> +
> +  return NULL_TREE;
> +}
> +
>  /* Handle a "warn_unused" attribute; arguments as in
>     struct attribute_spec.handler.  */
>
> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
> index 1c74990..3c18829 100644
> --- a/gcc/doc/extend.texi
> +++ b/gcc/doc/extend.texi
> @@ -2182,7 +2182,7 @@ attributes are currently defined for functions on all targets:
>  @code{returns_nonnull}, @code{gnu_inline},
>  @code{externally_visible}, @code{hot}, @code{cold}, @code{artificial},
>  @code{no_sanitize_address}, @code{no_address_safety_analysis},
> -@code{no_sanitize_undefined},
> +@code{no_sanitize_undefined}, @code{bnd_legacy}, @code{bnd_instrument},
>  @code{error} and @code{warning}.
>  Several other attributes are defined for functions on particular
>  target systems.  Other attributes, including @code{section} are
> @@ -3684,6 +3684,18 @@ The @code{no_sanitize_undefined} attribute on functions is used
>  to inform the compiler that it should not check for undefined behavior
>  in the function when compiling with the @option{-fsanitize=undefined} option.
>
> +@item bnd_legacy
> +@cindex @code{bnd_legacy} function attribute
> +The @code{bnd_legacy} attribute on functions is used to inform
> +compiler that function should not be instrumented when compiled
> +with @option{-fcheck-pointer-bounds} option.
> +
> +@item bnd_instrument
> +@cindex @code{bnd_instrument} function attribute
> +The @code{bnd_instrument} attribute on functions is used to inform
> +compiler that function should be instrumented when compiled
> +with @option{-fchkp-instrument-marked-only} option.
> +
>  @item regparm (@var{number})
>  @cindex @code{regparm} attribute
>  @cindex functions that are passed arguments in registers on the 386
> @@ -5501,12 +5513,12 @@ placed in either the @code{.bss_below100} section or the
>  The keyword @code{__attribute__} allows you to specify special
>  attributes of @code{struct} and @code{union} types when you define
>  such types.  This keyword is followed by an attribute specification
> -inside double parentheses.  Seven attributes are currently defined for
> +inside double parentheses.  Eight attributes are currently defined for
>  types: @code{aligned}, @code{packed}, @code{transparent_union},
> -@code{unused}, @code{deprecated}, @code{visibility}, and
> -@code{may_alias}.  Other attributes are defined for functions
> -(@pxref{Function Attributes}) and for variables (@pxref{Variable
> -Attributes}).
> +@code{unused}, @code{deprecated}, @code{visibility}, @code{may_alias}
> +and @code{bnd_variable_size}.  Other attributes are defined for
> +functions (@pxref{Function Attributes}) and for variables
> +(@pxref{Variable Attributes}).
>
>  You may also specify any one of these attributes with @samp{__}
>  preceding and following its keyword.  This allows you to use these
> @@ -5798,6 +5810,35 @@ and caught in another, the class must have default visibility.
>  Otherwise the two shared objects are unable to use the same
>  typeinfo node and exception handling will break.
>
> +@item bnd_variable_size
> +When applied to a structure field, this attribute tells Pointer
> +Bounds Checker that the size of this field should not be computed
> +using static type information.  It may be used to mark variable
> +sized static array fields placed at the end of a structure.
> +
> +@smallexample
> +struct S
> +@{
> +  int size;
> +  char data[1];
> +@}
> +S *p = (S *)malloc (sizeof(S) + 100);
> +p->data[10] = 0; //Bounds violation
> +@end smallexample
> +
> +By using an attribute for a field we may avoid bound violation
> +we most probably do not want to see:
> +
> +@smallexample
> +struct S
> +@{
> +  int size;
> +  char data[1] __attribute__((bnd_variable_size));
> +@}
> +S *p = (S *)malloc (sizeof(S) + 100);
> +p->data[10] = 0; //OK
> +@end smallexample
> +
>  @end table
>
>  To specify multiple attributes, separate them by commas within the

Re: [PATCH, Pointer Bounds Checker 5/x] Attributes

[Jeff Law]

On 04/16/14 06:26, Ilya Enkovich wrote:
> Hi,
>
> This patch introduces attributes used by Pointer Bounds Checker.  Comparing to what was approved for 4.9, this one has additional attribute 'bnd_instrument' to be used for selective instrumentation.
>
> Bootstrapped and tested on linux-x86_64.
>
> OK for trunk?
>
> Thanks,
> Ilya
> --
> gcc/
>
> 2014-04-16  Ilya Enkovich  <ilya.enkovich@intel.com>
>
> 	* c-family/c-common.c (handle_bnd_variable_size_attribute): New.
> 	(handle_bnd_legacy): New.
> 	(handle_bnd_instrument): New.
> 	(c_common_attribute_table): Add bnd_variable_size, bnd_legacy
> 	and bnd_instrument.
> 	* doc/extend.texi: Document bnd_variable_size, bnd_legacy and
> 	bnd_instrument attributes.
This is fine for the trunk, but per Richi's request please hold off 
committing until the entire series is approved.

Thanks,
jeff