From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by sourceware.org (Postfix) with ESMTPS id 9271B3858D20 for ; Thu, 11 Apr 2024 13:22:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9271B3858D20 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=oracle.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9271B3858D20 Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=205.220.177.32 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1712841750; cv=pass; b=FjBKwvJTtH+u7C0crL5qZz9LdtO8eZMQVUieAge3Bb/OBgoV3yCjdYDN2Hw3zv1jYQe0OIFh0pzZfi6XG6AUgE+to9hBpt2+mWcRVpcNGlmdcQBhd4obQaRZ9qV0zihkIjcm6b603KZWY8KAHtORfXHVn7dPnNfFxTnwj7ExKdc= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1712841750; c=relaxed/simple; bh=GSiMxuTYNRdLYx5rVMrfnygOOOoIajsp/rl77+wFbGs=; h=DKIM-Signature:DKIM-Signature:From:To:Subject:Date:Message-ID: MIME-Version; b=Xh8T4uWrzqJpRncKWbSbT+OTyHpRnkQT/cFcTunFrH/rH/6tzKeNp6eUnwPvW7Jf68ZBJoxlTKDU2UINsBROT531xLKXG2JQRaN5PWd+MNmzIVlejL164OHE+srbj1driE29iEomJEeGHsGMsZi/2QdBsS3BiZi9XxCzC9r5nIw= ARC-Authentication-Results: i=2; server2.sourceware.org Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 43BD49bZ013479; Thu, 11 Apr 2024 13:22:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2023-11-20; bh=ENvXIEsCeNHVfVS/q9cIQHiqtFLpNOZZsT1gnZmXEso=; b=fl//64h249RzDFmkNMVp58UcXzklw/14anqvMLaxSSh1cS2BDbf8VFg2SY3Upo011iF7 HLRmdO+Gsr87nkW8Me6OnyyvbrbDxm72V2V36EJmiUavzLn18uov4wQ8/0VRyq0lyMD/ MCz9nkMR0KGuQhnQn3bQGBLbRQlhJEIBT4lvudQdwAOk2od3rWcBNSI5mayNsPQcMB/p 2DeI+K6WozXaRedy7xJQIHLTEYzAd9CLAwhSj85iiFE0O6W/r28fh/JU4jgOVKnebhpZ dxnuYtdFW6oWf+umyl+X0kHffBSkiNw81gbE7umeLuYa+knBTyB9pfRvEDZ3VNsmPYr0 Zg== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3xavtf9dkh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 11 Apr 2024 13:22:26 +0000 Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 43BCH3TI026429; Thu, 11 Apr 2024 13:22:25 GMT Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2101.outbound.protection.outlook.com [104.47.55.101]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3xdrsskb4g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 11 Apr 2024 13:22:25 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=feBaJ3s9PQqNDRWUW5j/nJ9uFYbQ6AUJ2T7pmM/YD17WHwvXEOKEKowaA1UwCP1dQQT0BpsRHkuFA1zvfZk/oih/a+jQO4+1YOPePsBWupGoToB+o3CAFXeCcf3m0p3CBE5dkHum2k4/oqr3EHfuVVK2jpUfbl7RZDJWBJv4kzSskyEs8hjUwEs0KrluOOluMaxQQ/e26th61Wl4vXoqA0o/N235IdisRnhpPZYUZuG0EtcoQ+C3WSCJCFoaEhPWdW+UFY9S7OX+8htWeZXU+e20i3i1YXOyJAVRbrpVrCmdtI+lAxVOOANfR/07E7IT5y25yVZ1zyK4NOpM5EVBEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ENvXIEsCeNHVfVS/q9cIQHiqtFLpNOZZsT1gnZmXEso=; b=kxuPo5dwvaMp34mraycwInA03OxcIPl3zWef+liVcqEdYDh1BE9GEFdaq15cYrTQ+vhD6I1JQkWulJ8v0sejitWa1sUufF0EPSWiL8tYGZXLynW45sreX6eRJV9ZaPPsSOdXfZFPHfqW13VzpI+8nx2P7J5edIADvgTrYgtfvKFY4wCDQefZFg62s55Cys9LiOmvXt+Adhuemutg/qOpf/TMiZmCD0QwW/8qKK7o0ksOD60ULsKn1plV80d3i1Tb6txKe4t9qsHq3ncQ9ShspYH+4DLSJ0+/cNx6355EXcGs9pLW/9qqfYOsNl0cBFC2KGyG3lpO6C8FGlKuIZ6z+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ENvXIEsCeNHVfVS/q9cIQHiqtFLpNOZZsT1gnZmXEso=; b=F0jJju4EL/bux4aBBF+mCJRK/0axEoQDMtMhkZICfig/UIBmpI3cOMLX+u9tJwTFtbVfa1lyU25VMkL5NuBD4pxgbv1f0tkkYbwwu7z/Z7FWlA1x+j49/tj2ZvcmysWk+64ZGIedqMggIHYMjo3aDsTjLFnnfmsyJNNM8x0SWxY= Received: from CY8PR10MB6538.namprd10.prod.outlook.com (2603:10b6:930:5a::17) by DS0PR10MB6149.namprd10.prod.outlook.com (2603:10b6:8:c7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Thu, 11 Apr 2024 13:22:22 +0000 Received: from CY8PR10MB6538.namprd10.prod.outlook.com ([fe80::2dae:7852:9563:b4bc]) by CY8PR10MB6538.namprd10.prod.outlook.com ([fe80::2dae:7852:9563:b4bc%6]) with mapi id 15.20.7409.042; Thu, 11 Apr 2024 13:22:22 +0000 From: Qing Zhao To: Siddhesh Poyarekar CC: Joseph Myers , Richard Biener , "uecker@tugraz.at" , Kees Cook , "isanbard@gmail.com" , "gcc-patches@gcc.gnu.org" Subject: Re: [PATCH v8 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer. Thread-Topic: [PATCH v8 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer. Thread-Index: AQHagfMv7ovcHbAkBkyDw1aMlSHb3LFiHTYAgAEFaQA= Date: Thu, 11 Apr 2024 13:22:22 +0000 Message-ID: <8B77AEF4-8B79-40A2-8D20-5CD0920BA81E@oracle.com> References: <20240329160703.4012941-1-qing.zhao@oracle.com> <20240329160703.4012941-5-qing.zhao@oracle.com> <32312936-4cae-444c-8fab-1f6f81bbb86d@gotplt.org> In-Reply-To: <32312936-4cae-444c-8fab-1f6f81bbb86d@gotplt.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3774.500.171.1.1) x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CY8PR10MB6538:EE_|DS0PR10MB6149:EE_ x-ms-office365-filtering-correlation-id: b2cba3e7-d761-4685-0a7e-08dc5a2a6bf9 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: v7/kuwjjrvWMQPHL7iPQ4T8gIWXl1k7pf/v77XRK+tKpOVDl5HS2XYpHV4hpmltttkjFjEyYWCsNsBNsxm6qns573cmI4nJRNrMk80dx8ZV/sZmYt5LLPtxvnDDk7EihUgzWYOl1QRZLtUMsPkOWAqZtfQAGZmqNfATDv6Ld/0aH9i96arTNb9ofsn1Kv4Awzwqr4TtCkfsaHesgkuSIaMujJH5aivX7kaeGD5A15WJlrN/RQKL+D9ML5bZCpnLwJ5NCk4F1J794rIxJ8MR9CUX09yX8aDwNXFxwvTj/FGPtTM8NsWBkwp7lOPnEOcx8SWmyz9TODJCCuvFCx+cuAUO7ZhgbIxZcZjI/LXspa9zedsl57/j88lD4URKuXYT1RV6/YLKFGS1llCEAXjdgMhn/eJfYCimnXNNm5mHJtrPfGWT8BkAbvjO65TUjz56CbLkHTo17t5ZFk0LSF6hrCy/3m7REQUQpM25e6z3Zn5zLyiDlgfNJIMmNiU0IjmDbYhISzppCwzGpOmtznIp75ftcKS/smdyqjsSQPiIJuDgN0mZn00JXOZwz88KkgTFOtbxFkEA++qe6ZIgTxP212Qdhq2EPK3tydj2+5MNRe1vwGlGsKjDzMzPImQXd39aI9ha5q2hsUZC+cxPlfNFjTMHhxlHfq9h0+Ql6XzzklY0/tq9tDBiwc16bB6q9y7Ya x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY8PR10MB6538.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(376005)(38070700009);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?7PVE44Q7czy7oZMlxOpU5cPqbNS5bOS6jfKvHoXz42XUqKtZF/cnKHLD4WaB?= =?us-ascii?Q?hEHAc0i+Z4ySvMt10Sd8dlisaeypIk+fNuUbBAQeIrSjLir+pk8KKNqBy5yh?= =?us-ascii?Q?492CfYx2lpDF/2Zg0rx9bq243Kqi8nK4zBsY+UYoWWdtBGxWX2XC6x44xTFx?= =?us-ascii?Q?unzFbKtAAEjOGmB1zI1AWZVk4Ys7nHQglgZAZ0mkLg3xXax6C61c8ZmHjYn9?= =?us-ascii?Q?ksaRC/Vjvww6yxn7i+BVrXi0MHU8xvmA6d2UdsTCoWgOKOnDYAj7GKTqahFy?= =?us-ascii?Q?2ouOqyxvT3+doOEpavaRb+qWDuaNGwsI1NEMXbpwN/47kxnsv6ED8RrCY+Ln?= =?us-ascii?Q?gDhFBBoIBDzsx73B/feouv0Whfy0VGhH8zdvPZWjYGT7mY5lr371Q3esuFzb?= =?us-ascii?Q?BIQHnJiT4C/A3FqElYTcHxBIQxbc9BE0JaxcBLnDOa/6cEJHd1BhGQzdqKte?= =?us-ascii?Q?2C/C1qJhYK6tTRWOol5kn/Fy/EFygckHDYlYBzctO5+yGL1LKNIHuStXcQmH?= =?us-ascii?Q?/WR0gvTxtDPlTk4LKMJzAb/L39ntOP8UfzJyeI+lR4cD6ehLX3/Mf3b//tMr?= =?us-ascii?Q?zFr5Egba2mVBLyQ63NBjH9DBiZOQhRwckeWw1vkGMjx1Ro1lwgJnl3XdVhz9?= =?us-ascii?Q?lfvxUK2+SrYZKiiznmB3hB5sI854T71w9Rmqqm9qfFPE73NJy10njCvCd2F5?= =?us-ascii?Q?7p/wv9I13oOy8bf4To0NYNyLm13BBwtcPMZHJah//b02JKYTEsKYl78SkZKi?= =?us-ascii?Q?1MM5O6dzuhA7ef0ZRoxor/1y2/RSh2PwXh81nbZyNJJhvfYBWTFARLftLrg9?= =?us-ascii?Q?WqemvT2dG/4jOqEkRC/MC6PafYfT0QRfrkFVqnc8fChD3uTTqo56YsSzMeu6?= =?us-ascii?Q?pN+Aco8JO4ZDvm2exneHlpCXEXWuKs2CmKfLjQIoTyGcpW+PA3v4E/xhpOWb?= =?us-ascii?Q?qDb0axG29gKN4RG+t3xgaeWIoHyn8iKVNYbh2Ua0Zaz97MB9cGlBRxn/qB0z?= =?us-ascii?Q?RgO/X8Uila1bFw8lBPULmMZ8HGwRWJSG4D0Z+EtFwVi1DtpRJF7949d9gzs6?= =?us-ascii?Q?GWmV2zMQhclLZ2PtWEZF8jwuknumzVbigO6vdN0uuthaxMVSQtBTps7tJ3Wd?= =?us-ascii?Q?zwG0x4JAWEmxAKIMNe/DEwod07MnX4i5A73dEwS/8lmKiNi8Wv9vrVJPhIl7?= =?us-ascii?Q?Wri1tIq3kIKw5DiHErB6AGAnfgCP+FrC0NjR5X2pDcibr7D7N+EYjccTWN0k?= =?us-ascii?Q?hltqFjEPlXAlxxY6fY48Vdah9S0DCC7a0uSe7GXOSsW2HCOMyvCIjCp1upzv?= =?us-ascii?Q?kUmPzFe9bAxWBdf/e06HkgKUjvQxPJUgL7rJR5m7Q/dI7dT+DoZm/AsS8tax?= =?us-ascii?Q?f0Gi12AzXI/horxIiiq/JXU5O+wdcQoERuawMuaqKz/nYpT+qdUWgrxryUCy?= =?us-ascii?Q?0oZyR9GtYpcwEXWzLZZbwOBtBLrP7E1jlM/Hgwqwp1J7/yqz/ReU00mc0hDu?= =?us-ascii?Q?yXjzqgxB90SwMlAQdSdB8PuEG9U4ZQWfzdo6jLgxmnOt0mjo7rANiokblQD3?= =?us-ascii?Q?BlHbZLUT/i1Kv+29rffC/eFIoXNm4BVZxiQhqEtvvWFaVHAj/bn2igCdBH+3?= =?us-ascii?Q?5LOzw6a4xv+h1SgIKIrR25M=3D?= Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: AabLNsOtDT4qXDGY+imR6g6K/09rd6yKUINacTKo5r3CARRD/qrdaHjsIh/hIVKZ/ckHTLptgHJ26lPv2ImBRjoH9g88la20YiVBJhqu+1Of+sTOAOaDukarttP8bwzdp5RWVI4Hj7FgWpHQbu7GuL9xs6d132FU8eZqPvzJ0cSrlgOLqxTBxWw1s5x386MV3iyxWcmLM43NObQFPFb5wmjW4Y+MvwKxGEQ5Q0kxbGiEvMOgk2x2R9UowBrUMl2cS9pPR2F9mQlYc8RUeEAOe2I8vTpROKqOOhWn3buUQ0KxB5TH8+oaO9HhMahle9S631zVhPSZzOD0OkWQuMwXYTCS2U/QFRt/DUrn/0xsKSyqwEG8TPlXN+89uS9YTMQ7pbJTgHXiqVrCrw//d0Wy3bQvkWpNC+8TMG3E3YJfjbA9zzj4WOM5TzsaiHU4kzj+X4xG5G7L32FxrjkuZo24dAdWdEzn7ecK6n3G8aUiv7h/xXnFeUKSj0CC+UyeH0Av9x7A3KKV2Od02dPR4UMkE1te35TtmUsFB6AOqMcSM4QbyzDHDNnLoNTkqkcGUGLYIcpMo+nk8A0ltHdkuZUColm6EijVUiXyBFOIDjNt2TU= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY8PR10MB6538.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b2cba3e7-d761-4685-0a7e-08dc5a2a6bf9 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2024 13:22:22.6187 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CtJ1XSP+4OdzVUPPey9nQyULumoDxjnuNfjWYx258He4Op27yyHJNbmxEttxuuOOuPzLrvAqJwwFGhs3v0PLYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR10MB6149 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-11_06,2024-04-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxscore=0 adultscore=0 phishscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404110097 X-Proofpoint-GUID: ivECXhN6zl5FBww6xIzQ5tzA6z7hG4J0 X-Proofpoint-ORIG-GUID: ivECXhN6zl5FBww6xIzQ5tzA6z7hG4J0 X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Sid, Thanks a lot for the review. > On Apr 10, 2024, at 17:46, Siddhesh Poyarekar wrote= : >=20 > On 2024-03-29 12:07, Qing Zhao wrote: >> gcc/c-family/ChangeLog: >> * c-ubsan.cc (get_bound_from_access_with_size): New function. >> (ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE. >> gcc/testsuite/ChangeLog: >> * gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test. >> * gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test. >> * gcc.dg/ubsan/flex-array-counted-by-bounds-4.c: New test. >> * gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test. >> --- >=20 > This version looks fine to me for stage 1, but I'm not a maintainer so yo= u'll need an ack from one to commit. This patch is purely C FE changes. Joseph already approved it. thanks. Qing >=20 > Thanks, > Sid >=20 >> gcc/c-family/c-ubsan.cc | 42 +++++++++++++++++ >> .../ubsan/flex-array-counted-by-bounds-2.c | 45 ++++++++++++++++++ >> .../ubsan/flex-array-counted-by-bounds-3.c | 34 ++++++++++++++ >> .../ubsan/flex-array-counted-by-bounds-4.c | 34 ++++++++++++++ >> .../ubsan/flex-array-counted-by-bounds.c | 46 +++++++++++++++++++ >> 5 files changed, 201 insertions(+) >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bou= nds-2.c >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bou= nds-3.c >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bou= nds-4.c >> create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bou= nds.c >> diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc >> index 940982819ddf..7cd3c6aa5b88 100644 >> --- a/gcc/c-family/c-ubsan.cc >> +++ b/gcc/c-family/c-ubsan.cc >> @@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc) >> return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc,= data)); >> } >> +/* Get the tree that represented the number of counted_by, i.e, the ma= ximum >> + number of the elements of the object that the call to .ACCESS_WITH_S= IZE >> + points to, this number will be the bound of the corresponding array.= */ >> +static tree >> +get_bound_from_access_with_size (tree call) >> +{ >> + if (!is_access_with_size_p (call)) >> + return NULL_TREE; >> + >> + tree ref_to_size =3D CALL_EXPR_ARG (call, 1); >> + unsigned int class_of_size =3D TREE_INT_CST_LOW (CALL_EXPR_ARG (call,= 2)); >> + tree type =3D TREE_TYPE (CALL_EXPR_ARG (call, 3)); >> + tree size =3D fold_build2 (MEM_REF, type, unshare_expr (ref_to_size), >> + build_int_cst (ptr_type_node, 0)); >> + /* If size is negative value, treat it as zero. */ >> + if (!TYPE_UNSIGNED (type)) >> + { >> + tree cond =3D fold_build2 (LT_EXPR, boolean_type_node, >> + unshare_expr (size), build_zero_cst (type)); >> + size =3D fold_build3 (COND_EXPR, type, cond, >> + build_zero_cst (type), size); >> + } >> + >> + /* Only when class_of_size is 1, i.e, the number of the elements of >> + the object type, return the size. */ >> + if (class_of_size !=3D 1) >> + return NULL_TREE; >> + else >> + size =3D fold_convert (sizetype, size); >> + >> + return size; >> +} >> + >> + >> /* Instrument array bounds for ARRAY_REFs. We create special builtin, >> that gets expanded in the sanopt pass, and make an array dimension >> of it. ARRAY is the array, *INDEX is an index to the array. >> @@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array= , tree *index, >> && COMPLETE_TYPE_P (type) >> && integer_zerop (TYPE_SIZE (type))) >> bound =3D build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1); >> + else if (INDIRECT_REF_P (array) >> + && is_access_with_size_p ((TREE_OPERAND (array, 0)))) >> + { >> + bound =3D get_bound_from_access_with_size ((TREE_OPERAND (array, 0))= ); >> + bound =3D fold_build2 (MINUS_EXPR, TREE_TYPE (bound), >> + bound, >> + build_int_cst (TREE_TYPE (bound), 1)); >> + } >> else >> return NULL_TREE; >> } >> diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c= b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c >> new file mode 100644 >> index 000000000000..b503320628d2 >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c >> @@ -0,0 +1,45 @@ >> +/* Test the attribute counted_by and its usage in >> + bounds sanitizer combined with VLA. */ >> +/* { dg-do run } */ >> +/* { dg-options "-fsanitize=3Dbounds" } */ >> +/* { dg-output "index 11 out of bounds for type 'int \\\[\\\*\\\]\\\[\\= \*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int \\\[\\\*\= \\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int \\\[\\\*\= \\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ >> +/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[\\\*\= \\]'\[^\n\r]*(\n|\r\n|\r)" } */ >> + >> + >> +#include >> + >> +void __attribute__((__noinline__)) setup_and_test_vla (int n, int m) >> +{ >> + struct foo { >> + int n; >> + int p[][n] __attribute__((counted_by(n))); >> + } *f; >> + >> + f =3D (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n])); >> + f->n =3D m; >> + f->p[m][n-1]=3D1; >> + return; >> +} >> + >> +void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2= , int m) >> +{ >> + struct foo { >> + int n; >> + int p[][n2][n1] __attribute__((counted_by(n))); >> + } *f; >> + >> + f =3D (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n2][n1= ])); >> + f->n =3D m; >> + f->p[m][n2][n1]=3D1; >> + return; >> +} >> + >> +int main(int argc, char *argv[]) >> +{ >> + setup_and_test_vla (10, 11); >> + setup_and_test_vla_1 (10, 11, 20); >> + return 0; >> +} >> + >> diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c= b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c >> new file mode 100644 >> index 000000000000..9da25644af3e >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c >> @@ -0,0 +1,34 @@ >> +/* Test the attribute counted_by and its usage in bounds >> + sanitizer. when counted_by field is negative value. */ >> +/* { dg-do run } */ >> +/* { dg-options "-fsanitize=3Dbounds" } */ >> + >> +#include >> + >> +struct annotated { >> + int b; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_annotated; >> + >> +void __attribute__((__noinline__)) setup (int annotated_count) >> +{ >> + array_annotated >> + =3D (struct annotated *)malloc (sizeof (struct annotated)); >> + array_annotated->b =3D annotated_count; >> + >> + return; >> +} >> + >> +void __attribute__((__noinline__)) test (int annotated_index) >> +{ >> + array_annotated->c[annotated_index] =3D 2; >> +} >> + >> +int main(int argc, char *argv[]) >> +{ >> + setup (-3); >> + test (2); >> + return 0; >> +} >> + >> +/* { dg-output "24:21: runtime error: index 2 out of bounds for type" }= */ >> diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c= b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c >> new file mode 100644 >> index 000000000000..bd7e144274fc >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c >> @@ -0,0 +1,34 @@ >> +/* Test the attribute counted_by and its usage in bounds >> + sanitizer. when counted_by field is zero value. */ >> +/* { dg-do run } */ >> +/* { dg-options "-fsanitize=3Dbounds" } */ >> + >> +#include >> + >> +struct annotated { >> + int b; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_annotated; >> + >> +void __attribute__((__noinline__)) setup (int annotated_count) >> +{ >> + array_annotated >> + =3D (struct annotated *)malloc (sizeof (struct annotated)); >> + array_annotated->b =3D annotated_count; >> + >> + return; >> +} >> + >> +void __attribute__((__noinline__)) test (int annotated_index) >> +{ >> + array_annotated->c[annotated_index] =3D 2; >> +} >> + >> +int main(int argc, char *argv[]) >> +{ >> + setup (0); >> + test (1); >> + return 0; >> +} >> + >> +/* { dg-output "24:21: runtime error: index 1 out of bounds for type" }= */ >> diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c b= /gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c >> new file mode 100644 >> index 000000000000..e2b911dde626 >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c >> @@ -0,0 +1,46 @@ >> +/* Test the attribute counted_by and its usage in >> + bounds sanitizer. */ >> +/* { dg-do run } */ >> +/* { dg-options "-fsanitize=3Dbounds" } */ >> + >> +#include >> + >> +struct flex { >> + int b; >> + int c[]; >> +} *array_flex; >> + >> +struct annotated { >> + int b; >> + int c[] __attribute__ ((counted_by (b))); >> +} *array_annotated; >> + >> +void __attribute__((__noinline__)) setup (int normal_count, int annotat= ed_count) >> +{ >> + array_flex >> + =3D (struct flex *)malloc (sizeof (struct flex) >> + + normal_count * sizeof (int)); >> + array_flex->b =3D normal_count; >> + >> + array_annotated >> + =3D (struct annotated *)malloc (sizeof (struct annotated) >> + + annotated_count * sizeof (int)); >> + array_annotated->b =3D annotated_count; >> + >> + return; >> +} >> + >> +void __attribute__((__noinline__)) test (int normal_index, int annotate= d_index) >> +{ >> + array_flex->c[normal_index] =3D 1; >> + array_annotated->c[annotated_index] =3D 2; >> +} >> + >> +int main(int argc, char *argv[]) >> +{ >> + setup (10, 10); >> + test (10, 10); >> + return 0; >> +} >> + >> +/* { dg-output "36:21: runtime error: index 10 out of bounds for type" = } */