[PATCH] D134902: [clang] Implement -fstrict-flex-arrays=3
Kees Cook via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Oct 10 22:52:37 PDT 2022
kees added a comment.
In D134902#3848246 <https://reviews.llvm.org/D134902#3848246>, @void wrote:
> @rsmith, @serge-sans-paille, and @kees, I need some advice. There's a test in `clang/test/CodeGen/bounds-checking.c` that's checking bounds stuff on unions. The behavior is...weird to me. It says that an array of 0 or 1 is a FAM, but one larger is not (see below).
Note that `union` vs `struct` shouldt't matter. A union is just a struct where all members are "trailing". ;)
`f5` looks like a broken test that didn't realize that N-sized trailing arrays are considered fake FAMs. This would explain some of the unexpected behavior I've seen with -fsanitize=bounds under Clang vs GCC:
https://godbolt.org/z/5v3evhMqq
Here GCC (correctly) accepts all as fake FAMs.
Note that GCC has an option `-fsanitize=strict-bounds` that changes the behavior to treating `[N]` and `[1]` as fixed size, but _not_ `[0]`. The plan is for GCC to make this an alias of `-fstrict-flex-arrays=2`, and then have UBSAN Bounds correctly tied to the `-fstrict-flex-arrays` level.
> That seems counter to how structs are handled. If this is true, then the check in `clang/lib/AST/Expr.cpp` also needs to be updated...
I would expect diagnostics, `__builtin_object_size()`, `__builtin_dynamic_object_size()`, and `-fsanitize=bounds` to all agree on the definition of fake FAMs, which is all controlled by `-fstrict-flex-arrays` level.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D134902/new/
https://reviews.llvm.org/D134902
More information about the cfe-commits
mailing list