From patchwork Thu May 25 16:14:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qing Zhao X-Patchwork-Id: 9854 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp490554vqr; Thu, 25 May 2023 09:16:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5MR5nCKEzfq5MK4uJbal/H4gXUdEo1ZSgn2B80Dm+5og8GDXqVuzgj2/DDtFnqEH0komMt X-Received: by 2002:a17:907:803:b0:966:335a:5b07 with SMTP id wv3-20020a170907080300b00966335a5b07mr1904106ejb.62.1685031403992; Thu, 25 May 2023 09:16:43 -0700 (PDT) Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id dn15-20020a17090794cf00b0094ee6dcf95dsi1458710ejc.80.2023.05.25.09.16.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 May 2023 09:16:43 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b="kq/2PLHp"; arc=fail (signature failed); spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 935D43856275 for ; Thu, 25 May 2023 16:15:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 935D43856275 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1685031355; bh=JgZWyXk0jiVsut+oa8NUOGIGzhktqmPdwLI//SrRphE=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=kq/2PLHpFvIV2iC5ptGAbL17X8+x4W8ZPv26UjrTH+V1msLMUL03dJwnTkxgUHsUU zo94dNkoNNkWaxoYM2kBp9EI3v9erM/ITIXhOSllDmRTiez65r0yHX7JGqaSSLlU56 EcTlHgj2oXkH3fFcnqQTWV9FV+TvUbvh/O4NaDpg= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by sourceware.org (Postfix) with ESMTPS id A05A03858D32 for ; Thu, 25 May 2023 16:15:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A05A03858D32 Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34PGEoPA031893; Thu, 25 May 2023 16:15:01 GMT Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3qtb0y802a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 May 2023 16:15:00 +0000 Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 34PFhWBE015767; Thu, 25 May 2023 16:15:00 GMT Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3qqk6nccf9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 May 2023 16:15:00 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FefzgErxKmDNNx2iLqHnyXnvOLjdpgFrseq37hfukSsVdcy/HPfe1SfrELpOxSAhT+dvDcX8e+GJ0xIRXgW5VUfg+a4gQvk4OMGdHOuWAGyGsEtXgYbY7U6fi/AGDv4g0KuPa5I8UQbQpsI7iKwYvsg5aWIZDLdqZLQbEf5vGxpBMAHL3w4KbzUBgHN1r55mFfwC9+G23EyeDu8Qnk4zUeCEFzoWIAWI5kEnkOP6hj3f2ToxOoqZCQYUIpqOve90KJB70fM22LRJRqxCBPsoGh4FLk8v1t4PwWqRavK578inD0VN4DqQ+7w1rhorb8ktbSONLrYTNyAZqcue7FcK+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JgZWyXk0jiVsut+oa8NUOGIGzhktqmPdwLI//SrRphE=; b=Lvx2U62SSHHx52NVo9zT2znXp1eg8eSKRGDqOpfRkOz+lPVl6I3/5EaTxhFiN5Fq0emEXr3KKsdapE4ZSiT0uDDh4VLtFImgH9dJv16ieTkdEp0Zu1bAg68whtuZZUZNrochzj7iIdNNlJfcVYzzm76i4r9AP9+B3jkKpNr8hHB6noXFD+RWy4IevOJTfke6hdguzifNJ82FOaP1EIa+5fjk493x7BzlKiPNYKqjpaoUNVMsabmSPIIp1DRMBe2+Uq7N9KB5fvm3XcRZPy0EQxoCIv0pYm4Q2jAsM02HdANBagK3u8nT/qqHRFVuFd2waAC6Jw22D/Fr3Yxj0LNZlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none Received: from CH2PR10MB4344.namprd10.prod.outlook.com (2603:10b6:610:af::19) by BLAPR10MB5041.namprd10.prod.outlook.com (2603:10b6:208:30e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15; Thu, 25 May 2023 16:14:57 +0000 Received: from CH2PR10MB4344.namprd10.prod.outlook.com ([fe80::7aa1:df38:105a:21fa]) by CH2PR10MB4344.namprd10.prod.outlook.com ([fe80::7aa1:df38:105a:21fa%7]) with mapi id 15.20.6411.028; Thu, 25 May 2023 16:14:57 +0000 To: joseph@codesourcery.com, richard.guenther@gmail.com, jakub@redhat.com, gcc-patches@gcc.gnu.org Cc: keescook@chromium.org, siddhesh@gotplt.org, uecker@tugraz.at, isanbard@gmail.com, Qing Zhao Subject: [V1][PATCH 0/3] New attribute "element_count" to annotate bounds for C99 FAM(PR108896) Date: Thu, 25 May 2023 16:14:47 +0000 Message-Id: <20230525161450.3704901-1-qing.zhao@oracle.com> X-Mailer: git-send-email 2.31.1 X-ClientProxiedBy: LO4P123CA0139.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:193::18) To CH2PR10MB4344.namprd10.prod.outlook.com (2603:10b6:610:af::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PR10MB4344:EE_|BLAPR10MB5041:EE_ X-MS-Office365-Filtering-Correlation-Id: 2bb6781b-7324-4081-a501-08db5d3b2eee X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3GlCUIZTlb5qVvmrauG97Kj3C4avXFHn40TxwSa540wBd41vGsyFPP2yfs+X+A6WBUERPeChoAagmVnjzeB1+G0MrRkMtgIAEsalZ73XyaHEoQ2dcxwpA73RYx63meimTC/kWn6hfmS3xVIgBDLpmak3oGI9PdBKyocgQDFrPwPLfGv9k2R14w7x3BGyR7gc7ELxJ+ByzT4vBGnMagf3mzhXdMmtzZIf0b7R2ZgA+JsuGX2HD6z45mYXB4FWMwWCcEDKoSP4GtCsEEw9W19hpEESy1556IUFgPfKcbrNPg5qHF0So3F5Hzbq/uTFzR2cku6+CG4VUpOJMixRnKcqn9J1V3QaYbTmg9kooefN/xh7EjxW7BNkAuzb9p8g689JK7ZBkvhHhvaHgir1uVFCdvbj4HtcYJ7JAlHFuz5DSN0sR8hBocAzMnnfjucAn5ashqTyWf61IxNB7nRiDW17Q6U/jiphVi/dHK8KD6M0GNB5HFQVtuJoUx44Tshj0ScVbAvwIvuhemNW3szoujUczYbeT27uSMKisEFZWvSw8QPUOBqWTG1DWSy9MiqoK8ANgo+LZEURyKdLGlRZ/eZduA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR10MB4344.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(346002)(39860400002)(366004)(396003)(376002)(136003)(451199021)(2906002)(86362001)(83380400001)(186003)(2616005)(38100700002)(8936002)(36756003)(5660300002)(8676002)(316002)(44832011)(41300700001)(966005)(6506007)(107886003)(26005)(6512007)(6666004)(1076003)(4326008)(66476007)(66556008)(66946007)(478600001)(6486002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8k6+zQKoIx3GMexuQnlBkU8UrlepuRVyGhoDcDDpZhf820sXwDH2bBJ1cc98HYn1il8KQDwEQViY06U/rxFl1xGQbuk+JSYh7HrDpOphcOS+0ibZemzofoDU7cq61a6NpMtgHy5nlZiFz14xJmPLEL9AoD4xEz9eX2AeigpGwTUFLvKhrXVOu1yKscDVvRDwk+AWh22ZYpL9fLVhI3xVHE73Krr12L1O++Dnk/BAxBZHZq5685ANKzD4g3mLiMMz8eAEzzOwQLOb3mBQ31xOHAPEl3am5Ksphv/1K4mD5Bt1D4Z9Tp1p7nY6A0M2uvyDk9b5i28eNzEKF99urMPqVMnj7o+G+6L0a4DsJLGkAn7VtCL1U7KCA67ma2t3/WX73nQ7llbBNx4wftqmLjLk103O7ykwozT41XA326T+/+7Z+xV3FX+b7HfqFE9XCJnvATV+IDXkoBTZTf0uYwwVfeCQntTvoNS9uOwPVk6Fb96q+E1ONfDDUPJgGUajyfpTZHw6qDKF6tEI5DoXveV6v8MAUwNhvR6SdKRaCAr56WHDGr9MYbxJDpFTTzllYM21OZEE+eqCu62Ic/b7WfbGhPTF0nrrOrRx07uSOgivgxkEfj9KSPWoWt4U7ufyHFsr92a/Sxl//pUzAC17HigODMeANpN6bR+6rdwNH92CshZMGXYjz9i7o3HTtlV2BY5mghzqhDgY4kh7tucynvRGmiPZxsIbkCxw44mgHoQGR4MTQZucF1jEGhy8XimrTxj3+AaC6XHRlIozGAzVRBBILDeAvS+caIOAAyQVpiDTP/p8BIWURfOa4Lp2LLmcmMEsASXenYYLOMsaTe7D/SND6E64pk1uSGdyCKVSf6Wzzmv0CqIY+OkkQjIvDraCWG6ywunG0vZ8z/ZRak19pElI83iofiYr+xXttFwcI3bNzY+C/mpf9gB390VLbJ8p8OBZyPiifw4ZKgBehr7CzdwaUJvTWc4sle1B9TE2OLFzAmMDIDJn6xgm3d8Q9fjVMio2xBOO+D9zIDwPouYvi9o/X185CqF3//TuJSw5anguxSiV8I1prI84rzzjJNTBXxoIcfGqSlKrfLeEfspnSYjobDnATr9Tou61YChfo7yndx5AxIjdCrsBMgikNqHM5wai/DkhMSt0jda85JGIVwVu3RI52oIyXiIE58EJisk/DNHeXHedhHaqVI9QvT0q3sCqLLHvXO5Ku3JKJ4Suc95Ydcy0zC0/jqq3ZeiTnUziNo9deIl0fZ1BDGMBv08xtKoUw7wRZodFhsuJSleTBedWb8Z7i24QsfvbVUKsmPUUShLUJF7a/9KbLz9M/vgizUoIf0Eo+aBCUw9d8yk+1B/zfu8G6DQiRDDJmWwNdJHIS7NZioYOufI0ltsU73H3wKY7bvpMMX8vuBor02sXaVd+ViKVMjsT0xFQLHOqBzfRo+pZOnh55PY7wJK+lUiy6NZ4CbgCSOokGhDHowthdUE/iHbJjYINxSgFVy+1JPZKL0m5sDY8lhN2epRAtiPlk2mzMxkQji0BUEmc5xPjGyksl+53WCuRf2S5uGue25hRZiT7CyerL0p4M7780GFgnQqz X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: SIYbC/sNFv/lFiGlXla5Jc0fwftNC2Ph6NB3z3oF2dKg6aESDBhduxcetpsLZM34qnj2JEtDjM8oESRlAsTbiVxWQ9QXXGXU3FWYoR1u+Fj56m5QdIYKIEf0HP817rVo4WR+Go887LMh0gm7/WbIVKWq/XSEaAc7KeXrSCO1Nq5Dn9N8JYpft1Lcvney9gGNw/nCe58E3aE8JiOXvq0fDQqT5ASjUIoqaXxBzugogjkl/gmoARYxSLjtfbjGLyoF19GHwMYA77D2a4gBmQhYHK7mc52wnS1VYZ3cMmJzlw0kLc8xGpDS0D6bsZx7jfLcg2AwXCpKKHuVQV81KOegG4jIEXAEzAZWe5BUgW610E90yJtgCGMXquA9gKE471cugu2IskhSsSJjAoXEjHhTAb5A0IfNL01iOzn6N8ylPtfQZfKZa6HF4U8WrJUDeEFmBwMF1I0SMQBCuOoisDQuZaQCT+4U/dESUwiueYsqks0RiRvfQxLfDWsk1Z4laE35gaupbBEyrYOUoWZn6mDRMzVSMyUYOs76TUbvvQOUFm1I94FZWZx7FvyX0amZgfwimlaWsszL4x2tTtSOz/IS3Yqv7GBykApko5ubG0Cc7JplJ0akdIm17VR/CcJwrsnJ27JmQkw98/79Z2ykpv3rKJPeORrXT6NBHLpTnw17YuH9gmXptJyBuBIIcrvgAmUnUF3N6J3SKlzg0a01ruk1RepOniS9d5HryG3en4XOlZIL6U1KF7DsNPgoqwySOutyVx7ZcgpHDsoBoDBzVUBd0Q+vWpyw5vw7aU7pFXgp4v7OVq4SNCHbg1hNOgESIuuDDss3+olVy6bQHeSq+JJpHpFTCzsw9Uqv6B2CVu876RmUYV23FhhJlIAAcNLe+xxNXwawVrImBYeyt0U7Amrmd+fU5vYTxN59z32DoWTVzsqlZco0OZr/sZ4/ST+yJWl9 X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2bb6781b-7324-4081-a501-08db5d3b2eee X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4344.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2023 16:14:57.6592 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7S0ZLrr+cVJX8csOWzFZ5mS1f+dSAl9S9otTHC6j6XkiuPDWi8/MofR8g0kqINkaCV3Gs05+W0YsfvvCYlaROA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5041 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-25_09,2023-05-25_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305250134 X-Proofpoint-GUID: Wt2rTDt1wG88K7gOfsEnAWL3i1gpSa39 X-Proofpoint-ORIG-GUID: Wt2rTDt1wG88K7gOfsEnAWL3i1gpSa39 X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_SHORT, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Qing Zhao via Gcc-patches From: Qing Zhao Reply-To: Qing Zhao Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766883489233223945?= X-GMAIL-MSGID: =?utf-8?q?1766883489233223945?= Hi, This patch set introduces a new attribute "element_count" to annotate bounds for C99 flexible array member. A gcc bugzilla PR108896 has been created to record this task: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 A nice writeup "Bounded Flexible Arrays in C" https://people.kernel.org/kees/bounded-flexible-arrays-in-c. written by Kees Cook, from Kernel Self-Protection Project, provides a solid background and motivation of this new attribute: "With flexible arrays now a first-class citizen in Linux and the compilers, it becomes possible to extend their available diagnostics. What the compiler is missing is knowledge of how the length of a given flexible array is tracked. For well-described flexible array structs, this means associating the member holding the element count with the flexible array member. This idea is not new, though prior implementation (https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2660.pdf) proposals have wanted to make changes to the C language syntax. A simpler approach is the addition of struct member attributes, and is under discussion and early development by both the GCC and Clang developer communities." The basic idea is to annotate the flexible array member with a new attribute "element_count" to track its number of elements to another field in the same structure, for example: struct object { .. size_t count; /* carries the number of elements info for the FAM flex. */ int flex[]; }; will become: struct object { .. size_t count: /* carries the number of elements info for the FAM flex. */ int flex[] __attribute__((element_count ("count"))); }; GCC will pass the number of elements info from the attached attribute to both __builtin_dynamic_object_size and bounds sanitizer to check the out-of-bounds or dynamic object size issues during runtime for flexible array members. This new feature will provide nice protection to flexible array members (which currently are completely ignored by both __builtin_dynamic_object_size and bounds sanitizers). Possible future additions to this initial work include supporting counts from a variable outside the structure, or a field in the outer structure if needed. If the GCC extension works well, this feature might be promoted into new C standard in the future. Clang has a similar initial implemenation which is under review: https://reviews.llvm.org/D148381 Linux kernel also has a patch to use this new feature: https://lore.kernel.org/lkml/20230504211827.GA1666363@dev-arch.thelio-3990X/T/ The patch set include 3 patches: 1/3: Provide element_count attribute to flexible array member field (PR108896) 2/3: Use the element_count atribute info in builtin object size [PR108896]. 3/3: Use the element_count attribute information in bound sanitizer[PR108896] bootstrapped and regression tested on aarch64 and x86. Let me know if you have any comment or suggestion. Thanks. Qing