From patchwork Thu May 25 16:14:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qing Zhao X-Patchwork-Id: 70093 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 481513856965 for ; Thu, 25 May 2023 16:16:49 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 481513856965 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1685031409; bh=uCnHZfvrvdofJjCFk8fgoSX3Nw+arEg/rNJy0kKZj54=; h=To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=napXkE9XymxBw2U2oqGiSL3VLd7ohqlFR+m/QCLIhxgPz3rlapkUl9UBuoFUw1lJj iLlRS73kE59pp0OMC6HffJNwRkbE5Y8oyM0N2xa2BMFfgG6k1dyRO3eerVgN/UTTGI /tyXHNNJZbpZGZcaB3fQOcVsVZaGHZRJK1LNr+74= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by sourceware.org (Postfix) with ESMTPS id 8313A3857437 for ; Thu, 25 May 2023 16:15:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8313A3857437 Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34PGEnD7031888; Thu, 25 May 2023 16:15:15 GMT Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3qtb0y804u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 May 2023 16:15:14 +0000 Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 34PFPSQx016200; Thu, 25 May 2023 16:15:14 GMT Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2174.outbound.protection.outlook.com [104.47.56.174]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3qqk6nccsk-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 May 2023 16:15:14 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lKjONG3D0onxklzte+Clrtac4i1O32ZZlkL0n9EBnSj2OxNRm64+G88reng7Kz65eksecTd4/waDrlk3udObXv8GJMQGYBQPcW2zc4OhM2HW3aTVveX+AAT45bwvI+skpnLyQ/NV8zvNjaeH108xUyqwsoeUvkjVimChc5zPDdQRr2WhH6RqnHT3dyD6jSOZMjXsVwbjEF5RJxF/eZRdsavfH8SxvkKoMUOVGBIuM/oixjgS9Em8359S1bv8b72CVFHzqdd+15DyAZCQXhMQKRSptts4iE1G82wTtkNqRrRrg4mSeD2E8pcoD7/jBn3nNwi6cSee4wgvTCpdY9O3ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uCnHZfvrvdofJjCFk8fgoSX3Nw+arEg/rNJy0kKZj54=; b=VgzgPoMhb4BXPgwncWHUXD4S/zoqw/tE4omdaaupTCKTvq2sscIhF7KsdZTinBVK1LxOrhVsxydkQTs5BVsOcEaExMmkF7e3tkOe6Ny6wagcw/2rClSOOgwegOLJunEFFF1ReMaS88oRJdaOnzc1Wlrpk//E5QYbFioyxB0nKh4wDOKYTABdiAFMmj0YvfOEzmJKLI7KGQYC0+St/GWeWQB8sGmnlW/NWn//bkH1kPK+vpsB9eibnESa2L/f3bmTNlaPSIeyeMXhL0xIzFyjopR9wnu396YKtGSp1XlbLZi4grfBqk1afOLCNo58hofjx9eH6Twme2PzXG0zbGpCWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none Received: from CH2PR10MB4344.namprd10.prod.outlook.com (2603:10b6:610:af::19) by BLAPR10MB5041.namprd10.prod.outlook.com (2603:10b6:208:30e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15; Thu, 25 May 2023 16:15:12 +0000 Received: from CH2PR10MB4344.namprd10.prod.outlook.com ([fe80::7aa1:df38:105a:21fa]) by CH2PR10MB4344.namprd10.prod.outlook.com ([fe80::7aa1:df38:105a:21fa%7]) with mapi id 15.20.6411.028; Thu, 25 May 2023 16:15:12 +0000 To: joseph@codesourcery.com, richard.guenther@gmail.com, jakub@redhat.com, gcc-patches@gcc.gnu.org Cc: keescook@chromium.org, siddhesh@gotplt.org, uecker@tugraz.at, isanbard@gmail.com, Qing Zhao Subject: [V1][PATCH 3/3] Use the element_count attribute information in bound sanitizer[PR108896] Date: Thu, 25 May 2023 16:14:50 +0000 Message-Id: <20230525161450.3704901-4-qing.zhao@oracle.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20230525161450.3704901-1-qing.zhao@oracle.com> References: <20230525161450.3704901-1-qing.zhao@oracle.com> X-ClientProxiedBy: SA0PR11CA0088.namprd11.prod.outlook.com (2603:10b6:806:d2::33) To CH2PR10MB4344.namprd10.prod.outlook.com (2603:10b6:610:af::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PR10MB4344:EE_|BLAPR10MB5041:EE_ X-MS-Office365-Filtering-Correlation-Id: 264aec1f-68bf-4fd8-4f30-08db5d3b379c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iGdSgMAv5H5Pxu2dwzpzrFbmpq+DE+9S5seU64UnQ3jIZ312ervf7jOoiyUz0bk5btlfmPQn/oPltdLtt2Qw3RUT6pL6ndfJ4xIE2hF/D+JWuGMl2m1Hp5CZh6L47yuFnvzyXNtbR5GSUYxelBZKtXp8jsj23p8AdMqVp5+zlxucm1r8MxmoX43sw/ZxnAN+WtYVmeeM7ed3DHxux9qkAP1lvD1nhJx1Vr2Py7OovN5BPjolJbOYC8MHZ866vFWegD4SqhPnSPU9q8DtHftoYUawjWL+KQGx0AQjHAO6dnINwK4hkC1nKQ4HDigBda/+hptHvsh/ItYLxXqGbLRAUc/SxkkEYzBgrfyn6UTmfHH7ABFMvNPPf+vYx0algaNc9htBhttPGUIbyvjUvL09VkAUjXJGjeTjeFfADJ+aY1xi2bivk+hY0QizRR2rTm9YuhoiNjb+52FodggamKkZMMgt9V33M21Sd7kyj+UWpFchmYuurjg9SJ8l16epb5LMjet/e3V1YwETqObBviNaN0gRkbMwivNWXUn9G6ZNMcI= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR10MB4344.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(346002)(39860400002)(366004)(396003)(376002)(136003)(451199021)(2906002)(86362001)(186003)(2616005)(38100700002)(8936002)(36756003)(5660300002)(8676002)(316002)(44832011)(41300700001)(6506007)(107886003)(26005)(6512007)(6666004)(1076003)(4326008)(66476007)(66556008)(66946007)(478600001)(6486002)(84970400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VzICN2pDu1WOqufDq8d81JS/EO0XDFSu/wnpdt0hbZ7YIZQMCJtkkwRYUikiP+IQUAtXQFj59DsuCrHoMYnrCDFTtS5jwohL7CsJfz9yd06800wjRdzBej8WDCNF5KPgiccQ5gnfNPUtF8Fe55wmqmT9/gF9D9hUWU+R20TbF+Xp/4gIpRBfFiW++IYc6Lk+jSZXloDo+oZPa4XkMGdvBzN+3xL8vceXQt0e6DdFlvgQjZKuMhZT8ij6/l0YlRnA+Nl+c9qC1BqoSlxbtxCKFyuig/DWUCCmaTADczn4YGVG148XS8H3V5AZ5dFlpw69JtBiCrAYQ5URKUctCUAMkjYNVyfI3uW1i6J7CGJ5cEvIZYVUj06Z3L7TXakvvsuOe/Wf6kr2OM32Rtbc1xXNf9w6FlHim92WW8zWNG+kOgYkgcxmI8LKbJlQnHcLzi9RmG4HgocLb2FWAC01bkMwC651S0QJq8NpQ2uPW8aaSkQIR+OUWfRbmUj9SZMgEv5L5WB28Y/SwIGsJbfL96y3TgwYlP68Yb6QHY90Bf8T4Kggob7ztLvc+W3/c55fmitu/cY/0wMY5QDiAp/03QVDOB8J26PPjnszbPnFKbVqpNAnce5wn3bZZJWZXsZa0ZaWxKppyKO7lCLUB9f2LTMeVbVlPStdB0CwzNcQAHxDXwN4tsjyuOdHxmeys27lMxFfQ1b0lVWepAFVJYLSGSGAddensURchUP4IUb3nhD/Pt3sVivlqG+d6DZdJ+y2ORkNFsqd7MZVGu2snPryMTNMm9VOI/xQMoTN5wvebtO4dZOHF5v4xpI1ronN1mqecfxZSaZIVS59oQr1FVij6I336DjDDcRVuWVMm/9q7CO1b8p7xmD9r8h6p5DPGG2Sf1HdY6+njhQVylCdWX07U3/xZPCOkpEJFs6c3TCkAxjz75aI4ytQnc6XivDy4Dq5I7Lp6gFWYv2rpIuPGTnLcDSX7nQB/TiX7H9a3Tvz3rHqVGsa94UF6GlNdHIO76QGvAFCm4RcxEaBCnyDGCTQfMNEhO4x3MI1wplLD48Gw79noN3cy5CJViC6B5pXeu+ZxWYWAiKNXVyKwpQXdxWYD5WHh5AcYq/eXoz48yT4+qCfG1xqyZQ8w69t9Gj1jIQoqSWY+ftqe3s3YcfkDjFC8en5EMmrylcemZQmmD/T8dNLt5UEfsSKr/5fnNkCzTDv4O7yWQ/ZFgD2SKZyznYSYJelLG+SaHqrFk7Q0g8uo8nbl1ptzbZKOpQvI0t2rNiHpNuOxA9zpZW8LjkzrUnZTak+/TDzl8L0OyfJAiwDSUA2odYQOGaeMO6J6svRYDm3saS70abPyTe6ViqD3N47YonnPds+18f63IUCkpGX7ieQERxfjw3F4FUNVRQK7AzTbYnXYdXBfKfaGHYrMV3Y6ybSzIrTzjlqOINqgByY/DYKWI3Ni+gnAQjt4+ZZeDRc99tyIxFEfxf75SG76bcNsp6WsLeClTrD9veVaN+kzYLseW5KR4MIfvpMTEo4fvskI9RpevqggRbmhszYCf3Huzgw9OBFCtOWlH05PQxV3cn2aw85tOWNy0+f4mbp1uYFzORS X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: zY1iWA83BXTuYLNjhVeVOPMrv1DbcH+zw9cjqdazz7ddAAj3Nsd5vtUtiI1xJ6Y4Uc40I21HVlhuiUzwaWMGqeqwVzmhEfG1hcRmo+tiZVwXAOpIfRanY/+yVfKoCuu7fwDcPWI2hfLJnVOjifme95LKQgl78RPvwJYc3SAtw8JCyAdkwG6J9L+wlHufCApd2F1WFIwEd/21IfqcktV3V01O+8FUZ9OCckQtQeaaBAf7d9hmOq7OQVRTNDD3cmQ20twMSMvjyfDL73+Ltb9ExvIvshonS32tqNJN/asKBitsdhtgp8a7JMqQ6xNYm/iRkkloIN/W6C/Jelz6Y85D+aB0wnujafOjKC/zX9FskRcLVPFJcPZousg3ahhgjssc6hJTPds8x2VJPVbl5eLtfyJFUgXlKMx7HcFQVMajZWWmYe3OrusWJF1qQaZ0MtwFUKpKhDP4I/3JnJgLeVLSZDL3KVMjNzVBhy5p5SmYWju8FuYaO1Oz4M8UepVE3FeIq0HIr36i1y5hsOwGJfwShx79yhMfYEo7CfjCaaBthDgRksIQzeLkk8eyzfM4MmRLE148A9OR6K24tvao2uyUGuDFtHrlCvhs3KjEo2cDSbu++9xogRxZph4AWPsRtdug955oEO0DsNVaBptr2ltS3z8bGTEWcOZkytnZ65PZ0tZ8NilUd7WO7Yd0LN9tyDYEfXuCtxA6iNU7r3yX9lvO4Kuhj0ElkWymB+Yf4aDAPnaboAXyNqEud3xUTpgeQcJVZuFjZWAZk+iGCffNor/CjgphjAyFC23xJ7RrIUmsnxKPOFkoaNIu/dRq5bAYaMyMDHeK3NkKB03yJ1Rj0JCKzKXf3vHfbmN5ERowT54CT/WJVbwFesOlDqNwgCZsV6QtxFPUXbcDj4IDL+YS3/kqdLbLKxTKysgI/epGFVFZ4fdI7mD7PsURmhtVqnaA1hNW X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 264aec1f-68bf-4fd8-4f30-08db5d3b379c X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4344.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2023 16:15:12.2342 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pJTyjmqfwywiXwNnB43ukTbwCpzNCYJnwt/ZpVt0g91B+Rl5mrzQh6Ml7lesRGtWwlo//OdC6fn7f8puXDAtQQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5041 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-25_09,2023-05-25_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305250134 X-Proofpoint-GUID: aP81CjQtuq-y0dpAMvxhU8u7uczT2tUf X-Proofpoint-ORIG-GUID: aP81CjQtuq-y0dpAMvxhU8u7uczT2tUf X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Qing Zhao via Gcc-patches From: Qing Zhao Reply-To: Qing Zhao Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" 2023-05-17 Qing Zhao gcc/c-family/ChangeLog: PR C/108896 * c-ubsan.cc (ubsan_instrument_bounds): Use element_count attribute information. gcc/testsuite/ChangeLog: PR C/108896 * gcc.dg/ubsan/flex-array-element-count-bounds.c: New test. --- gcc/c-family/c-ubsan.cc | 16 +++++++ .../ubsan/flex-array-element-count-bounds.c | 46 +++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-element-count-bounds.c diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc index cfb7cbf389c..04eb05b2c24 100644 --- a/gcc/c-family/c-ubsan.cc +++ b/gcc/c-family/c-ubsan.cc @@ -362,6 +362,10 @@ ubsan_instrument_bounds (location_t loc, tree array, tree *index, { tree type = TREE_TYPE (array); tree domain = TYPE_DOMAIN (type); + /* whether the array ref is a flexible array member with valid element_count + attribute. */ + bool fam_has_count_attr = false; + tree element_count = NULL_TREE; if (domain == NULL_TREE) return NULL_TREE; @@ -375,6 +379,17 @@ ubsan_instrument_bounds (location_t loc, tree array, tree *index, && COMPLETE_TYPE_P (type) && integer_zerop (TYPE_SIZE (type))) bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1); + /* If the array ref is to flexible array member field which has + element_count attribute. We can use the information from the + attribute as the bound to instrument the reference. */ + else if ((element_count = component_ref_get_element_count (array)) + != NULL_TREE) + { + fam_has_count_attr = true; + bound = fold_build2 (MINUS_EXPR, TREE_TYPE (element_count), + element_count, + build_int_cst (TREE_TYPE (element_count), 1)); + } else return NULL_TREE; } @@ -387,6 +402,7 @@ ubsan_instrument_bounds (location_t loc, tree array, tree *index, -fsanitize=bounds-strict. */ tree base = get_base_address (array); if (!sanitize_flags_p (SANITIZE_BOUNDS_STRICT) + && !fam_has_count_attr && TREE_CODE (array) == COMPONENT_REF && base && (INDIRECT_REF_P (base) || TREE_CODE (base) == MEM_REF)) { diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-element-count-bounds.c b/gcc/testsuite/gcc.dg/ubsan/flex-array-element-count-bounds.c new file mode 100644 index 00000000000..be5ee352144 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-element-count-bounds.c @@ -0,0 +1,46 @@ +/* test the attribute element_count and its usage in + bounds sanitizer. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +#include + +struct flex { + int b; + int c[]; +} *array_flex; + +struct annotated { + int b; + int c[] __attribute__ ((element_count ("b"))); +} *array_annotated; + +void __attribute__((__noinline__)) setup (int normal_count, int annotated_count) +{ + array_flex + = (struct flex *)malloc (sizeof (struct flex) + + normal_count * sizeof (int)); + array_flex->b = normal_count; + + array_annotated + = (struct annotated *)malloc (sizeof (struct annotated) + + annotated_count * sizeof (int)); + array_annotated->b = annotated_count; + + return; +} + +void __attribute__((__noinline__)) test (int normal_index, int annotated_index) +{ + array_flex->c[normal_index] = 1; + array_annotated->c[annotated_index] = 2; +} + +int main(int argc, char *argv[]) +{ + setup (10,10); + test (10,10); + return 0; +} + +/* { dg-output "36:21: runtime error: index 10 out of bounds for type" } */