[clang] [CodeGen] Revamp counted_by calculations (PR #70606)

via cfe-commits cfe-commits at lists.llvm.org
Tue Oct 31 15:19:59 PDT 2023 

================
@@ -859,53 +859,60 @@ CodeGenFunction::emitBuiltinObjectSize(const Expr *E, unsigned Type,
   }
 
   if (IsDynamic) {
-    LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =
-        getLangOpts().getStrictFlexArraysLevel();
-    const Expr *Base = E->IgnoreParenImpCasts();
-
-    if (FieldDecl *FD = FindCountedByField(Base, StrictFlexArraysLevel)) {
-      const auto *ME = dyn_cast<MemberExpr>(Base);
-      llvm::Value *ObjectSize = nullptr;
-
-      if (!ME) {
-        const auto *DRE = dyn_cast<DeclRefExpr>(Base);
-        ValueDecl *VD = nullptr;
-
-        ObjectSize = ConstantInt::get(
-            ResType,
-            getContext().getTypeSize(DRE->getType()->getPointeeType()) / 8,
-            true);
-
-        if (auto *RD = DRE->getType()->getPointeeType()->getAsRecordDecl())
-          VD = RD->getLastField();
-
-        Expr *ICE = ImplicitCastExpr::Create(
-            getContext(), DRE->getType(), CK_LValueToRValue,
-            const_cast<Expr *>(cast<Expr>(DRE)), nullptr, VK_PRValue,
-            FPOptionsOverride());
-        ME = MemberExpr::CreateImplicit(getContext(), ICE, true, VD,
-                                        VD->getType(), VK_LValue, OK_Ordinary);
-      }
-
-      // At this point, we know that \p ME is a flexible array member.
-      const auto *ArrayTy = getContext().getAsArrayType(ME->getType());
+    // The code generated here calculates the size of a struct with a flexible
+    // array member that uses the counted_by attribute. There are two instances
+    // we handle:
+    //
+    //       struct s {
+    //         unsigned long flags;
+    //         int count;
+    //         int array[] __attribute__((counted_by(count)));
+    //       }
+    //
+    //   1) bdos of the flexible array itself:
+    //
+    //     __builtin_dynamic_object_size(p->array, 1) ==
+    //         p->count * sizeof(*p->array)
+    //
+    //   2) bdos of the whole struct, including the flexible array:
+    //
+    //     __builtin_dynamic_object_size(p, 1) ==
+    //        sizeof(*p) + p->count * sizeof(*p->array)
----------------
apple-fcloutier wrote:

I’ve seen `sizeof(*p) + p->count * sizeof(*p->array)` often as the argument to `malloc`, which isn’t terribly problematic because it over-allocates a little bit in the worst case. However, it _would_ be a bug to use it for virtually anything else, such as the size of `memcpy` or `memset`, because it will cause an out-of-bounds access if the object hasn’t been allocated with `malloc`. Both clang and gcc allow structs with flexible array members to be allocated with static storage duration. See this ASAN failure: https://godbolt.org/z/Gxbv379qE

As Yeoul said, the correct end address is calculated with `&fam->array[fam->count]`. Ahead of time, `offset` can be used to compute the required size of a structure with a given number of flexible elements: `offsetof(struct flex, .array[count])`.

https://github.com/llvm/llvm-project/pull/70606

More information about the cfe-commits mailing list