caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
automated-release
clang-p2996/clang/test/Sema/attr-counted-by-or-null-late-parsed-struct-ptrs.c
Dan Liew 59eafd1bdc [BoundsSafety][Sema] Allow counted_by and counted_by_or_null on pointers where the pointee type is incomplete but potentially completable (#106321) 
Previously using the `counted_by` or `counted_by_or_null` attribute on a
pointer with an incomplete pointee type was forbidden. Unfortunately
this prevented a situation like the following from being allowed.

Header file:

```
struct EltTy; // Incomplete type
struct Buffer {
  size_t count;
  struct EltTy* __counted_by(count) buffer; // error before this patch
};
```

Implementation file:

```
struct EltTy {
  // definition
};

void allocBuffer(struct Buffer* b) {
  b->buffer = malloc(sizeof(EltTy)* b->count);
}
```

To allow code like the above but still enforce that the pointee
type size is known in locations where `-fbounds-safety` needs to
emit bounds checks the following scheme is used.

* For incomplete pointee types that can never be completed (e.g. `void`)
  these are treated as error where the attribute is written (just like
  before this patch).
* For incomplete pointee types that might be completable later on
  (struct, union, and enum forward declarations)
  in the translation unit, writing the attribute on the incomplete
  pointee type is allowed on the FieldDecl declaration but "uses" of the
  declared pointer are forbidden if at the point of "use" the pointee
  type is still incomplete.

For this patch a "use" of a FieldDecl covers:

* Explicit and Implicit initialization (note see **Tentative Definition
  Initialization** for an exception to this)
* Assignment
* Conversion to an lvalue (e.g. for use in an expression)

In the swift lang fork of Clang the `counted_by` and
`counted_by_or_null` attribute are allowed in many more contexts. That
isn't the case for upstream Clang so the "use" checks for the attribute
on VarDecl, ParamVarDecl, and function return type have been omitted
from this patch because they can't be tested. However, the
`BoundsSafetyCheckAssignmentToCountAttrPtrWithIncompletePointeeTy` and
`BoundsSafetyCheckUseOfCountAttrPtrWithIncompletePointeeTy` functions
retain the ability to emit diagnostics for these other contexts to avoid
unnecessary divergence between upstream Clang and Apple's internal fork.
Support for checking "uses" will be upstreamed when upstream Clang
allows the `counted_by` and `counted_by_or_null` attribute in additional
contexts.

This patch has a few limitations:

** 1. Tentative Defition Initialization **

This patch currently allows something like:

```
struct IncompleteTy;
struct Buffer {
  int count;
  struct IncompleteTy* __counted_by(count) buf;
};

// Tentative definition
struct Buffer GlobalBuf;
```

The Tentative definition in this example becomes an actual definition
whose initialization **should be checked** but it currently isn't.
Addressing this problem will be done in a subseqent patch.

** 2. When the incomplete pointee type is a typedef diagnostics are slightly misleading **

For this situation:

```

struct IncompleteTy;
typedef struct IncompleteTy Incomplete_t;

struct Buffer {
  int count;
  struct IncompleteTy* __counted_by(count) buf;
};

void use(struct Buffer b) {
  b.buf = 0x0;
}
```

This code emits `note: forward declaration of 'Incomplete_t' (aka
'struct IncompleteTy')` but the location is on the `struct
IncompleteTy;` forward declaration.  This is misleading because
`Incomplete_t` isn't actually forward declared there (instead the
underlying type is). This could be resolved by additional diagnostics
that walk the chain of typedefs and explain each step of the walk.
However, that would be very verbose and didn't seem like a direction
worth pursuing.

rdar://133600117
2025-04-18 15:26:04 -07:00

255 lines
8.4 KiB
C
Raw Permalink Blame History

// RUN: %clang_cc1 -fexperimental-late-parse-attributes -fsyntax-only -verify %s
#define __counted_by_or_null(f) __attribute__((counted_by_or_null(f)))
#define __counted_by(f) __attribute__((counted_by(f)))
struct size_unknown;
struct size_known {
int field;
};
typedef void(*fn_ptr_ty)(void);
//==============================================================================
// __counted_by_or_null on struct member pointer in decl attribute position
//==============================================================================
struct on_member_pointer_complete_ty {
struct size_known * buf __counted_by_or_null(count);
int count;
};
struct on_member_pointer_incomplete_ty {
struct size_unknown * buf __counted_by_or_null(count); // ok
int count;
};
struct on_member_pointer_const_incomplete_ty {
const struct size_unknown * buf __counted_by_or_null(count); // ok
int count;
};
struct on_member_pointer_void_ty {
void* buf __counted_by_or_null(count); // expected-error{{'counted_by_or_null' cannot be applied to a pointer with pointee of unknown size because 'void' is an incomplete type}}
int count;
};
struct on_member_pointer_fn_ptr_ty {
// buffer of `count` function pointers is allowed
void (**fn_ptr)(void) __counted_by_or_null(count);
int count;
};
struct on_member_pointer_fn_ptr_ty_ptr_ty {
// buffer of `count` function pointers is allowed
fn_ptr_ty* fn_ptr __counted_by_or_null(count);
int count;
};
struct on_member_pointer_fn_ty {
// buffer of `count` functions is not allowed
// expected-error@+1{{'counted_by_or_null' cannot be applied to a pointer with pointee of unknown size because 'void (void)' is a function type}}
void (*fn_ptr)(void) __counted_by_or_null(count);
int count;
};
struct on_member_pointer_fn_ptr_ty_ty {
// buffer of `count` functions is not allowed
// expected-error@+1{{'counted_by_or_null' cannot be applied to a pointer with pointee of unknown size because 'void (void)' is a function type}}
fn_ptr_ty fn_ptr __counted_by_or_null(count);
int count;
};
struct has_unannotated_vla {
int count;
int buffer[];
};
struct on_member_pointer_struct_with_vla {
// expected-error@+1{{'counted_by_or_null' cannot be applied to a pointer with pointee of unknown size because 'struct has_unannotated_vla' is a struct type with a flexible array member}}
struct has_unannotated_vla* objects __counted_by_or_null(count);
int count;
};
struct has_annotated_vla {
int count;
int buffer[] __counted_by(count);
};
// Currently prevented because computing the size of `objects` at runtime would
// require an O(N) walk of `objects` to take into account the length of the VLA
// in each struct instance.
struct on_member_pointer_struct_with_annotated_vla {
// expected-error@+1{{'counted_by_or_null' cannot be applied to a pointer with pointee of unknown size because 'struct has_annotated_vla' is a struct type with a flexible array member}}
struct has_annotated_vla* objects __counted_by_or_null(count);
int count;
};
struct on_pointer_anon_buf {
// TODO: Support referring to parent scope
struct {
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_known *buf __counted_by_or_null(count);
};
int count;
};
struct on_pointer_anon_count {
struct size_known *buf __counted_by_or_null(count);
struct {
int count;
};
};
//==============================================================================
// __counted_by_or_null on struct member pointer in type attribute position
//==============================================================================
// TODO: Correctly parse counted_by_or_null as a type attribute. Currently it is parsed
// as a declaration attribute and is **not** late parsed resulting in the `count`
// field being unavailable.
struct on_member_pointer_complete_ty_ty_pos {
// TODO: Allow this
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_known *__counted_by_or_null(count) buf;
int count;
};
struct on_member_pointer_incomplete_ty_ty_pos {
// TODO: Allow this
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_unknown * __counted_by_or_null(count) buf;
int count;
};
struct on_member_pointer_const_incomplete_ty_ty_pos {
// TODO: Allow this
// expected-error@+1{{use of undeclared identifier 'count'}}
const struct size_unknown * __counted_by_or_null(count) buf;
int count;
};
struct on_member_pointer_void_ty_ty_pos {
// TODO: This should fail because the attribute is
// on a pointer with the pointee being an incomplete type.
// expected-error@+1{{use of undeclared identifier 'count'}}
void *__counted_by_or_null(count) buf;
int count;
};
// -
struct on_member_pointer_fn_ptr_ty_pos {
// TODO: buffer of `count` function pointers should be allowed
// but fails because this isn't late parsed.
// expected-error@+1{{use of undeclared identifier 'count'}}
void (** __counted_by_or_null(count) fn_ptr)(void);
int count;
};
struct on_member_pointer_fn_ptr_ty_ptr_ty_pos {
// TODO: buffer of `count` function pointers should be allowed
// but fails because this isn't late parsed.
// expected-error@+1{{use of undeclared identifier 'count'}}
fn_ptr_ty* __counted_by_or_null(count) fn_ptr;
int count;
};
struct on_member_pointer_fn_ty_ty_pos {
// TODO: This should fail because the attribute is
// on a pointer with the pointee being a function type.
// expected-error@+1{{use of undeclared identifier 'count'}}
void (* __counted_by_or_null(count) fn_ptr)(void);
int count;
};
struct on_member_pointer_fn_ptr_ty_ty_pos {
// TODO: buffer of `count` function pointers should be allowed
// expected-error@+1{{use of undeclared identifier 'count'}}
void (** __counted_by_or_null(count) fn_ptr)(void);
int count;
};
struct on_member_pointer_fn_ptr_ty_typedef_ty_pos {
// TODO: This should fail because the attribute is
// on a pointer with the pointee being a function type.
// expected-error@+1{{use of undeclared identifier 'count'}}
fn_ptr_ty __counted_by_or_null(count) fn_ptr;
int count;
};
struct on_member_pointer_fn_ptr_ty_ty_pos_inner {
// TODO: This should fail because the attribute is
// on a pointer with the pointee being a function type.
// expected-error@+1{{use of undeclared identifier 'count'}}
void (* __counted_by_or_null(count) * fn_ptr)(void);
int count;
};
struct on_member_pointer_struct_with_vla_ty_pos {
// TODO: This should fail because the attribute is
// on a pointer with the pointee being a struct type with a VLA.
// expected-error@+1{{use of undeclared identifier 'count'}}
struct has_unannotated_vla *__counted_by_or_null(count) objects;
int count;
};
struct on_member_pointer_struct_with_annotated_vla_ty_pos {
// TODO: This should fail because the attribute is
// on a pointer with the pointee being a struct type with a VLA.
// expected-error@+1{{use of undeclared identifier 'count'}}
struct has_annotated_vla* __counted_by_or_null(count) objects;
int count;
};
struct on_nested_pointer_inner {
// TODO: This should be disallowed because in the `-fbounds-safety` model
// `__counted_by_or_null` can only be nested when used in function parameters.
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_known *__counted_by_or_null(count) *buf;
int count;
};
struct on_nested_pointer_outer {
// TODO: Allow this
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_known **__counted_by_or_null(count) buf;
int count;
};
struct on_pointer_anon_buf_ty_pos {
struct {
// TODO: Support referring to parent scope
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_known * __counted_by_or_null(count) buf;
};
int count;
};
struct on_pointer_anon_count_ty_pos {
// TODO: Allow this
// expected-error@+1{{use of undeclared identifier 'count'}}
struct size_known *__counted_by_or_null(count) buf;
struct {
int count;
};
};
//==============================================================================
// __counted_by_or_null on struct non-pointer members
//==============================================================================
struct on_pod_ty {
// expected-error-re@+1{{'counted_by_or_null' only applies to pointers{{$}}}}
int wrong_ty __counted_by_or_null(count);
int count;
};
struct on_void_ty {
// expected-error-re@+2{{'counted_by_or_null' only applies to pointers{{$}}}}
// expected-error@+1{{field has incomplete type 'void'}}
void wrong_ty __counted_by_or_null(count);
int count;
};
Reference in New Issue View Git Blame Copy Permalink