mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-27 15:56:07 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Sema/attr-counted-by-struct-ptrs.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

226 lines
7.5 KiB
C
Raw Normal View History

Reland #90786 ([BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C) (#93121) [BoundsSafety] Reland #93121 Allow 'counted_by' attribute on pointers in structs in C (#93121) Fixes #92687. Previously the attribute was only allowed on flexible array members. This patch patch changes this to also allow the attribute on pointer fields in structs and also allows late parsing of the attribute in some contexts. For example this previously wasn't allowed: ``` struct BufferTypeDeclAttributePosition { size_t count; char* buffer __counted_by(count); // Now allowed } ``` Note the attribute is prevented on pointee types where the size isn't known at compile time. In particular pointee types that are: * Incomplete (e.g. `void`) and sizeless types * Function types (e.g. the pointee of a function pointer) * Struct types with a flexible array member This patch also introduces late parsing of the attribute when used in the declaration attribute position. For example ``` struct BufferTypeDeclAttributePosition { char* buffer __counted_by(count); // Now allowed size_t count; } ``` is now allowed but **only** when passing `-fexperimental-late-parse-attributes`. The motivation for using late parsing here is to avoid breaking the data layout of structs in existing code that want to use the `counted_by` attribute. This patch is the first use of `LateAttrParseExperimentalExt` in `Attr.td` that was introduced in a previous patch. Note by allowing the attribute on struct member pointers this now allows the possiblity of writing the attribute in the type attribute position. For example: ``` struct BufferTypeAttributePosition { size_t count; char *__counted_by(count) buffer; // Now allowed } ``` However, the attribute in this position is still currently parsed immediately rather than late parsed. So this will not parse currently: ``` struct BufferTypeAttributePosition { char *__counted_by(count) buffer; // Fails to parse size_t count; } ``` The intention is to lift this restriction in future patches. It has not been done in this patch to keep this size of this commit small. There are also several other follow up changes that will need to be addressed in future patches: * Make late parsing working with anonymous structs (see `on_pointer_anon_buf` in `attr-counted-by-late-parsed-struct-ptrs.c`). * Allow `counted_by` on more subjects (e.g. parameters, returns types) when `-fbounds-safety` is enabled. * Make use of the attribute on pointer types in code gen (e.g. for `_builtin_dynamic_object_size` and UBSan's array-bounds checks). This work is heavily based on a patch originally written by Yeoul Na. ** Differences between #93121 and this patch ** * The memory leak that caused #93121 to be reverted (see #92687) should now be fixed. See "The Memory Leak". * The fix to `pragma-attribute-supported-attributes-list.test` (originally in cef6387) has been incorporated into this patch. * A relaxation of counted_by semantics (originally in 112eadd) has been incorporated into this patch. * The assert in `Parser::DistributeCLateParsedAttrs` has been removed because that broke downstream code. * The switch statement in `Parser::ParseLexedCAttribute` has been removed in favor of using `Parser::ParseGNUAttributeArgs` which does the same thing but is more feature complete. * The `EnterScope` parameter has been plumbed through `Parser::ParseLexedCAttribute` and `Parser::ParseLexedCAttributeList`. It currently doesn't do anything but it will be needed in future commits. ** The Memory Leak ** The problem was that these lines parsed the attributes but then did nothing to free the memory ``` assert(!getLangOpts().CPlusPlus); for (auto *LateAttr : LateFieldAttrs) ParseLexedCAttribute(*LateAttr); ``` To fix this this a new `Parser::ParseLexedCAttributeList` method has been added (based on `Parser::ParseLexedAttributeList`) which does the necessary memory management. The intention is to merge these two methods together so there is just one implementation in a future patch (#93263). A more principled fixed here would be to fix the ownership of the `LateParsedAttribute` objects. In principle `LateParsedAttrList` should own its pointers exclusively and be responsible for deallocating them. Unfortunately this is complicated by `LateParsedAttribute` objects also being stored in another data structure (`LateParsedDeclarations`) as can be seen below (`LA` gets stored in two places). ``` // Handle attributes with arguments that require late parsing. LateParsedAttribute *LA = new LateParsedAttribute(this, *AttrName, AttrNameLoc); LateAttrs->push_back(LA); // Attributes in a class are parsed at the end of the class, along // with other late-parsed declarations. if (!ClassStack.empty() && !LateAttrs->parseSoon()) getCurrentClass().LateParsedDeclarations.push_back(LA); ``` this means the ownership of LateParsedAttribute objects isn't very clear. rdar://125400257
2024-05-23 18:35:24 -07:00
// RUN: %clang_cc1 -fsyntax-only -verify %s
[Bounds Safety][NFC] Add some missing coverage for `-fexperimental-late-parse-attributes` (#102236) Previously we weren't properly checking that using `-fexperimental-late-parse-attributes` worked on source code that didn't need late parsing. For example we weren't testing that the attribute appearing in the type position generated the right AST with `-fexperimental-late-parse-attributes` off. This patch adds additional `RUN` lines to re-run the relevant test cases with `-fexperimental-late-parse-attributes` enabled. rdar://133325597
2024-08-08 09:57:47 -07:00
// RUN: %clang_cc1 -fsyntax-only -fexperimental-late-parse-attributes %s -verify
Reland #90786 ([BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C) (#93121) [BoundsSafety] Reland #93121 Allow 'counted_by' attribute on pointers in structs in C (#93121) Fixes #92687. Previously the attribute was only allowed on flexible array members. This patch patch changes this to also allow the attribute on pointer fields in structs and also allows late parsing of the attribute in some contexts. For example this previously wasn't allowed: ``` struct BufferTypeDeclAttributePosition { size_t count; char* buffer __counted_by(count); // Now allowed } ``` Note the attribute is prevented on pointee types where the size isn't known at compile time. In particular pointee types that are: * Incomplete (e.g. `void`) and sizeless types * Function types (e.g. the pointee of a function pointer) * Struct types with a flexible array member This patch also introduces late parsing of the attribute when used in the declaration attribute position. For example ``` struct BufferTypeDeclAttributePosition { char* buffer __counted_by(count); // Now allowed size_t count; } ``` is now allowed but **only** when passing `-fexperimental-late-parse-attributes`. The motivation for using late parsing here is to avoid breaking the data layout of structs in existing code that want to use the `counted_by` attribute. This patch is the first use of `LateAttrParseExperimentalExt` in `Attr.td` that was introduced in a previous patch. Note by allowing the attribute on struct member pointers this now allows the possiblity of writing the attribute in the type attribute position. For example: ``` struct BufferTypeAttributePosition { size_t count; char *__counted_by(count) buffer; // Now allowed } ``` However, the attribute in this position is still currently parsed immediately rather than late parsed. So this will not parse currently: ``` struct BufferTypeAttributePosition { char *__counted_by(count) buffer; // Fails to parse size_t count; } ``` The intention is to lift this restriction in future patches. It has not been done in this patch to keep this size of this commit small. There are also several other follow up changes that will need to be addressed in future patches: * Make late parsing working with anonymous structs (see `on_pointer_anon_buf` in `attr-counted-by-late-parsed-struct-ptrs.c`). * Allow `counted_by` on more subjects (e.g. parameters, returns types) when `-fbounds-safety` is enabled. * Make use of the attribute on pointer types in code gen (e.g. for `_builtin_dynamic_object_size` and UBSan's array-bounds checks). This work is heavily based on a patch originally written by Yeoul Na. ** Differences between #93121 and this patch ** * The memory leak that caused #93121 to be reverted (see #92687) should now be fixed. See "The Memory Leak". * The fix to `pragma-attribute-supported-attributes-list.test` (originally in cef6387) has been incorporated into this patch. * A relaxation of counted_by semantics (originally in 112eadd) has been incorporated into this patch. * The assert in `Parser::DistributeCLateParsedAttrs` has been removed because that broke downstream code. * The switch statement in `Parser::ParseLexedCAttribute` has been removed in favor of using `Parser::ParseGNUAttributeArgs` which does the same thing but is more feature complete. * The `EnterScope` parameter has been plumbed through `Parser::ParseLexedCAttribute` and `Parser::ParseLexedCAttributeList`. It currently doesn't do anything but it will be needed in future commits. ** The Memory Leak ** The problem was that these lines parsed the attributes but then did nothing to free the memory ``` assert(!getLangOpts().CPlusPlus); for (auto *LateAttr : LateFieldAttrs) ParseLexedCAttribute(*LateAttr); ``` To fix this this a new `Parser::ParseLexedCAttributeList` method has been added (based on `Parser::ParseLexedAttributeList`) which does the necessary memory management. The intention is to merge these two methods together so there is just one implementation in a future patch (#93263). A more principled fixed here would be to fix the ownership of the `LateParsedAttribute` objects. In principle `LateParsedAttrList` should own its pointers exclusively and be responsible for deallocating them. Unfortunately this is complicated by `LateParsedAttribute` objects also being stored in another data structure (`LateParsedDeclarations`) as can be seen below (`LA` gets stored in two places). ``` // Handle attributes with arguments that require late parsing. LateParsedAttribute *LA = new LateParsedAttribute(this, *AttrName, AttrNameLoc); LateAttrs->push_back(LA); // Attributes in a class are parsed at the end of the class, along // with other late-parsed declarations. if (!ClassStack.empty() && !LateAttrs->parseSoon()) getCurrentClass().LateParsedDeclarations.push_back(LA); ``` this means the ownership of LateParsedAttribute objects isn't very clear. rdar://125400257
2024-05-23 18:35:24 -07:00
#define __counted_by(f) __attribute__((counted_by(f)))
struct size_unknown;
struct size_known {
int field;
};
typedef void(*fn_ptr_ty)(void);
//==============================================================================
// __counted_by on struct member pointer in decl attribute position
//==============================================================================
struct on_member_pointer_complete_ty {
int count;
struct size_known * buf __counted_by(count);
};
struct on_member_pointer_incomplete_ty {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'struct size_unknown' is an incomplete type}}
struct size_unknown * buf __counted_by(count);
};
struct on_member_pointer_const_incomplete_ty {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'const struct size_unknown' is an incomplete type}}
const struct size_unknown * buf __counted_by(count);
};
struct on_member_pointer_void_ty {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'void' is an incomplete type}}
void* buf __counted_by(count);
};
struct on_member_pointer_fn_ptr_ty {
int count;
// buffer of `count` function pointers is allowed
void (**fn_ptr)(void) __counted_by(count);
};
struct on_member_pointer_fn_ptr_ty_ptr_ty {
int count;
// buffer of `count` function pointers is allowed
fn_ptr_ty* fn_ptr __counted_by(count);
};
struct on_member_pointer_fn_ty {
int count;
// buffer of `count` functions is not allowed
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'void (void)' is a function type}}
void (*fn_ptr)(void) __counted_by(count);
};
struct on_member_pointer_fn_ptr_ty_ty {
int count;
// buffer of `count` functions is not allowed
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'void (void)' is a function type}}
fn_ptr_ty fn_ptr __counted_by(count);
};
struct has_unannotated_vla {
int count;
int buffer[];
};
struct on_member_pointer_struct_with_vla {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'struct has_unannotated_vla' is a struct type with a flexible array member}}
struct has_unannotated_vla* objects __counted_by(count);
};
struct has_annotated_vla {
int count;
int buffer[] __counted_by(count);
};
// Currently prevented because computing the size of `objects` at runtime would
// require an O(N) walk of `objects` to take into account the length of the VLA
// in each struct instance.
struct on_member_pointer_struct_with_annotated_vla {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'struct has_annotated_vla' is a struct type with a flexible array member}}
struct has_annotated_vla* objects __counted_by(count);
};
struct on_pointer_anon_buf {
int count;
struct {
struct size_known *buf __counted_by(count);
};
};
struct on_pointer_anon_count {
struct {
int count;
};
struct size_known *buf __counted_by(count);
};
//==============================================================================
// __counted_by on struct member pointer in type attribute position
//==============================================================================
// TODO: Correctly parse counted_by as a type attribute. Currently it is parsed
// as a declaration attribute
struct on_member_pointer_complete_ty_ty_pos {
int count;
struct size_known *__counted_by(count) buf;
};
struct on_member_pointer_incomplete_ty_ty_pos {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'struct size_unknown' is an incomplete type}}
struct size_unknown * __counted_by(count) buf;
};
struct on_member_pointer_const_incomplete_ty_ty_pos {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'const struct size_unknown' is an incomplete type}}
const struct size_unknown * __counted_by(count) buf;
};
struct on_member_pointer_void_ty_ty_pos {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'void' is an incomplete type}}
void *__counted_by(count) buf;
};
// -
struct on_member_pointer_fn_ptr_ty_pos {
int count;
// buffer of `count` function pointers is allowed
void (** __counted_by(count) fn_ptr)(void);
};
struct on_member_pointer_fn_ptr_ty_ptr_ty_pos {
int count;
// buffer of `count` function pointers is allowed
fn_ptr_ty* __counted_by(count) fn_ptr;
};
struct on_member_pointer_fn_ty_ty_pos {
int count;
// buffer of `count` functions is not allowed
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'void (void)' is a function type}}
void (* __counted_by(count) fn_ptr)(void);
};
struct on_member_pointer_fn_ptr_ty_ty_pos {
int count;
// buffer of `count` functions is not allowed
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'void (void)' is a function type}}
fn_ptr_ty __counted_by(count) fn_ptr;
};
// TODO: This should be forbidden but isn't due to counted_by being treated
// as a declaration attribute.
struct on_member_pointer_fn_ptr_ty_ty_pos_inner {
int count;
void (* __counted_by(count) * fn_ptr)(void);
};
struct on_member_pointer_struct_with_vla_ty_pos {
int count;
// expected-error@+1{{'counted_by' cannot be applied to a pointer with pointee of unknown size because 'struct has_unannotated_vla' is a struct type with a flexible array member}}
struct has_unannotated_vla *__counted_by(count) objects;
};
// Currently prevented because computing the size of `objects` at runtime would
// require an O(N) walk of `objects` to take into account the length of the VLA
// in each struct instance.
struct on_member_pointer_struct_with_annotated_vla_ty_pos {
int count;
// expected-error@+1{{counted_by' cannot be applied to a pointer with pointee of unknown size because 'struct has_annotated_vla' is a struct type with a flexible array member}}
struct has_annotated_vla* __counted_by(count) objects;
};
struct on_nested_pointer_inner {
// TODO: This should be disallowed because in the `-fbounds-safety` model
// `__counted_by` can only be nested when used in function parameters.
int count;
struct size_known *__counted_by(count) *buf;
};
struct on_nested_pointer_outer {
int count;
struct size_known **__counted_by(count) buf;
};
struct on_pointer_anon_buf_ty_pos {
int count;
struct {
struct size_known * __counted_by(count) buf;
};
};
struct on_pointer_anon_count_ty_pos {
struct {
int count;
};
struct size_known *__counted_by(count) buf;
};
//==============================================================================
// __counted_by on struct non-pointer members
//==============================================================================
struct on_pod_ty {
int count;
// expected-error@+1{{'counted_by' only applies to pointers or C99 flexible array members}}
int wrong_ty __counted_by(count);
};
struct on_void_ty {
int count;
// expected-error@+2{{'counted_by' only applies to pointers or C99 flexible array members}}
// expected-error@+1{{field has incomplete type 'void'}}
void wrong_ty __counted_by(count);
};
Reference in New Issue Copy Permalink