This is an archive of the discontinued LLVM Phabricator instance.

Differential D12821

Allow for C's "writing off the end" idiom in __builtin_object_size
ClosedPublic

Authored by george.burgess.iv on Sep 11 2015, 4:29 PM.

Details

Reviewers
rsmith
Summary

In C, a common idiom is:

struct Foo { int a; char cs[1] };
struct Foo *F = (struct Foo *)malloc(sizeof(Foo) + strlen(SomeString));
strcpy(F->cs, SomeString);

Currently, __builtin_object_size does not allow for this, which breaks some existing code. This patch makes us answer conservatively in Clang if the following conditions are met:

  • Type is 1 or 3
  • The Base is invalid/can't be determined
  • The subobject we're referencing is the last subobject in the struct
  • The subobject we're referencing is an array with 0 or 1 elements (for 0 elements, both char foo[] and char foo[0] syntaxes are supported)

Diff Detail

Event Timeline

george.burgess.iv updated this revision to Diff 34601.Sep 11 2015, 4:29 PM
george.burgess.iv retitled this revision from to Allow for C's "writing off the end" idiom in __builtin_object_size.
george.burgess.iv updated this object.
george.burgess.iv added a reviewer: rsmith.
george.burgess.iv added subscribers: cfe-commits, mzolotukhin.
rsmith added inline comments.Sep 11 2015, 4:46 PM
lib/AST/ExprConstant.cpp
165

array -> array element.

4455–4458

I think you should bail out above, with the base set to the MemberExpr and with an empty designator, rather than applying a member designator on top of a base that already refers to the member (and then needing to undo the effect on the offset here).

6471

This only seems necessary when Type is 1; for type 3, returning 1 would be conservatively correct as a lower bound on the known-accessible storage, and is better than giving up here and evaluating the object size as 0.

6472–6473

Ideally, we should walk the designator and make sure that at each step we picked the last subobject (last array element, last field, ...) -- that is, we want to know that we're really looking at a trailing flexible array member, and not just a size-1 array in the middle of some object.

You should also check that the designator refers to the most-derived object (that is, that Entries.size() == MostDerivedPathLength), because given:

struct A { char buffer[10]; };
struct B : A {};
struct C { B b[1]; } *c;
int m = __builtin_object_size(c->b[0], 1);
int n = __builtin_object_size((A*)c->b[0], 1);

... we should presumably compute m == -1 but n == 10, because for n the A subobject of the B object is known to have size 10, even though we're looking at a base subobject of a size-1 trailing array.

george.burgess.iv updated this revision to Diff 34710.Sep 14 2015, 11:49 AM
george.burgess.iv marked 4 inline comments as done.

Addressed all feedback -- added a walk of the Designator as suggested.

Regarding isDesignatorAtObjectEnd: I'm assuming that the Index returned by FieldDescriptor::getFieldIndex has some bearing on the actual position of the field in its parent. Specifically, that if FD->getFieldIndex() + 1 == numFieldsIn(FD->getParent()), then FD is the last field in its parent. I can't find documentation on this guarantee though, so I'm happy to swap to walking the offsets of each field in FD->getParent() if we feel that would be a more robust approach.

lib/AST/ExprConstant.cpp
4455–4458

With the new approach, this change isn't even necessary anymore :)

6471

Good catch

6472–6473

You should also check that the designator refers to the most-derived object (that is, that Entries.size() == MostDerivedPathLength), because given

That's a fun case! Thanks for catching that.

Ideally, we should walk the designator and make sure that at each step we picked the last subobject (last array element, last field, ...) -- that is, we want to know that we're really looking at a trailing flexible array member, and not just a size-1 array in the middle of some object

That's the goal of the AtEndOfObject check below. :) I guess it would fail with things like union { char c[1]; int a; }; though. Added.

george.burgess.iv added a comment.Sep 24 2015, 1:26 PM

Friendly ping :)

mzolotukhin added a comment.Sep 27 2015, 12:35 PM

FWIW, I'm really interested in seeing this patch in!

Thanks,
Michael

george.burgess.iv added a comment.Oct 8 2015, 2:41 PM

Friendly Ping™

rsmith added inline comments.Oct 8 2015, 3:07 PM
lib/AST/ExprConstant.cpp
6313–6316

BaseType = getType(Base);

6317–6320

This seems like the wrong way to handle this case (we'll be computing the wrong type for such LValues in other cases). In LValueExprEvaluatorBase::VisitMemberExpr, we should use

Result.setInvalid(E);
return false;

instead of

Result.setInvalid(E->getBase());
// fall through to perform member access

I thought we'd already made that change, but it appears not.

6333–6335

You should check that the ArrayIndex is 1 in this case (a pointer to the __real__ component doesn't point to the end of the object).

6345–6350

Not updating BaseType will cause odd things to happen on the later iterations of this loop. You should probably just return false here.

george.burgess.iv updated this revision to Diff 36972.Oct 9 2015, 11:23 AM
george.burgess.iv marked 4 inline comments as done.

Addressed all feedback.

Also, updated object-size tests to use CHECK-LABEL instead of CHECK, because yay I’m learning how to do things properly.

lib/AST/ExprConstant.cpp
6333–6335

Nice catch!

rsmith accepted this revision.Oct 15 2015, 5:30 PM
rsmith edited edge metadata.

Some minor typographical comments.

Please add some tests for the union case, then this LGTM.

lib/AST/ExprConstant.cpp
6333–6336

OK, but please reflect that this is specific to __builtin_object_size in the name or at least doc comment for this function.

6361

This is missing a noun.

6362

I think this would be clearer if it were named hasNonemptyDesignator... or perhaps reverse the sense of it and name it refersToCompleteObject or similar?

This revision is now accepted and ready to land.Oct 15 2015, 5:30 PM
george.burgess.iv closed this revision.Oct 15 2015, 7:01 PM
george.burgess.iv marked 3 inline comments as done.

r250488. Thanks for the review!

Revision Contents

PathSize
lib/
AST/
157 lines
test/
CodeGen/
150 lines
34 lines

Diff 36972

lib/AST/ExprConstant.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 108 Lines▼ Show 20 Lines static bool isVirtualBaseClass(APValue::LValuePathEntry E) {
return getAsBaseOrMember(E).getInt(); return getAsBaseOrMember(E).getInt();
} }
/// Find the path length and type of the most-derived subobject in the given /// Find the path length and type of the most-derived subobject in the given
/// path, and find the size of the containing array, if any. /// path, and find the size of the containing array, if any.
static static
unsigned findMostDerivedSubobject(ASTContext &Ctx, QualType Base, unsigned findMostDerivedSubobject(ASTContext &Ctx, QualType Base,
ArrayRef<APValue::LValuePathEntry> Path, ArrayRef<APValue::LValuePathEntry> Path,
uint64_t &ArraySize, QualType &Type) { uint64_t &ArraySize, QualType &Type,
bool &IsArray) {
unsigned MostDerivedLength = 0; unsigned MostDerivedLength = 0;
Type = Base; Type = Base;
for (unsigned I = 0, N = Path.size(); I != N; ++I) { for (unsigned I = 0, N = Path.size(); I != N; ++I) {
if (Type->isArrayType()) { if (Type->isArrayType()) {
const ConstantArrayType *CAT = const ConstantArrayType *CAT =
cast<ConstantArrayType>(Ctx.getAsArrayType(Type)); cast<ConstantArrayType>(Ctx.getAsArrayType(Type));
Type = CAT->getElementType(); Type = CAT->getElementType();
ArraySize = CAT->getSize().getZExtValue(); ArraySize = CAT->getSize().getZExtValue();
MostDerivedLength = I + 1; MostDerivedLength = I + 1;
IsArray = true;
} else if (Type->isAnyComplexType()) { } else if (Type->isAnyComplexType()) {
const ComplexType *CT = Type->castAs<ComplexType>(); const ComplexType *CT = Type->castAs<ComplexType>();
Type = CT->getElementType(); Type = CT->getElementType();
ArraySize = 2; ArraySize = 2;
MostDerivedLength = I + 1; MostDerivedLength = I + 1;
IsArray = true;
} else if (const FieldDecl *FD = getAsField(Path[I])) { } else if (const FieldDecl *FD = getAsField(Path[I])) {
Type = FD->getType(); Type = FD->getType();
ArraySize = 0; ArraySize = 0;
MostDerivedLength = I + 1; MostDerivedLength = I + 1;
IsArray = false;
} else { } else {
// Path[I] describes a base class. // Path[I] describes a base class.
ArraySize = 0; ArraySize = 0;
IsArray = false;
} }
} }
return MostDerivedLength; return MostDerivedLength;
} }
// The order of this enum is important for diagnostics. // The order of this enum is important for diagnostics.
enum CheckSubobjectKind { enum CheckSubobjectKind {
CSK_Base, CSK_Derived, CSK_Field, CSK_ArrayToPointer, CSK_ArrayIndex, CSK_Base, CSK_Derived, CSK_Field, CSK_ArrayToPointer, CSK_ArrayIndex,
CSK_This, CSK_Real, CSK_Imag CSK_This, CSK_Real, CSK_Imag
}; };
/// A path from a glvalue to a subobject of that glvalue. /// A path from a glvalue to a subobject of that glvalue.
struct SubobjectDesignator { struct SubobjectDesignator {
/// True if the subobject was named in a manner not supported by C++11. Such /// True if the subobject was named in a manner not supported by C++11. Such
/// lvalues can still be folded, but they are not core constant expressions /// lvalues can still be folded, but they are not core constant expressions
/// and we cannot perform lvalue-to-rvalue conversions on them. /// and we cannot perform lvalue-to-rvalue conversions on them.
bool Invalid : 1; bool Invalid : 1;
/// Is this a pointer one past the end of an object? /// Is this a pointer one past the end of an object?
bool IsOnePastTheEnd : 1; bool IsOnePastTheEnd : 1;
/// Indicator of whether the most-derived object is an array element.
rsmithUnsubmitted
Done
ReplyInline Actions

array -> array element.

rsmith: array -> array element.
bool MostDerivedIsArrayElement : 1;
/// The length of the path to the most-derived object of which this is a /// The length of the path to the most-derived object of which this is a
/// subobject. /// subobject.
unsigned MostDerivedPathLength : 30; unsigned MostDerivedPathLength : 29;
/// The size of the array of which the most-derived object is an element, or /// The size of the array of which the most-derived object is an element.
/// 0 if the most-derived object is not an array element. /// This will always be 0 if the most-derived object is not an array
/// element. 0 is not an indicator of whether or not the most-derived object
/// is an array, however, because 0-length arrays are allowed.
uint64_t MostDerivedArraySize; uint64_t MostDerivedArraySize;
/// The type of the most derived object referred to by this address. /// The type of the most derived object referred to by this address.
QualType MostDerivedType; QualType MostDerivedType;
typedef APValue::LValuePathEntry PathEntry; typedef APValue::LValuePathEntry PathEntry;
/// The entries on the path from the glvalue to the designated subobject. /// The entries on the path from the glvalue to the designated subobject.
SmallVector<PathEntry, 8> Entries; SmallVector<PathEntry, 8> Entries;
SubobjectDesignator() : Invalid(true) {} SubobjectDesignator() : Invalid(true) {}
explicit SubobjectDesignator(QualType T) explicit SubobjectDesignator(QualType T)
: Invalid(false), IsOnePastTheEnd(false), MostDerivedPathLength(0), : Invalid(false), IsOnePastTheEnd(false),
MostDerivedIsArrayElement(false), MostDerivedPathLength(0),
MostDerivedArraySize(0), MostDerivedType(T) {} MostDerivedArraySize(0), MostDerivedType(T) {}
SubobjectDesignator(ASTContext &Ctx, const APValue &V) SubobjectDesignator(ASTContext &Ctx, const APValue &V)
: Invalid(!V.isLValue() || !V.hasLValuePath()), IsOnePastTheEnd(false), : Invalid(!V.isLValue() || !V.hasLValuePath()), IsOnePastTheEnd(false),
MostDerivedPathLength(0), MostDerivedArraySize(0) { MostDerivedIsArrayElement(false), MostDerivedPathLength(0),
MostDerivedArraySize(0) {
if (!Invalid) { if (!Invalid) {
IsOnePastTheEnd = V.isLValueOnePastTheEnd(); IsOnePastTheEnd = V.isLValueOnePastTheEnd();
ArrayRef<PathEntry> VEntries = V.getLValuePath(); ArrayRef<PathEntry> VEntries = V.getLValuePath();
Entries.insert(Entries.end(), VEntries.begin(), VEntries.end()); Entries.insert(Entries.end(), VEntries.begin(), VEntries.end());
if (V.getLValueBase()) if (V.getLValueBase()) {
bool IsArray = false;
MostDerivedPathLength = MostDerivedPathLength =
findMostDerivedSubobject(Ctx, getType(V.getLValueBase()), findMostDerivedSubobject(Ctx, getType(V.getLValueBase()),
V.getLValuePath(), MostDerivedArraySize, V.getLValuePath(), MostDerivedArraySize,
MostDerivedType); MostDerivedType, IsArray);
MostDerivedIsArrayElement = IsArray;
}
} }
} }
void setInvalid() { void setInvalid() {
Invalid = true; Invalid = true;
Entries.clear(); Entries.clear();
} }
/// Determine whether this is a one-past-the-end pointer. /// Determine whether this is a one-past-the-end pointer.
bool isOnePastTheEnd() const { bool isOnePastTheEnd() const {
assert(!Invalid); assert(!Invalid);
if (IsOnePastTheEnd) if (IsOnePastTheEnd)
return true; return true;
if (MostDerivedArraySize && if (MostDerivedIsArrayElement &&
Entries[MostDerivedPathLength - 1].ArrayIndex == MostDerivedArraySize) Entries[MostDerivedPathLength - 1].ArrayIndex == MostDerivedArraySize)
return true; return true;
return false; return false;
} }
/// Check that this refers to a valid subobject. /// Check that this refers to a valid subobject.
bool isValidSubobject() const { bool isValidSubobject() const {
if (Invalid) if (Invalid)
return false; return false;
return !isOnePastTheEnd(); return !isOnePastTheEnd();
} }
/// Check that this refers to a valid subobject, and if not, produce a /// Check that this refers to a valid subobject, and if not, produce a
/// relevant diagnostic and set the designator as invalid. /// relevant diagnostic and set the designator as invalid.
bool checkSubobject(EvalInfo &Info, const Expr *E, CheckSubobjectKind CSK); bool checkSubobject(EvalInfo &Info, const Expr *E, CheckSubobjectKind CSK);
/// Update this designator to refer to the first element within this array. /// Update this designator to refer to the first element within this array.
void addArrayUnchecked(const ConstantArrayType *CAT) { void addArrayUnchecked(const ConstantArrayType *CAT) {
PathEntry Entry; PathEntry Entry;
Entry.ArrayIndex = 0; Entry.ArrayIndex = 0;
Entries.push_back(Entry); Entries.push_back(Entry);
// This is a most-derived object. // This is a most-derived object.
MostDerivedType = CAT->getElementType(); MostDerivedType = CAT->getElementType();
MostDerivedIsArrayElement = true;
MostDerivedArraySize = CAT->getSize().getZExtValue(); MostDerivedArraySize = CAT->getSize().getZExtValue();
MostDerivedPathLength = Entries.size(); MostDerivedPathLength = Entries.size();
} }
/// Update this designator to refer to the given base or member of this /// Update this designator to refer to the given base or member of this
/// object. /// object.
void addDeclUnchecked(const Decl *D, bool Virtual = false) { void addDeclUnchecked(const Decl *D, bool Virtual = false) {
PathEntry Entry; PathEntry Entry;
APValue::BaseOrMemberType Value(D, Virtual); APValue::BaseOrMemberType Value(D, Virtual);
Entry.BaseOrMember = Value.getOpaqueValue(); Entry.BaseOrMember = Value.getOpaqueValue();
Entries.push_back(Entry); Entries.push_back(Entry);
// If this isn't a base class, it's a new most-derived object. // If this isn't a base class, it's a new most-derived object.
if (const FieldDecl *FD = dyn_cast<FieldDecl>(D)) { if (const FieldDecl *FD = dyn_cast<FieldDecl>(D)) {
MostDerivedType = FD->getType(); MostDerivedType = FD->getType();
MostDerivedIsArrayElement = false;
MostDerivedArraySize = 0; MostDerivedArraySize = 0;
MostDerivedPathLength = Entries.size(); MostDerivedPathLength = Entries.size();
} }
} }
/// Update this designator to refer to the given complex component. /// Update this designator to refer to the given complex component.
void addComplexUnchecked(QualType EltTy, bool Imag) { void addComplexUnchecked(QualType EltTy, bool Imag) {
PathEntry Entry; PathEntry Entry;
Entry.ArrayIndex = Imag; Entry.ArrayIndex = Imag;
Entries.push_back(Entry); Entries.push_back(Entry);
// This is technically a most-derived object, though in practice this // This is technically a most-derived object, though in practice this
// is unlikely to matter. // is unlikely to matter.
MostDerivedType = EltTy; MostDerivedType = EltTy;
MostDerivedIsArrayElement = true;
MostDerivedArraySize = 2; MostDerivedArraySize = 2;
MostDerivedPathLength = Entries.size(); MostDerivedPathLength = Entries.size();
} }
void diagnosePointerArithmetic(EvalInfo &Info, const Expr *E, uint64_t N); void diagnosePointerArithmetic(EvalInfo &Info, const Expr *E, uint64_t N);
/// Add N to the address of this subobject. /// Add N to the address of this subobject.
void adjustIndex(EvalInfo &Info, const Expr *E, uint64_t N) { void adjustIndex(EvalInfo &Info, const Expr *E, uint64_t N) {
if (Invalid) return; if (Invalid) return;
if (MostDerivedPathLength == Entries.size() && MostDerivedArraySize) { if (MostDerivedPathLength == Entries.size() &&
MostDerivedIsArrayElement) {
Entries.back().ArrayIndex += N; Entries.back().ArrayIndex += N;
if (Entries.back().ArrayIndex > MostDerivedArraySize) { if (Entries.back().ArrayIndex > MostDerivedArraySize) {
diagnosePointerArithmetic(Info, E, Entries.back().ArrayIndex); diagnosePointerArithmetic(Info, E, Entries.back().ArrayIndex);
setInvalid(); setInvalid();
} }
return; return;
} }
// [expr.add]p4: For the purposes of these operators, a pointer to a // [expr.add]p4: For the purposes of these operators, a pointer to a
▲ Show 20 LinesShow All 555 Lines▼ Show 20 Lines if (isOnePastTheEnd()) {
setInvalid(); setInvalid();
return false; return false;
} }
return true; return true;
} }
void SubobjectDesignator::diagnosePointerArithmetic(EvalInfo &Info, void SubobjectDesignator::diagnosePointerArithmetic(EvalInfo &Info,
const Expr *E, uint64_t N) { const Expr *E, uint64_t N) {
if (MostDerivedPathLength == Entries.size() && MostDerivedArraySize) if (MostDerivedPathLength == Entries.size() && MostDerivedIsArrayElement)
Info.CCEDiag(E, diag::note_constexpr_array_index) Info.CCEDiag(E, diag::note_constexpr_array_index)
<< static_cast<int>(N) << /*array*/ 0 << static_cast<int>(N) << /*array*/ 0
<< static_cast<unsigned>(MostDerivedArraySize); << static_cast<unsigned>(MostDerivedArraySize);
else else
Info.CCEDiag(E, diag::note_constexpr_array_index) Info.CCEDiag(E, diag::note_constexpr_array_index)
<< static_cast<int>(N) << /*non-array*/ 1; << static_cast<int>(N) << /*non-array*/ 1;
setInvalid(); setInvalid();
} }
▲ Show 20 LinesShow All 1,666 Lines▼ Show 20 Lines
/// Determine whether the given subobject designators refer to elements of the /// Determine whether the given subobject designators refer to elements of the
/// same array object. /// same array object.
static bool AreElementsOfSameArray(QualType ObjType, static bool AreElementsOfSameArray(QualType ObjType,
const SubobjectDesignator &A, const SubobjectDesignator &A,
const SubobjectDesignator &B) { const SubobjectDesignator &B) {
if (A.Entries.size() != B.Entries.size()) if (A.Entries.size() != B.Entries.size())
return false; return false;
bool IsArray = A.MostDerivedArraySize != 0; bool IsArray = A.MostDerivedIsArrayElement;
if (IsArray && A.MostDerivedPathLength != A.Entries.size()) if (IsArray && A.MostDerivedPathLength != A.Entries.size())
// A is a subobject of the array element. // A is a subobject of the array element.
return false; return false;
// If A (and B) designates an array element, the last entry will be the array // If A (and B) designates an array element, the last entry will be the array
// index. That doesn't have to match. Otherwise, we're in the 'implicit array // index. That doesn't have to match. Otherwise, we're in the 'implicit array
// of length 1' case, and the entire path must match. // of length 1' case, and the entire path must match.
bool WasArrayIndex; bool WasArrayIndex;
▲ Show 20 LinesShow All 1,882 Lines▼ Show 20 Lines if (E->isArrow()) {
BaseTy = E->getBase()->getType(); BaseTy = E->getBase()->getType();
} else { } else {
EvalOK = this->Visit(E->getBase()); EvalOK = this->Visit(E->getBase());
BaseTy = E->getBase()->getType(); BaseTy = E->getBase()->getType();
} }
if (!EvalOK) { if (!EvalOK) {
if (!this->Info.allowInvalidBaseExpr()) if (!this->Info.allowInvalidBaseExpr())
return false; return false;
Result.setInvalid(E->getBase()); Result.setInvalid(E);
return true;
} }
const ValueDecl *MD = E->getMemberDecl(); const ValueDecl *MD = E->getMemberDecl();
if (const FieldDecl *FD = dyn_cast<FieldDecl>(E->getMemberDecl())) { if (const FieldDecl *FD = dyn_cast<FieldDecl>(E->getMemberDecl())) {
assert(BaseTy->getAs<RecordType>()->getDecl()->getCanonicalDecl() == assert(BaseTy->getAs<RecordType>()->getDecl()->getCanonicalDecl() ==
FD->getParent()->getCanonicalDecl() && "record / field mismatch"); FD->getParent()->getCanonicalDecl() && "record / field mismatch");
(void)BaseTy; (void)BaseTy;
if (!HandleLValueMember(this->Info, E, Result, FD)) if (!HandleLValueMember(this->Info, E, Result, FD))
return false; return false;
} else if (const IndirectFieldDecl *IFD = dyn_cast<IndirectFieldDecl>(MD)) { } else if (const IndirectFieldDecl *IFD = dyn_cast<IndirectFieldDecl>(MD)) {
if (!HandleLValueIndirectMember(this->Info, E, Result, IFD)) if (!HandleLValueIndirectMember(this->Info, E, Result, IFD))
return false; return false;
} else } else
return this->Error(E); return this->Error(E);
if (MD->getType()->isReferenceType()) { if (MD->getType()->isReferenceType()) {
APValue RefValue; APValue RefValue;
if (!handleLValueToRValueConversion(this->Info, E, MD->getType(), Result, if (!handleLValueToRValueConversion(this->Info, E, MD->getType(), Result,
RefValue)) RefValue))
rsmithUnsubmitted
Done
ReplyInline Actions

I think you should bail out above, with the base set to the MemberExpr and with an empty designator, rather than applying a member designator on top of a base that already refers to the member (and then needing to undo the effect on the offset here).

rsmith: I think you should bail out above, with the base set to the `MemberExpr` and with an empty…
george.burgess.ivAuthorUnsubmitted
Not Done
ReplyInline Actions

With the new approach, this change isn't even necessary anymore :)

george.burgess.iv: With the new approach, this change isn't even necessary anymore :)
return false; return false;
return Success(RefValue, E); return Success(RefValue, E);
} }
return true; return true;
} }
bool VisitBinaryOperator(const BinaryOperator *E) { bool VisitBinaryOperator(const BinaryOperator *E) {
switch (E->getOpcode()) { switch (E->getOpcode()) {
▲ Show 20 LinesShow All 1,824 Lines▼ Show 20 Lines if (CastKind != CK_NoOp && CastKind != CK_BitCast &&
return NoParens; return NoParens;
auto *SubExpr = Cast->getSubExpr(); auto *SubExpr = Cast->getSubExpr();
if (!SubExpr->getType()->hasPointerRepresentation() || !SubExpr->isRValue()) if (!SubExpr->getType()->hasPointerRepresentation() || !SubExpr->isRValue())
return NoParens; return NoParens;
return ignorePointerCastsAndParens(SubExpr); return ignorePointerCastsAndParens(SubExpr);
} }
/// Checks to see if the given LValue's Designator is at the end of the LValue's
/// record layout. e.g.
/// struct { struct { int a, b; } fst, snd; } obj;
/// obj.fst // no
/// obj.snd // yes
/// obj.fst.a // no
/// obj.fst.b // no
/// obj.snd.a // no
/// obj.snd.b // yes
static bool isDesignatorAtObjectEnd(const ASTContext &Ctx, const LValue &LVal) {
assert(!LVal.Designator.Invalid);
auto IsLastFieldDecl = [&Ctx](const FieldDecl *FD) {
if (FD->getParent()->isUnion())
return true;
const ASTRecordLayout &Layout = Ctx.getASTRecordLayout(FD->getParent());
return FD->getFieldIndex() + 1 == Layout.getFieldCount();
};
rsmithUnsubmitted
Done
ReplyInline Actions

BaseType = getType(Base);

rsmith: `BaseType = getType(Base);`
auto &Base = LVal.getLValueBase();
if (auto *ME = dyn_cast_or_null<MemberExpr>(Base.dyn_cast<const Expr *>())) {
if (auto *FD = dyn_cast<FieldDecl>(ME->getMemberDecl())) {
rsmithUnsubmitted
Done
ReplyInline Actions

This seems like the wrong way to handle this case (we'll be computing the wrong type for such LValues in other cases). In LValueExprEvaluatorBase::VisitMemberExpr, we should use

Result.setInvalid(E);
return false;

instead of

Result.setInvalid(E->getBase());
// fall through to perform member access

I thought we'd already made that change, but it appears not.

rsmith: This seems like the wrong way to handle this case (we'll be computing the wrong type for such…
if (!IsLastFieldDecl(FD))
return false;
} else if (auto *IFD = dyn_cast<IndirectFieldDecl>(ME->getMemberDecl())) {
for (auto *FD : IFD->chain())
if (!IsLastFieldDecl(cast<FieldDecl>(FD)))
return false;
}
}
QualType BaseType = getType(Base);
for (int I = 0, E = LVal.Designator.Entries.size(); I != E; ++I) {
if (BaseType->isArrayType()) {
// Because __builtin_object_size treats arrays as objects, we can ignore
// the index iff this is the last array in the Designator.
if (I + 1 == E)
rsmithUnsubmitted
Done
ReplyInline Actions

You should check that the ArrayIndex is 1 in this case (a pointer to the __real__ component doesn't point to the end of the object).

rsmith: You should check that the `ArrayIndex` is 1 in this case (a pointer to the `__real__` component…
george.burgess.ivAuthorUnsubmitted
Not Done
ReplyInline Actions

Nice catch!

george.burgess.iv: Nice catch!
return true;
rsmithUnsubmitted
Done
ReplyInline Actions

OK, but please reflect that this is specific to __builtin_object_size in the name or at least doc comment for this function.

rsmith: OK, but please reflect that this is specific to `__builtin_object_size` in the name or at least…
auto *CAT = cast<ConstantArrayType>(Ctx.getAsArrayType(BaseType));
uint64_t Index = LVal.Designator.Entries[I].ArrayIndex;
if (Index + 1 != CAT->getSize())
return false;
BaseType = CAT->getElementType();
} else if (BaseType->isAnyComplexType()) {
auto *CT = BaseType->castAs<ComplexType>();
uint64_t Index = LVal.Designator.Entries[I].ArrayIndex;
if (Index != 1)
return false;
BaseType = CT->getElementType();
} else if (auto *FD = getAsField(LVal.Designator.Entries[I])) {
if (!IsLastFieldDecl(FD))
return false;
rsmithUnsubmitted
Done
ReplyInline Actions

Not updating BaseType will cause odd things to happen on the later iterations of this loop. You should probably just return false here.

rsmith: Not updating `BaseType` will cause odd things to happen on the later iterations of this loop.
BaseType = FD->getType();
} else {
assert(getAsBaseClass(LVal.Designator.Entries[I]) != nullptr &&
"Expecting cast to a base class");
return false;
}
}
return true;
}
/// Tests to see if the has a designator (that isn't necessarily valid).
rsmithUnsubmitted
Done
ReplyInline Actions

This is missing a noun.

rsmith: This is missing a noun.
static bool hasDesignator(const LValue &LVal) {
rsmithUnsubmitted
Done
ReplyInline Actions

I think this would be clearer if it were named hasNonemptyDesignator... or perhaps reverse the sense of it and name it refersToCompleteObject or similar?

rsmith: I think this would be clearer if it were named `hasNonemptyDesignator`... or perhaps reverse…
if (LVal.Designator.Invalid || !LVal.Designator.Entries.empty())
return true;
if (!LVal.InvalidBase)
return false;
auto *E = LVal.Base.dyn_cast<const Expr *>();
(void)E;
assert(E != nullptr && isa<MemberExpr>(E));
return true;
}
bool IntExprEvaluator::TryEvaluateBuiltinObjectSize(const CallExpr *E, bool IntExprEvaluator::TryEvaluateBuiltinObjectSize(const CallExpr *E,
unsigned Type) { unsigned Type) {
// Determine the denoted object. // Determine the denoted object.
LValue Base; LValue Base;
{ {
// The operand of __builtin_object_size is never evaluated for side-effects. // The operand of __builtin_object_size is never evaluated for side-effects.
// If there are any, but we can determine the pointed-to object anyway, then // If there are any, but we can determine the pointed-to object anyway, then
// ignore the side-effects. // ignore the side-effects.
SpeculativeEvaluationRAII SpeculativeEval(Info); SpeculativeEvaluationRAII SpeculativeEval(Info);
FoldOffsetRAII Fold(Info, Type & 1); FoldOffsetRAII Fold(Info, Type & 1);
const Expr *Ptr = ignorePointerCastsAndParens(E->getArg(0)); const Expr *Ptr = ignorePointerCastsAndParens(E->getArg(0));
if (!EvaluatePointer(Ptr, Base, Info)) if (!EvaluatePointer(Ptr, Base, Info))
return false; return false;
} }
CharUnits BaseOffset = Base.getLValueOffset(); CharUnits BaseOffset = Base.getLValueOffset();
// If we point to before the start of the object, there are no accessible // If we point to before the start of the object, there are no accessible
// bytes. // bytes.
if (BaseOffset.isNegative()) if (BaseOffset.isNegative())
return Success(0, E); return Success(0, E);
// In the case where we're not dealing with a subobject, we discard the // In the case where we're not dealing with a subobject, we discard the
// subobject bit. // subobject bit.
if (!Base.Designator.Invalid && Base.Designator.Entries.empty()) bool SubobjectOnly = (Type & 1) != 0 && hasDesignator(Base);
Type = Type & ~1U;
// If Type & 1 is 0, we need to be able to statically guarantee that the bytes // If Type & 1 is 0, we need to be able to statically guarantee that the bytes
// exist. If we can't verify the base, then we can't do that. // exist. If we can't verify the base, then we can't do that.
// //
// As a special case, we produce a valid object size for an unknown object // As a special case, we produce a valid object size for an unknown object
// with a known designator if Type & 1 is 1. For instance: // with a known designator if Type & 1 is 1. For instance:
// //
// extern struct X { char buff[32]; int a, b, c; } *p; // extern struct X { char buff[32]; int a, b, c; } *p;
// int a = __builtin_object_size(p->buff + 4, 3); // returns 28 // int a = __builtin_object_size(p->buff + 4, 3); // returns 28
// int b = __builtin_object_size(p->buff + 4, 2); // returns 0, not 40 // int b = __builtin_object_size(p->buff + 4, 2); // returns 0, not 40
// //
// This matches GCC's behavior. // This matches GCC's behavior.
if ((Type & 1) == 0 && Base.InvalidBase) if (Base.InvalidBase && !SubobjectOnly)
return Error(E); return Error(E);
// If Type & 1 is 0, the object in question is the complete object; reset to // If we're not examining only the subobject, then we reset to a complete
// a complete object designator in that case. // object designator
// //
// If Type is 1 and we've lost track of the subobject, just find the complete // If Type is 1 and we've lost track of the subobject, just find the complete
// object instead. (If Type is 3, that's not correct behavior and we should // object instead. (If Type is 3, that's not correct behavior and we should
// return 0 instead.) // return 0 instead.)
LValue End = Base; LValue End = Base;
if (((Type & 1) == 0) || (End.Designator.Invalid && Type == 1)) { if (!SubobjectOnly || (End.Designator.Invalid && Type == 1)) {
QualType T = getObjectType(End.getLValueBase()); QualType T = getObjectType(End.getLValueBase());
if (T.isNull()) if (T.isNull())
End.Designator.setInvalid(); End.Designator.setInvalid();
else { else {
End.Designator = SubobjectDesignator(T); End.Designator = SubobjectDesignator(T);
End.Offset = CharUnits::Zero(); End.Offset = CharUnits::Zero();
} }
} }
// If it is not possible to determine which objects ptr points to at compile // If it is not possible to determine which objects ptr points to at compile
// time, __builtin_object_size should return (size_t) -1 for type 0 or 1 // time, __builtin_object_size should return (size_t) -1 for type 0 or 1
// and (size_t) 0 for type 2 or 3. // and (size_t) 0 for type 2 or 3.
if (End.Designator.Invalid) if (End.Designator.Invalid)
return false; return false;
// According to the GCC documentation, we want the size of the subobject // According to the GCC documentation, we want the size of the subobject
// denoted by the pointer. But that's not quite right -- what we actually // denoted by the pointer. But that's not quite right -- what we actually
// want is the size of the immediately-enclosing array, if there is one. // want is the size of the immediately-enclosing array, if there is one.
int64_t AmountToAdd = 1; int64_t AmountToAdd = 1;
if (End.Designator.MostDerivedArraySize && if (End.Designator.MostDerivedIsArrayElement &&
End.Designator.Entries.size() == End.Designator.MostDerivedPathLength) { End.Designator.Entries.size() == End.Designator.MostDerivedPathLength) {
// We got a pointer to an array. Step to its end. // We got a pointer to an array. Step to its end.
AmountToAdd = End.Designator.MostDerivedArraySize - AmountToAdd = End.Designator.MostDerivedArraySize -
End.Designator.Entries.back().ArrayIndex; End.Designator.Entries.back().ArrayIndex;
} else if (End.Designator.isOnePastTheEnd()) { } else if (End.Designator.isOnePastTheEnd()) {
// We're already pointing at the end of the object. // We're already pointing at the end of the object.
AmountToAdd = 0; AmountToAdd = 0;
} }
QualType PointeeType = End.Designator.MostDerivedType; QualType PointeeType = End.Designator.MostDerivedType;
assert(!PointeeType.isNull()); assert(!PointeeType.isNull());
if (PointeeType->isIncompleteType() || PointeeType->isFunctionType()) if (PointeeType->isIncompleteType() || PointeeType->isFunctionType())
return Error(E); return Error(E);
if (!HandleLValueArrayAdjustment(Info, E, End, End.Designator.MostDerivedType, if (!HandleLValueArrayAdjustment(Info, E, End, End.Designator.MostDerivedType,
AmountToAdd)) AmountToAdd))
return false; return false;
auto EndOffset = End.getLValueOffset(); auto EndOffset = End.getLValueOffset();
// The following is a moderately common idiom in C:
//
// struct Foo { int a; char c[1]; };
// struct Foo *F = (struct Foo *)malloc(sizeof(struct Foo) + strlen(Bar));
// strcpy(&F->c[0], Bar);
//
// So, if we see that we're examining a 1-length (or 0-length) array at the
// end of a struct with an unknown base, we give up instead of breaking code
// that behaves this way. Note that we only do this when Type=1, because
// Type=3 is a lower bound, so answering conservatively is fine.
rsmithUnsubmitted
Done
ReplyInline Actions

This only seems necessary when Type is 1; for type 3, returning 1 would be conservatively correct as a lower bound on the known-accessible storage, and is better than giving up here and evaluating the object size as 0.

rsmith: This only seems necessary when `Type` is 1; for type 3, returning 1 would be conservatively…
george.burgess.ivAuthorUnsubmitted
Not Done
ReplyInline Actions

Good catch

george.burgess.iv: Good catch
if (End.InvalidBase && SubobjectOnly && Type == 1 &&
End.Designator.Entries.size() == End.Designator.MostDerivedPathLength &&
rsmithUnsubmitted
Done
ReplyInline Actions

Ideally, we should walk the designator and make sure that at each step we picked the last subobject (last array element, last field, ...) -- that is, we want to know that we're really looking at a trailing flexible array member, and not just a size-1 array in the middle of some object.

You should also check that the designator refers to the most-derived object (that is, that Entries.size() == MostDerivedPathLength), because given:

struct A { char buffer[10]; };
struct B : A {};
struct C { B b[1]; } *c;
int m = __builtin_object_size(c->b[0], 1);
int n = __builtin_object_size((A*)c->b[0], 1);

... we should presumably compute m == -1 but n == 10, because for n the A subobject of the B object is known to have size 10, even though we're looking at a base subobject of a size-1 trailing array.

rsmith: Ideally, we should walk the designator and make sure that at each step we picked the last…
george.burgess.ivAuthorUnsubmitted
Not Done
ReplyInline Actions

You should also check that the designator refers to the most-derived object (that is, that Entries.size() == MostDerivedPathLength), because given

That's a fun case! Thanks for catching that.

Ideally, we should walk the designator and make sure that at each step we picked the last subobject (last array element, last field, ...) -- that is, we want to know that we're really looking at a trailing flexible array member, and not just a size-1 array in the middle of some object

That's the goal of the AtEndOfObject check below. :) I guess it would fail with things like union { char c[1]; int a; }; though. Added.

george.burgess.iv: > You should also check that the designator refers to the most-derived object (that is, that…
End.Designator.MostDerivedIsArrayElement &&
End.Designator.MostDerivedArraySize < 2 &&
isDesignatorAtObjectEnd(Info.Ctx, End))
return false;
if (BaseOffset > EndOffset) if (BaseOffset > EndOffset)
return Success(0, E); return Success(0, E);
return Success(EndOffset - BaseOffset, E); return Success(EndOffset - BaseOffset, E);
} }
bool IntExprEvaluator::VisitCallExpr(const CallExpr *E) { bool IntExprEvaluator::VisitCallExpr(const CallExpr *E) {
switch (unsigned BuiltinOp = E->getBuiltinCallee()) { switch (unsigned BuiltinOp = E->getBuiltinCallee()) {
▲ Show 20 LinesShow All 2,990 LinesShow Last 20 Lines

test/CodeGen/object-size.c

Show First 20 LinesShow All 121 Lines▼ Show 20 Lines
// CHECK-LABEL: define void @test16 // CHECK-LABEL: define void @test16
void test16() { void test16() {
// CHECK-NOT: __strcpy_chk // CHECK-NOT: __strcpy_chk
// CHECK: = call i8* @__inline_strcpy_chk(i8* %{{.*}}, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str, i32 0, i32 0)) // CHECK: = call i8* @__inline_strcpy_chk(i8* %{{.*}}, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str, i32 0, i32 0))
strcpy(gp += 1, "Hi there"); strcpy(gp += 1, "Hi there");
} }
// CHECK: @test17 // CHECK-LABEL: @test17
void test17() { void test17() {
// CHECK: store i32 -1 // CHECK: store i32 -1
gi = __builtin_object_size(gp++, 0); gi = __builtin_object_size(gp++, 0);
// CHECK: store i32 -1 // CHECK: store i32 -1
gi = __builtin_object_size(gp++, 1); gi = __builtin_object_size(gp++, 1);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(gp++, 2); gi = __builtin_object_size(gp++, 2);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(gp++, 3); gi = __builtin_object_size(gp++, 3);
} }
// CHECK: @test18 // CHECK-LABEL: @test18
unsigned test18(int cond) { unsigned test18(int cond) {
int a[4], b[4]; int a[4], b[4];
// CHECK: phi i32* // CHECK: phi i32*
// CHECK: call i64 @llvm.objectsize.i64 // CHECK: call i64 @llvm.objectsize.i64
return __builtin_object_size(cond ? a : b, 0); return __builtin_object_size(cond ? a : b, 0);
} }
// CHECK: @test19 // CHECK-LABEL: @test19
void test19() { void test19() {
struct { struct {
int a, b; int a, b;
} foo; } foo;
// CHECK: store i32 8 // CHECK: store i32 8
gi = __builtin_object_size(&foo.a, 0); gi = __builtin_object_size(&foo.a, 0);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size(&foo.a, 1); gi = __builtin_object_size(&foo.a, 1);
// CHECK: store i32 8 // CHECK: store i32 8
gi = __builtin_object_size(&foo.a, 2); gi = __builtin_object_size(&foo.a, 2);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size(&foo.a, 3); gi = __builtin_object_size(&foo.a, 3);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size(&foo.b, 0); gi = __builtin_object_size(&foo.b, 0);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size(&foo.b, 1); gi = __builtin_object_size(&foo.b, 1);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size(&foo.b, 2); gi = __builtin_object_size(&foo.b, 2);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size(&foo.b, 3); gi = __builtin_object_size(&foo.b, 3);
} }
// CHECK: @test20 // CHECK-LABEL: @test20
void test20() { void test20() {
struct { int t[10]; } t[10]; struct { int t[10]; } t[10];
// CHECK: store i32 380 // CHECK: store i32 380
gi = __builtin_object_size(&t[0].t[5], 0); gi = __builtin_object_size(&t[0].t[5], 0);
// CHECK: store i32 20 // CHECK: store i32 20
gi = __builtin_object_size(&t[0].t[5], 1); gi = __builtin_object_size(&t[0].t[5], 1);
// CHECK: store i32 380 // CHECK: store i32 380
gi = __builtin_object_size(&t[0].t[5], 2); gi = __builtin_object_size(&t[0].t[5], 2);
// CHECK: store i32 20 // CHECK: store i32 20
gi = __builtin_object_size(&t[0].t[5], 3); gi = __builtin_object_size(&t[0].t[5], 3);
} }
// CHECK: @test21 // CHECK-LABEL: @test21
void test21() { void test21() {
struct { int t; } t; struct { int t; } t;
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t + 1, 0); gi = __builtin_object_size(&t + 1, 0);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t + 1, 1); gi = __builtin_object_size(&t + 1, 1);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t + 1, 2); gi = __builtin_object_size(&t + 1, 2);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t + 1, 3); gi = __builtin_object_size(&t + 1, 3);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t.t + 1, 0); gi = __builtin_object_size(&t.t + 1, 0);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t.t + 1, 1); gi = __builtin_object_size(&t.t + 1, 1);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t.t + 1, 2); gi = __builtin_object_size(&t.t + 1, 2);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t.t + 1, 3); gi = __builtin_object_size(&t.t + 1, 3);
} }
// CHECK: @test22 // CHECK-LABEL: @test22
void test22() { void test22() {
struct { int t[10]; } t[10]; struct { int t[10]; } t[10];
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t[10], 0); gi = __builtin_object_size(&t[10], 0);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t[10], 1); gi = __builtin_object_size(&t[10], 1);
// CHECK: store i32 0 // CHECK: store i32 0
Show All 26 Linesvoid test22() {
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size((char*)&t[9].t[0] + 10*sizeof(t[0].t), 2); gi = __builtin_object_size((char*)&t[9].t[0] + 10*sizeof(t[0].t), 2);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size((char*)&t[9].t[0] + 10*sizeof(t[0].t), 3); gi = __builtin_object_size((char*)&t[9].t[0] + 10*sizeof(t[0].t), 3);
} }
struct Test23Ty { int a; int t[10]; }; struct Test23Ty { int a; int t[10]; };
// CHECK: @test23 // CHECK-LABEL: @test23
void test23(struct Test23Ty *p) { void test23(struct Test23Ty *p) {
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(p, 0); gi = __builtin_object_size(p, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(p, 1); gi = __builtin_object_size(p, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(p, 2); gi = __builtin_object_size(p, 2);
// Note: this is currently fixed at 0 because LLVM doesn't have sufficient // Note: this is currently fixed at 0 because LLVM doesn't have sufficient
Show All 16 Linesvoid test23(struct Test23Ty *p) {
gi = __builtin_object_size(&p->t[5], 1); gi = __builtin_object_size(&p->t[5], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(&p->t[5], 2); gi = __builtin_object_size(&p->t[5], 2);
// CHECK: store i32 20 // CHECK: store i32 20
gi = __builtin_object_size(&p->t[5], 3); gi = __builtin_object_size(&p->t[5], 3);
} }
// PR24493 -- ICE if __builtin_object_size called with NULL and (Type & 1) != 0 // PR24493 -- ICE if __builtin_object_size called with NULL and (Type & 1) != 0
// CHECK: @test24 // CHECK-LABEL: @test24
void test24() { void test24() {
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
gi = __builtin_object_size((void*)0, 0); gi = __builtin_object_size((void*)0, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
gi = __builtin_object_size((void*)0, 1); gi = __builtin_object_size((void*)0, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 true) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 true)
gi = __builtin_object_size((void*)0, 2); gi = __builtin_object_size((void*)0, 2);
// Note: Currently fixed at zero because LLVM can't handle type=3 correctly. // Note: Currently fixed at zero because LLVM can't handle type=3 correctly.
// Hopefully will be lowered properly in the future. // Hopefully will be lowered properly in the future.
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size((void*)0, 3); gi = __builtin_object_size((void*)0, 3);
} }
// CHECK: @test25 // CHECK-LABEL: @test25
void test25() { void test25() {
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
gi = __builtin_object_size((void*)0x1000, 0); gi = __builtin_object_size((void*)0x1000, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
gi = __builtin_object_size((void*)0x1000, 1); gi = __builtin_object_size((void*)0x1000, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 true) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 true)
gi = __builtin_object_size((void*)0x1000, 2); gi = __builtin_object_size((void*)0x1000, 2);
// Note: Currently fixed at zero because LLVM can't handle type=3 correctly. // Note: Currently fixed at zero because LLVM can't handle type=3 correctly.
// Hopefully will be lowered properly in the future. // Hopefully will be lowered properly in the future.
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size((void*)0x1000, 3); gi = __builtin_object_size((void*)0x1000, 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
gi = __builtin_object_size((void*)0 + 0x1000, 0); gi = __builtin_object_size((void*)0 + 0x1000, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
gi = __builtin_object_size((void*)0 + 0x1000, 1); gi = __builtin_object_size((void*)0 + 0x1000, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 true) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 true)
gi = __builtin_object_size((void*)0 + 0x1000, 2); gi = __builtin_object_size((void*)0 + 0x1000, 2);
// Note: Currently fixed at zero because LLVM can't handle type=3 correctly. // Note: Currently fixed at zero because LLVM can't handle type=3 correctly.
// Hopefully will be lowered properly in the future. // Hopefully will be lowered properly in the future.
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size((void*)0 + 0x1000, 3); gi = __builtin_object_size((void*)0 + 0x1000, 3);
} }
// CHECK: @test26 // CHECK-LABEL: @test26
void test26() { void test26() {
struct { int v[10]; } t[10]; struct { int v[10]; } t[10];
// CHECK: store i32 316 // CHECK: store i32 316
gi = __builtin_object_size(&t[1].v[11], 0); gi = __builtin_object_size(&t[1].v[11], 0);
// CHECK: store i32 312 // CHECK: store i32 312
gi = __builtin_object_size(&t[1].v[12], 1); gi = __builtin_object_size(&t[1].v[12], 1);
// CHECK: store i32 308 // CHECK: store i32 308
gi = __builtin_object_size(&t[1].v[13], 2); gi = __builtin_object_size(&t[1].v[13], 2);
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&t[1].v[14], 3); gi = __builtin_object_size(&t[1].v[14], 3);
} }
struct Test27IncompleteTy; struct Test27IncompleteTy;
// CHECK: @test27 // CHECK-LABEL: @test27
void test27(struct Test27IncompleteTy *t) { void test27(struct Test27IncompleteTy *t) {
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(t, 0); gi = __builtin_object_size(t, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(t, 1); gi = __builtin_object_size(t, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true) // CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(t, 2); gi = __builtin_object_size(t, 2);
// Note: this is currently fixed at 0 because LLVM doesn't have sufficient // Note: this is currently fixed at 0 because LLVM doesn't have sufficient
Show All 10 Linesvoid test27(struct Test27IncompleteTy *t) {
// Note: this is currently fixed at 0 because LLVM doesn't have sufficient // Note: this is currently fixed at 0 because LLVM doesn't have sufficient
// data to correctly handle type=3 // data to correctly handle type=3
// CHECK: store i32 0 // CHECK: store i32 0
gi = __builtin_object_size(&test27, 3); gi = __builtin_object_size(&test27, 3);
} }
// The intent of this test is to ensure that __builtin_object_size treats `&foo` // The intent of this test is to ensure that __builtin_object_size treats `&foo`
// and `(T*)&foo` identically, when used as the pointer argument. // and `(T*)&foo` identically, when used as the pointer argument.
// CHECK: @test28 // CHECK-LABEL: @test28
void test28() { void test28() {
struct { int v[10]; } t[10]; struct { int v[10]; } t[10];
#define addCasts(s) ((char*)((short*)(s))) #define addCasts(s) ((char*)((short*)(s)))
// CHECK: store i32 360 // CHECK: store i32 360
gi = __builtin_object_size(addCasts(&t[1]), 0); gi = __builtin_object_size(addCasts(&t[1]), 0);
// CHECK: store i32 360 // CHECK: store i32 360
gi = __builtin_object_size(addCasts(&t[1]), 1); gi = __builtin_object_size(addCasts(&t[1]), 1);
// CHECK: store i32 360 // CHECK: store i32 360
gi = __builtin_object_size(addCasts(&t[1]), 2); gi = __builtin_object_size(addCasts(&t[1]), 2);
// CHECK: store i32 360 // CHECK: store i32 360
gi = __builtin_object_size(addCasts(&t[1]), 3); gi = __builtin_object_size(addCasts(&t[1]), 3);
// CHECK: store i32 356 // CHECK: store i32 356
gi = __builtin_object_size(addCasts(&t[1].v[1]), 0); gi = __builtin_object_size(addCasts(&t[1].v[1]), 0);
// CHECK: store i32 36 // CHECK: store i32 36
gi = __builtin_object_size(addCasts(&t[1].v[1]), 1); gi = __builtin_object_size(addCasts(&t[1].v[1]), 1);
// CHECK: store i32 356 // CHECK: store i32 356
gi = __builtin_object_size(addCasts(&t[1].v[1]), 2); gi = __builtin_object_size(addCasts(&t[1].v[1]), 2);
// CHECK: store i32 36 // CHECK: store i32 36
gi = __builtin_object_size(addCasts(&t[1].v[1]), 3); gi = __builtin_object_size(addCasts(&t[1].v[1]), 3);
#undef addCasts #undef addCasts
} }
struct DynStructVar {
char fst[16];
char snd[];
};
struct DynStruct0 {
char fst[16];
char snd[0];
};
struct DynStruct1 {
char fst[16];
char snd[1];
};
struct StaticStruct {
char fst[16];
char snd[2];
};
// CHECK-LABEL: @test29
void test29(struct DynStructVar *dv, struct DynStruct0 *d0,
struct DynStruct1 *d1, struct StaticStruct *ss) {
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(dv->snd, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(dv->snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(dv->snd, 2);
// CHECK: store i32 0
gi = __builtin_object_size(dv->snd, 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(d0->snd, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(d0->snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(d0->snd, 2);
// CHECK: store i32 0
gi = __builtin_object_size(d0->snd, 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(d1->snd, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(d1->snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(d1->snd, 2);
// CHECK: store i32 1
gi = __builtin_object_size(d1->snd, 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(ss->snd, 0);
// CHECK: store i32 2
gi = __builtin_object_size(ss->snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(ss->snd, 2);
// CHECK: store i32 2
gi = __builtin_object_size(ss->snd, 3);
}
// CHECK-LABEL: @test30
void test30() {
struct { struct DynStruct1 fst, snd; } *nested;
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(nested->fst.snd, 0);
// CHECK: store i32 1
gi = __builtin_object_size(nested->fst.snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(nested->fst.snd, 2);
// CHECK: store i32 1
gi = __builtin_object_size(nested->fst.snd, 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(nested->snd.snd, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(nested->snd.snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(nested->snd.snd, 2);
// CHECK: store i32 1
gi = __builtin_object_size(nested->snd.snd, 3);
union { struct DynStruct1 d1; char c[1]; } *u;
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(u->c, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(u->c, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(u->c, 2);
// CHECK: store i32 1
gi = __builtin_object_size(u->c, 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(u->d1.snd, 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(u->d1.snd, 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(u->d1.snd, 2);
// CHECK: store i32 1
gi = __builtin_object_size(u->d1.snd, 3);
}
// CHECK-LABEL: @test31
void test31() {
// Miscellaneous 'writing off the end' detection tests
struct DynStructVar *dsv;
struct DynStruct0 *ds0;
struct DynStruct1 *ds1;
struct StaticStruct *ss;
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(ds1[9].snd, 1);
// CHECH: store i32 2
gi = __builtin_object_size(&ss[9].snd[0], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(&ds1[9].snd[0], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(&ds0[9].snd[0], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(&dsv[9].snd[0], 1);
}

test/CodeGen/object-size.cpp

Show All 22 Linesvoid test1() {
// CHECK: store i32 8 // CHECK: store i32 8
gi = __builtin_object_size((char*)&c, 0); gi = __builtin_object_size((char*)&c, 0);
// CHECK: store i32 8 // CHECK: store i32 8
gi = __builtin_object_size((char*)(A*)&c, 0); gi = __builtin_object_size((char*)(A*)&c, 0);
// CHECK: store i32 4 // CHECK: store i32 4
gi = __builtin_object_size((char*)(B*)&c, 0); gi = __builtin_object_size((char*)(B*)&c, 0);
} }
// CHECK-LABEL: define void @_Z5test2v()
void test2() {
struct A { char buf[16]; };
struct B : A {};
struct C { int i; B bs[1]; } *c;
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(&c->bs[0], 0);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(&c->bs[0], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(&c->bs[0], 2);
// CHECK: store i32 16
gi = __builtin_object_size(&c->bs[0], 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size((A*)&c->bs[0], 0);
// CHECK: store i32 16
gi = __builtin_object_size((A*)&c->bs[0], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size((A*)&c->bs[0], 2);
// CHECK: store i32 16
gi = __builtin_object_size((A*)&c->bs[0], 3);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 false)
gi = __builtin_object_size(&c->bs[0].buf[0], 0);
// CHECK: store i32 16
gi = __builtin_object_size(&c->bs[0].buf[0], 1);
// CHECK: call i64 @llvm.objectsize.i64.p0i8(i8* %{{.*}}, i1 true)
gi = __builtin_object_size(&c->bs[0].buf[0], 2);
// CHECK: store i32 16
gi = __builtin_object_size(&c->bs[0].buf[0], 3);
}