Re: [patch][version 6] add -ftrivial-auto-var-init and variable attribute "uninitialized" to gcc

[Richard Biener <rguenther@suse.de>]

On August 9, 2021 6:38:21 PM GMT+02:00, Qing Zhao <qing.zhao@oracle.com> wrote:
>Hi, Richard,
>
>Thanks a lot for you review.
>
>Although these comments are not made on the latest patch (7th version) :-), all the comments are valid since the parts you commented
>are not changed in the 7th version.

I actually reviewed the 7th patch, just appearantly picked the wrong mail to reply to... 

>
>> On Aug 9, 2021, at 9:09 AM, Richard Biener <rguenther@suse.de> wrote:
>> 
>> On Tue, 27 Jul 2021, Qing Zhao wrote:
>> 
>>> Hi,
>>> 
>>> This is the 6th version of the patch for the new security feature for GCC.
>>> 
>>> I have tested it with bootstrap on both x86 and aarch64, regression testing on both x86 and aarch64.
>>> Also compile CPU2017 (running is ongoing), without any issue. (With the fix to bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101586).
>>> 
>>> Please take a look and let me know any issue.
>> 
>> +/* Handle an "uninitialized" attribute; arguments as in
>> +   struct attribute_spec.handler.  */
>> +
>> +static tree
>> +handle_uninitialized_attribute (tree *node, tree name, tree ARG_UNUSED 
>> (args),
>> +                               int ARG_UNUSED (flags), bool 
>> *no_add_attrs)
>> +{
>> +  if (!VAR_P (*node))
>> +    {
>> +      warning (OPT_Wattributes, "%qE attribute ignored", name);
>> +      *no_add_attrs = true;
>> +    }
>> 
>> you are documenting this attribute for automatic variables but
>> here you allow placement on globals as well (not sure if at this
>> point TREE_STATIC / DECL_EXTERNAL are set correctly).
>
>Right, I should warn when the attribute is placed for globals or static variables. 
>I will try TREE_STATIC/DECL_EXTERNAL to see whether it’s work or not.
>
>> 
>> +  /* for languages that do not support BUILT_IN_CLEAR_PADDING, create the
>> +     function node for padding initialization.  */
>> +  if (!fn)
>> +    {
>> +      tree ftype = build_function_type_list (void_type_node,
>> +                                            ptr_type_node,
>> 
>> the "appropriate" place to do this would be 
>> tree.c:build_common_builtin_nodes
>
>Sure, will move the creation of  function node of BUILT_IN_CLEAR_PADDING for Fortran etc. to tree.c:build_common_builtin_nodes.
>
>> 
>> You seem to marshall the is_vla argument as for_auto_init when
>> expanding/folding the builtin and there it's used to suppress
>> diagnostics (and make covered pieces not initialized?).
>
>Yes, I added an extra argument “for_auto_init” for “BUILT_IN_CLEAR_PADDING”, this argument is added to suppress errors emitted during folding
>BUILT_IN_CLEAR_PADDING for flexible array member . Such errors should Not be emitted when “BUILT_IN_CLEAR_PADDING” is called with compiler automatic initialization.
>Please see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101586, comment #6 from Jakub Jelinek.
>
>>  I suggest
>> to re-name is_vla/for_auto_init to something more descriptive.
>
>Okay, I will. 
>> 
>> +   gimple_fold_builtin_clear_padding. If FOR_AUTO_INIT,
>> +   not emit some of the error messages since doing that
>> +   might confuse the end user.  */
>> 
>> doesn't explain to me whether errors still might be raised or
>> what the actual behavior is.
>
>Okay, will make this more clear in the comments.
>
>> 
>> +static gimple *
>> +build_deferred_init (tree decl,
>> +                    enum auto_init_type init_type,
>> +                    bool is_vla)
>> +{
>> +  gcc_assert ((is_vla && TREE_CODE (decl) == WITH_SIZE_EXPR)
>> +             || (!is_vla && TREE_CODE (decl) != WITH_SIZE_EXPR));
>> 
>> so the is_vla parameter looks redundant (and the assert dangerous?).
>> Either the caller knows it deals with a VLA, then that should be
>> passed through - constant sizes can also later appear during
>> optimization after all - or is_vla should be determined here
>> based on whether the size at gimplification time is constant.
>
>The routine “build_deferred_init” is ONLY called during gimplification phase by the routine “gimple_add_init_for_auto_var", at this place,
>Is_vla should be determined by the caller to check the size of the DECL. If it’s a vla, the “maybe_with_size_expr” will be applied for
>DECL to make it to a WITH_SIZE_EXPR.  So, the assertion is purely to make sure this at gimplification phase.
>
>Yes, the size of the VLA decl might become a constant later due to constant propagation, etc.  but during the gimplification phase, the assertion should be true.
>> 
>> +         /* If the user requests to initialize automatic variables, we
>> +            should initialize paddings inside the variable. Add a call to
>> +            __BUILTIN_CLEAR_PADDING (&object, 0, for_auto_init = true) to
>> +            initialize paddings of object always to zero regardless of
>> +            INIT_TYPE.  */
>> +         if (opt_for_fn (current_function_decl, flag_auto_var_init)
>> +               > AUTO_INIT_UNINITIALIZED
>> +             && VAR_P (object)
>> +             && !DECL_EXTERNAL (object)
>> +             && !TREE_STATIC (object))
>> +           gimple_add_padding_init_for_auto_var (object, false, pre_p);
>> +         return ret;
>> 
>> I think you want to use either auto_var_p (object) or
>> auto_var_in_fn_p (object, current_function_decl).  Don't you also
>> want to check for the 'uninitialized' attribute here?  I suggest
>> to abstract the check on whether 'object' should be subject
>> to autoinit to a helper function.
>
>Thanks for the suggestion, I will do this.
>
>
>> 
>> There's another path above this calling gimplify_init_constructor
>> for the case of
>> 
>> const struct S x = { ... };
>> struct S y = x;
>> 
>> where it will try to init 'y' from the CTOR directly, it seems you
>> do not cover this case.
>
>Yes, you are right, this case was not covered right now, and this should be covered.
>
>Looks like that I need to move the “gimple_add_padding_init_for_auto_var” inside the routine “gimplify_init_constructor” to
>Cover all the cases. 
>
>>  I also think that the above place applies
>> to all aggregate assignment statements, not only to INIT_EXPRs?
>
>> So don't you want to restrict clear-padding emit here?
>
>You are right, I might need to restrict it Only to INIT_EXPR. 
>Will update.
>
>> 
>> +static void
>> +expand_DEFERRED_INIT (internal_fn, gcall *stmt)
>> +{
>> +  tree var = gimple_call_lhs (stmt);
>> +  tree size_of_var = gimple_call_arg (stmt, 0);
>> +  tree vlaaddr = NULL_TREE;
>> +  tree var_type = TREE_TYPE (var);
>> +  bool is_vla = (bool) TREE_INT_CST_LOW (gimple_call_arg (stmt, 2));
>> +  enum auto_init_type init_type
>> +    = (enum auto_init_type) TREE_INT_CST_LOW (gimple_call_arg (stmt, 1));
>> +
>> +  gcc_assert (init_type > AUTO_INIT_UNINITIALIZED);
>> +
>> +  /* if this variable is a VLA, get its SIZE and ADDR first.  */
>> +  if (is_vla)
>> +    {
>> +      /* The temporary address variable for this vla should have been
>> +        created during gimplification phase.  Refer to gimplify_vla_decl
>> +        for details.  */
>> +      tree var_decl = (TREE_CODE (var) == SSA_NAME) ?
>> +                      SSA_NAME_VAR (var) : var;
>> +      gcc_assert (DECL_HAS_VALUE_EXPR_P (var_decl));
>> +      gcc_assert (TREE_CODE (DECL_VALUE_EXPR (var_decl)) == 
>> INDIRECT_REF);
>> +      /* Get the address of this vla variable.  */
>> +      vlaaddr = TREE_OPERAND (DECL_VALUE_EXPR (var_decl), 0);
>> 
>> err - isn't the address of the decl represented by the LHS 
>> regardless whether this is a VLA or not?
>
>The LHS of the call to .DEFERRED_INIT is the DECL itself whatever it’s a VLA or not. 
>
>In order to create a memset call, we need the Address of this DECL as the first argument. 
>If the DECL is not a VLA, we just simply apply “build_fold_addr_expr” on this DECL to get its address,
>However, for VLA, during gimplification phase “gimplify_vla_decl”, we have already created a temporary
>address variable for this DECL, and recorded this address variable with “DECL_VALUE_EXPR(DECL), 
>We should use this already created address variable  for VLAs. 
>
>
>>  Looking at DECL_VALUE_EXPR
>> looks quite fragile since that's not sth data dependence honors.
>> It looks you only partly gimplify the build init here?  All
>> DECL_VALUE_EXPRs should have been resolved.
>
>Don’t quite understand here. you mean that all the “DECL_VALUE_EXPRs” have been resolved at the phase RTL expansion,
>So I cannot use this to get the address variable of the VLA?
>
>(However, my unit testing cases for VLAs are all looks fine).
>
>> 
>> +  if (is_vla || (!use_register_for_decl (var)))
>> ...
>> +  else
>> +    {
>> +    /* If this variable is in a register, use expand_assignment might
>> +       generate better code.  */
>> 
>> you compute the patter initializer even when not needing it,
>> that's wasteful.
>
>Okay, I will restrict the pattern initializer computation when really needed. 
>
>>  It's also quite ugly, IMHO you should
>> use can_native_interpret_type_p (var_type) and native_interpret
>> a char [] array initialized to the pattern and if
>> !can_native_interpret_type_p () go the memset route.
>
>Thanks for the suggestion. 
>
>Will try this. 
>
>> 
>> +  /* We will not verify the arguments for the calls to .DEFERRED_INIT.
>> +     Such call is not a real call, just a placeholder for a later
>> +     initialization during expand phase.
>> +     This is mainly to avoid assertion failure for the following
>> +     case:
>> +
>> +     uni_var = .DEFERRED_INIT (var_size, INIT_TYPE, is_vla);
>> +     foo (&uni_var);
>> +
>> +     in the above, the uninitialized auto variable "uni_var" is
>> +     addressable, therefore should not be in registers, resulting
>> +     the assertion failure in the following argument verification.  */
>> +  if (gimple_call_internal_p (stmt, IFN_DEFERRED_INIT))
>> +    return false;
>> +
>>   /* ???  The C frontend passes unpromoted arguments in case it
>>      didn't see a function declaration before the call.  So for now
>>      leave the call arguments mostly unverified.  Once we gimplify
>>      unit-at-a-time we have a chance to fix this.  */
>> 
>> -  for (i = 0; i < gimple_call_num_args (stmt); ++i)
>> 
>> isn't that from the time there was a decl argument to .DEFERRED_INIT?
>
>You mean this issue is only there when the decl is the first argument (the old design for .DEFERRED_INIT).
>With the new design, this issue is not there anymore?
>
>> 
>> +  if (gimple_call_internal_p (stmt, IFN_DEFERRED_INIT))
>> +    {
>> +      tree size_of_arg0 = gimple_call_arg (stmt, 0);
>> +      tree size_of_lhs = TYPE_SIZE_UNIT (TREE_TYPE (lhs));
>> +      tree is_vla_node = gimple_call_arg (stmt, 2);
>> +      bool is_vla = (bool) TREE_INT_CST_LOW (is_vla_node);
>> +
>> +      if (TREE_CODE (lhs) == SSA_NAME)
>> +       lhs = SSA_NAME_VAR (lhs);
>> +
>> 
>> 'lhs' is not looked at after this, no need to look at SSA_NAME_VAR.
>
>Okay, will update this.
>
>> 
>> 
>> Thanks and sorry for the delay in reviewing this (again).
>
>Thanks again for your detailed review and suggestions.
>
>I will update the patch accordingly and send the updated patch soon.
>
>Qing
>> 
>> Richard.
>> 
>> 
>>> Thanks
>>> 
>