From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by sourceware.org (Postfix) with ESMTPS id D9A323858403 for ; Fri, 15 Mar 2024 14:29:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D9A323858403 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=oracle.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D9A323858403 Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=205.220.177.32 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1710512956; cv=pass; b=WA9Le1l7Qhl6APU+RxuWH85m/DOBJ18YnfWC3CnhsaCcDzodYVh5qZwnHuH3qvf5LS7MhySeznl1Nh793VZsfe14KtFPZupwRmwl+2/my5WWg401dNaJ10HdV5+FJc6ERvLtA12ZnWukXKWTVVVs2hkIO1rKmhs83UNi4DpiYuk= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1710512956; c=relaxed/simple; bh=Nn6eDaB9fBIJnPPqMZSrcgheKAkRZqd3tPkuMjX8VBQ=; h=DKIM-Signature:DKIM-Signature:From:To:Subject:Date:Message-ID: MIME-Version; b=oZj4s6X3+7pNpvF4ZPjnr9jpNEyHFJxP0eb6kV6RwT4QlX5NkYIlOyGb5SGpyeml5voq5ti7ikrcHP/tQdRnMLn8evI/JNXWEa2xdKWKtIUv74eMY7AsyxkS+81LQkfXudVEyDYRJp9AcVzUT/K9ekCygeh10sto8mqlkhVSu30= ARC-Authentication-Results: i=2; server2.sourceware.org Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 42FC53NX004663; Fri, 15 Mar 2024 14:29:11 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp-2023-11-20; bh=KQblT9UYqTB7N8NnO8/f9encg5nn8EyFO/XHA8aMt9Y=; b=Vw2MMJbNcVkgFA3vdnB6DfOANi+14GhQ4l5kL00cQWWqSX3B9vueWT9hAQNYW/jeplEa I/YGnTsvv3k8mHBkBal7hjEaMEhneCtRK3mtocse/1LcwHemE/KW7r3L/qY/Q5VFbutT qu0frkXX7OAmbFIFhtYetHJhWmiX+FQV7EhnjiZOrYlWC4sae5Cr6M2FcKWQz7h9eKA4 KRVx8kPHr2dhScF1AqDohO8MDRld8/n+tmDJir/36beOA0mPfzjWyy9bp/e42Cznys/J kU7VTR6oG5gUeNtmP64THONRh8uyM3MIhQkjr08O9TI/vYeC2slhMRT9G7u/41bC9A26 Fg== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3wv0ac2u87-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 15 Mar 2024 14:29:11 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 42FE4N4Q033675; Fri, 15 Mar 2024 14:29:10 GMT Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2169.outbound.protection.outlook.com [104.47.56.169]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3wre7bprhr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 15 Mar 2024 14:29:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KLuwKyxNc/eRkZ3lY9wu43q5VoRw7EAgdpZ9r7yTZyQSdmm9g/4aSMWLbZG3FU1Rpbd0SNapnsxwE+D02XMoI3JLdt8r6tbKkkh98gma84RqnIZfd8kQLWm9hq3MHBDsV71h+ypMDksQEGCfhwF0YDgGF/kUQLMQ0m3GqYv1QuZy+oBcXm+QZQ1cFiiw1TVhXCalWpBWMEsCAm5HIpi4/qsLAc5hgY3ninwHE2b3StVgaDmltwR8NT/QhQsgpqBWuXX4YFTQJPNBxE7KdASNhFBR18Zfzx5y1fOxH7Fa9biv27dxZvlxePesgV0+Bx3ColZKJCfzZLF8EriVLIssqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KQblT9UYqTB7N8NnO8/f9encg5nn8EyFO/XHA8aMt9Y=; b=FMQnCKvamIjm5IBnQrObtlXR6JKpH9Z08iizGckp4h3LapR6IK3OVBnIpoq46KLiXsYinjmgdlSYj3af9CD7c7XDZ7zK5ciJ03inDwrQNCPnezEkkvlxzzmZWh8IdUeXCsc4T9dvOtCbRgvKwALCR/5JXR3ZfE+qGePfNeBa1T6vlbJMohEUVG0cY++fAaO2u84ne7xBtZgxt11K6upYVa60oiCwPO60ehYL0+pP/EkwbiYUnYISuLEfAc9/Rv5JPC2nQl/FLUgt14YwBroooyZu4v2tMEyKqdjeEQQZXLMU8lTkzgfZ8OJaizqxIZRT2aw/lsXyH9VjAcGcjFDsdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KQblT9UYqTB7N8NnO8/f9encg5nn8EyFO/XHA8aMt9Y=; b=rjv2d2vAAgPEMX1l3cNCK8FIOamUa36bkJPZ+Dl0guNfvY2NXrhQIs299kkVNXCfpXTZt2w72Fop3+hSlqf7CFGsRdcqYX8evWYYKbYMJKri5a/PUI2AQbB0Z9OsGnOO+z5I7TjewCXhoAdwWtWru7jhNMGAo4AHdsBPDcWOHSE= Received: from CY8PR10MB6538.namprd10.prod.outlook.com (2603:10b6:930:5a::17) by MN0PR10MB5910.namprd10.prod.outlook.com (2603:10b6:208:3d2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.36; Fri, 15 Mar 2024 14:29:07 +0000 Received: from CY8PR10MB6538.namprd10.prod.outlook.com ([fe80::2dae:7852:9563:b4bc]) by CY8PR10MB6538.namprd10.prod.outlook.com ([fe80::2dae:7852:9563:b4bc%6]) with mapi id 15.20.7386.017; Fri, 15 Mar 2024 14:29:07 +0000 From: Qing Zhao To: Siddhesh Poyarekar CC: Joseph Myers , "richard.guenther@gmail.com" , "uecker@tugraz.at" , "keescook@chromium.org" , "isanbard@gmail.com" , "gcc-patches@gcc.gnu.org" Subject: Re: [PATCH v6 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer. Thread-Topic: [PATCH v6 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer. Thread-Index: AQHaYREC1+D33g3GskaKU99kUdGPnbEy7VWAgANHPICAAtOHgA== Date: Fri, 15 Mar 2024 14:29:07 +0000 Message-ID: References: <20240216194723.391359-1-qing.zhao@oracle.com> <20240216194723.391359-5-qing.zhao@oracle.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3774.400.31) x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CY8PR10MB6538:EE_|MN0PR10MB5910:EE_ x-ms-office365-filtering-correlation-id: c6dc0680-c437-46c5-36bb-08dc44fc4605 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: YyMYx+fQIJJcp1AHpQwEMmnuymHKh0myi+XtL6+JGEUR3FYn3hKaEBCqknvnfULlYkKI7N/3/Beu2xr4KbJTH+iwcExn6dtKh3l0HSQfj3vd6avJt0m6kqUel1DSea6tUevToWAWPkgMYR/UJO016+auVucrEeQg2/Jsa7evu0T3trD58IX24oZ8VKvpd7milZ9QsSvtsF8h9HorIEOubUJRNb6+L5m2dhKFwVTkWymMejLu3+yownE803I59aDcepS9Lji157btxHn0wPMBLeOkcOe8CmIBn3+ASEi7niuhWKgLzP+ZqW7A7bSOjQ5HP9kiPmVVPWENrKawKotNxJDnXOWmzC3iZAuq0YyV7bUqwzfjrOuFvRICC2OkvjNT6eUxGjS5DuA8JgoK0NT2hwXqD2YCIhENTpktp4IIYWzs3erSVbPoaGkNM71MMUqkamtTZ5li8NxP9FWpnxZCeR54FCVwH5QYiE+YpWhS3yITllNrDz11pa3c+Inq1vB4+dmvQhsoTqs4toZ5SpvSlDrbO5dE4lrCwzuF+IBCXGCFLytrj7HASGMfFumdlLuiUxFGKhKBc9nPtEPdX6wV6tSnuRxbtDkujPzTvus8uf+3nz+Ah/9Zz8nyM6ltqeDzwJaBiz7M6fhiJb1gJFHLFLxLdOjdHqRtEUqohIVlapDY4uXPPDwX+hHGOxRw3bkT x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY8PR10MB6538.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(376005)(38070700009);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?4DpJGwngz1hzyvA7tsqOqeyhdYmSSPvDZcVl28Yqlz3ykkUQ4slJt7dLbtif?= =?us-ascii?Q?j5q1Cb31coGPvmuRCGgzgwfAwxzNJOhxg2TemoMcxivrcJjR6jPAYbZ3OXNv?= =?us-ascii?Q?haFPHPm7MosjeFH9IyE9Skc60sh2VvSKF3eRV89OT817X7A/XsUZaPgkKrr3?= =?us-ascii?Q?zGFz1yNYeueDNN6aGaiDE1969YzyrktXVKBIw8umyawGVJ2+JUYsGNg5ssYl?= =?us-ascii?Q?vtWJAGBsQ+1CwvsYM23fAOJ8e/VM70MGQoa09aHlR3fZOebiKZrApNOEOSGu?= =?us-ascii?Q?oF4WAvAke0Y9fAPMKgiv90tjNtzCD3M6AWatOGnYFQXXjman+xy4aIB6NuQs?= =?us-ascii?Q?qvFjuNKr4iuy9xgDp32VMsx2T2/mDusqhAsmH7cSVujSQbM2syeXhUuBT5tA?= =?us-ascii?Q?A0g7ei4z5dKZgOZ0cKIOUHB1ofFfBK3SGHp23f7p/HZhotCK8duXgtItVwip?= =?us-ascii?Q?iRO2Sbgmm4eUxGsvpYI3riWDdtXo1rYMvEgflmoBEbDNrAbmu0swuWpqoxQD?= =?us-ascii?Q?iQVTHx5AtiiL57moOjI2jXDc2ot3vNf1DaWenkCTg2YRD7dU9e6iNz2iYOO6?= =?us-ascii?Q?9nfg4WrOFfuMYLyWAxZSaiCg3P/XNuN7imoVXqyaDrXmOJVtqdfnbD6ys2Ne?= =?us-ascii?Q?DYlyjljO16uhU09jFEvKy4Zk6TjKeb3laox80sqnQrrppqh1fRk5IUeI2AVZ?= =?us-ascii?Q?tMMT5wNtVlQpkRL1W13LTG/35nWE13nw9nIgxW7PnfLp/PdsN0NMMmdiGz5O?= =?us-ascii?Q?4Z9BruJBVW741IUwb1zDTc/VspOBjDa5HB02O8wvluq1gNNXQFu6FfeTDMZP?= =?us-ascii?Q?GbjctGu2VXOssyBVmbp0z1Suj/D+8qQp3ApGVJWZefflB/Y7KFKjms06ZPtp?= =?us-ascii?Q?lR4piA3XVBIMzHOI2+20++yXhfam++hhhm6h2ZlAttlcOdFvqZviwWhKbZX/?= =?us-ascii?Q?czXaASNkTLyQUx/RL0rN7wVZ6+47OXJAOwqp+FaJsX53cILN19lMM9uUclyz?= =?us-ascii?Q?tTAkSSSBFDelP9Nc7DiSqFIsnSj2khd2s3XjD3zi3OkBuLe7WI98JsD8TWo3?= =?us-ascii?Q?x8ZUzqWVZKtXx3/h3XvBk+VZI7m3KVVVp+1mS2PGEPjYOYrRF7aaT9mjzkWR?= =?us-ascii?Q?zSubNFi4ru1FJQ8RzKK8uEO5lZtFxfjAGi70GtDr/STNl/NyzZd4srkUV8gL?= =?us-ascii?Q?hV8bLquZCdj/h9Hu720Hwt69M5PBvrfqp0MDV8GbkDUeLSs2hstG4zEG0qfR?= =?us-ascii?Q?ISOgpIa/LT1hCs8OhEcOXtWX+2EhcdiwQC/i4jKhhD3laXtYa/s4oQQVOgFK?= =?us-ascii?Q?G1FQOZNvp0DAKiiqv793h166myilmu5zfbAUZ0QsanEQDDfFYJgKhpqjdZrz?= =?us-ascii?Q?58p2QwzDV5YnRAQIdwc/weD8A2XpmRIkwqOWfyYSuSgIfTFRxns1yNM786Ml?= =?us-ascii?Q?1wkMCwkpyOf4JmIG0SliqhY58orGFhXtYobgK9t3UIT0fBQGbkUml3677fQD?= =?us-ascii?Q?l8FsDC9NS5H+HV51St/2v6kERBcg5Ns4I65BH97rN+sROk6+5IAsnekmKJmk?= =?us-ascii?Q?uU72EWy8IjBvWm6/rMKYxb8XSsCSyMha8TTj3J/L?= Content-Type: multipart/alternative; boundary="_000_B7DB34B6FD7C4A978CB622635ED88B35oraclecom_" MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: +pCc/QB/hSFffBy3Hg2PDW4RtGAaPltKxpalpj6GtGzQxv1QjlpvKXFTH91Avb01SyalPaWfRkUzbOh/dfLcMH5Vpqbm/xNrB1jZlNwtfytQ6ZgRvKyMICtiZbQnofPeVu76IVjeU2vm6fFMp35Baz08vgy/LtKTsdJoo5L2HKpEv7cUd5ksZskU3KlrojeRTAqcsQ7xF4KwVDeVjiz+7cIUdLpo4x898pTZbUmAt5PSUSaJM+q/JfIrc8H5Nf/vDoxnI7R41jH439wCo0sl6LcKBlecVfez91lUlpxi+UriSRTq2aqUxjTJQBQIa8ucKgay7HcIkFrrBb7uCv4/NYd61kbsXGzvIP17JfeqQXZJGyuVT8i4qKmKsOzz5Uo0Iui39tx/m5oPXMNmutrhIAmpR2IR63WSaKr252+rbsk3LrH3VxP0cbm7a6JHAYMy0pLPiFpJRj60iosL2XoVqLIlJa/n7AK9ohktpoj2sU86+/CDVhVm34l98ee2VY+lQzkVKuCIa13fXX6ROmQHwyKV1g/YTB4scwJBLWnwP3chG3qeDwDJQHwT0Y6OWf6v1ujM4PRjrsIR9xquynvoYfd6+L5e2JN4R1u/l20FX2Y= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY8PR10MB6538.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c6dc0680-c437-46c5-36bb-08dc44fc4605 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2024 14:29:07.6367 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NGV1Q4C7s89bifz9BkBlYLncmTty7gu4GNfLER4AtH681DmJDo1EXH8ACX6rraGUFhQ6c/nQzXl4HXM1T99RRQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR10MB5910 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-15_02,2024-03-13_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 bulkscore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2403150117 X-Proofpoint-GUID: Wg3VkUvBdLFPMnO6k3sfOCBDCeFwpYuk X-Proofpoint-ORIG-GUID: Wg3VkUvBdLFPMnO6k3sfOCBDCeFwpYuk X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --_000_B7DB34B6FD7C4A978CB622635ED88B35oraclecom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Mar 13, 2024, at 15:19, Qing Zhao wrote: On Mar 11, 2024, at 13:15, Siddhesh Poyarekar wrote: On 2024-02-16 14:47, Qing Zhao wrote: gcc/c-family/ChangeLog: * c-ubsan.cc (get_bound_from_access_with_size): New function. (ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE. gcc/testsuite/ChangeLog: * gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test. * gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test. * gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test. --- gcc/c-family/c-ubsan.cc | 42 +++++++++++++++++ .../ubsan/flex-array-counted-by-bounds-2.c | 45 ++++++++++++++++++ .../ubsan/flex-array-counted-by-bounds-3.c | 34 ++++++++++++++ .../ubsan/flex-array-counted-by-bounds.c | 46 +++++++++++++++++++ 4 files changed, 167 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds= -2.c create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds= -3.c create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds= .c diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc index 940982819ddf..164b29845b3a 100644 --- a/gcc/c-family/c-ubsan.cc +++ b/gcc/c-family/c-ubsan.cc @@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc) return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, da= ta)); } +/* Get the tree that represented the number of counted_by, i.e, the maxim= um + number of the elements of the object that the call to .ACCESS_WITH_SIZE + points to, this number will be the bound of the corresponding array. */ +static tree +get_bound_from_access_with_size (tree call) +{ + if (!is_access_with_size_p (call)) + return NULL_TREE; + + tree ref_to_size =3D CALL_EXPR_ARG (call, 1); + unsigned int type_of_size =3D TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2)); Again for consistency, this should probably be class_of_size. Okay, I will update this consistently with the change relate to the 3rd arg= ument. + tree type =3D TREE_TYPE (CALL_EXPR_ARG (call, 3)); + tree size =3D fold_build2 (MEM_REF, type, unshare_expr (ref_to_size), + build_int_cst (ptr_type_node, 0)); + /* If size is negative value, treat it as zero. */ + if (!TYPE_UNSIGNED (type)) + { + tree cond =3D fold_build2 (LT_EXPR, boolean_type_node, + unshare_expr (size), build_zero_cst (type)); + size =3D fold_build3 (COND_EXPR, type, cond, + build_zero_cst (type), size); + } + + /* Only when type_of_size is 1,i.e, the number of the elements of + the object type, return the size. */ + if (type_of_size !=3D 1) + return NULL_TREE; + else + size =3D fold_convert (sizetype, size); + + return size; +} + + /* Instrument array bounds for ARRAY_REFs. We create special builtin, that gets expanded in the sanopt pass, and make an array dimension of it. ARRAY is the array, *INDEX is an index to the array. @@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, t= ree *index, && COMPLETE_TYPE_P (type) && integer_zerop (TYPE_SIZE (type))) bound =3D build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1); + else if (INDIRECT_REF_P (array) + && is_access_with_size_p ((TREE_OPERAND (array, 0)))) + { + bound =3D get_bound_from_access_with_size ((TREE_OPERAND (array, 0))); + bound =3D fold_build2 (MINUS_EXPR, TREE_TYPE (bound), + bound, + build_int_cst (TREE_TYPE (bound), 1)); + } This will wrap if bound =3D=3D 0, maybe that needs to be special-cased. An= d maybe also add a test for it below. Will check on this to see whether a new testing is needed. Checked, the current code can handle the case when bound=3D=3D0 correctly. I just add a new testing case for this. thanks. Qing Thanks a lot for the review. Qing else return NULL_TREE; } diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c b/= gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c new file mode 100644 index 000000000000..148934975ee5 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c @@ -0,0 +1,45 @@ +/* test the attribute counted_by and its usage in + bounds sanitizer combined with VLA. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=3Dbounds" } */ +/* { dg-output "index 11 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\= \\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int \\\[\\\*\\\]= \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int \\\[\\\*\\\]= \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[\\\*\\\]= '\[^\n\r]*(\n|\r\n|\r)" } */ + + +#include + +void __attribute__((__noinline__)) setup_and_test_vla (int n, int m) +{ + struct foo { + int n; + int p[][n] __attribute__((counted_by(n))); + } *f; + + f =3D (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n])); + f->n =3D m; + f->p[m][n-1]=3D1; + return; +} + +void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, i= nt m) +{ + struct foo { + int n; + int p[][n2][n1] __attribute__((counted_by(n))); + } *f; + + f =3D (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n2][n1])); + f->n =3D m; + f->p[m][n2][n1]=3D1; + return; +} + +int main(int argc, char *argv[]) +{ + setup_and_test_vla (10, 11); + setup_and_test_vla_1 (10, 11, 20); + return 0; +} + diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c b/= gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c new file mode 100644 index 000000000000..33bdea1c430b --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c @@ -0,0 +1,34 @@ +/* test the attribute counted_by and its usage in bounds + sanitizer. when counted_by field is negative value. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=3Dbounds" } */ + +#include + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +void __attribute__((__noinline__)) setup (int annotated_count) +{ + array_annotated + =3D (struct annotated *)malloc (sizeof (struct annotated)); + array_annotated->b =3D annotated_count; + + return; +} + +void __attribute__((__noinline__)) test (int annotated_index) +{ + array_annotated->c[annotated_index] =3D 2; +} + +int main(int argc, char *argv[]) +{ + setup (-3); + test (2); + return 0; +} + +/* { dg-output "24:21: runtime error: index 2 out of bounds for type" } */ diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c b/gc= c/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c new file mode 100644 index 000000000000..81eaeb3f2681 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c @@ -0,0 +1,46 @@ +/* test the attribute counted_by and its usage in + bounds sanitizer. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=3Dbounds" } */ + +#include + +struct flex { + int b; + int c[]; +} *array_flex; + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +void __attribute__((__noinline__)) setup (int normal_count, int annotated_= count) +{ + array_flex + =3D (struct flex *)malloc (sizeof (struct flex) + + normal_count * sizeof (int)); + array_flex->b =3D normal_count; + + array_annotated + =3D (struct annotated *)malloc (sizeof (struct annotated) + + annotated_count * sizeof (int)); + array_annotated->b =3D annotated_count; + + return; +} + +void __attribute__((__noinline__)) test (int normal_index, int annotated_i= ndex) +{ + array_flex->c[normal_index] =3D 1; + array_annotated->c[annotated_index] =3D 2; +} + +int main(int argc, char *argv[]) +{ + setup (10, 10); + test (10, 10); + return 0; +} + +/* { dg-output "36:21: runtime error: index 10 out of bounds for type" } */ --_000_B7DB34B6FD7C4A978CB622635ED88B35oraclecom_--