[all-commits] [llvm/llvm-project] 769bc1: [Clang] Implement the 'counted_by' attribute (#68750)
Bill Wendling via All-commits
all-commits at lists.llvm.org
Sat Oct 14 04:18:16 PDT 2023
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 769bc11f684d376bff03649da41296a4fc710161
https://github.com/llvm/llvm-project/commit/769bc11f684d376bff03649da41296a4fc710161
Author: Bill Wendling <5993918+bwendling at users.noreply.github.com>
Date: 2023-10-14 (Sat, 14 Oct 2023)
Changed paths:
M clang/docs/ReleaseNotes.rst
M clang/include/clang/AST/Decl.h
M clang/include/clang/AST/DeclBase.h
M clang/include/clang/Basic/Attr.td
M clang/include/clang/Basic/AttrDocs.td
M clang/include/clang/Basic/DiagnosticSemaKinds.td
M clang/include/clang/Sema/Sema.h
M clang/include/clang/Sema/TypoCorrection.h
M clang/lib/AST/ASTImporter.cpp
M clang/lib/AST/DeclBase.cpp
M clang/lib/AST/Expr.cpp
M clang/lib/CodeGen/CGBuiltin.cpp
M clang/lib/CodeGen/CGExpr.cpp
M clang/lib/CodeGen/CodeGenFunction.h
M clang/lib/Sema/SemaDecl.cpp
M clang/lib/Sema/SemaDeclAttr.cpp
M clang/lib/Sema/SemaExpr.cpp
A clang/test/CodeGen/attr-counted-by.c
M clang/test/CodeGen/bounds-checking.c
M clang/test/Misc/pragma-attribute-supported-attributes-list.test
A clang/test/Sema/attr-counted-by.c
Log Message:
-----------
[Clang] Implement the 'counted_by' attribute (#68750)
The 'counted_by' attribute is used on flexible array members. The
argument for the attribute is the name of the field member in the same
structure holding the count of elements in the flexible array. This
information can be used to improve the results of the array bound
sanitizer and the '__builtin_dynamic_object_size' builtin.
This example specifies the that the flexible array member 'array' has
the number of elements allocated for it in 'count':
struct bar;
struct foo {
size_t count;
/* ... */
struct bar *array[] __attribute__((counted_by(count)));
};
This establishes a relationship between 'array' and 'count',
specifically that 'p->array' must have *at least* 'p->count' number of
elements available. It's the user's responsibility to ensure that this
relationship is maintained through changes to the structure.
In the following, the allocated array erroneously has fewer elements
than what's specified by 'p->count'. This would result in an
out-of-bounds access not not being detected:
struct foo *p;
void foo_alloc(size_t count) {
p = malloc(MAX(sizeof(struct foo),
offsetof(struct foo, array[0]) + count *
sizeof(struct bar *)));
p->count = count + 42;
}
The next example updates 'p->count', breaking the relationship
requirement that 'p->array' must have at least 'p->count' number of
elements available:
struct foo *p;
void foo_alloc(size_t count) {
p = malloc(MAX(sizeof(struct foo),
offsetof(struct foo, array[0]) + count *
sizeof(struct bar *)));
p->count = count + 42;
}
void use_foo(int index) {
p->count += 42;
p->array[index] = 0; /* The sanitizer cannot properly check this access */
}
Reviewed By: nickdesaulniers, aaron.ballman
Differential Revision: https://reviews.llvm.org/D148381
More information about the All-commits
mailing list