This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
docs/
-
ReleaseNotes.rst
-
include/clang/
-
clang/
-
AST/
7/8
Decl.h
2/2
DeclBase.h
-
Basic/
12/13
Attr.td
11/11
AttrDocs.td
6/8
DiagnosticSemaKinds.td
-
Sema/
-
Sema.h
-
lib/
-
AST/
7/7
ASTImporter.cpp
5/5
DeclBase.cpp
1
Expr.cpp
-
CodeGen/
7/7
CGBuiltin.cpp
12/12
CGExpr.cpp
2/2
CodeGenFunction.h
-
Sema/
21/31
SemaDecl.cpp
1/3
SemaDeclAttr.cpp
-
test/
-
CodeGen/
6/9
attr-counted-by.c
-
Misc/
-
pragma-attribute-supported-attributes-list.test
-
Sema/
3/5
attr-counted-by.c

Differential D148381

[Clang] Implement the 'counted_by' attribute
ClosedPublic

Authored by void on Apr 14 2023, 2:27 PM.

Download Raw Diff

Details

Reviewers

kees
nickdesaulniers
shafik
aaron.ballman
rapidsna
fcloutier
efriedma
rjmccall
erichkeane

Commits

rG769bc11f684d: [Clang] Implement the 'counted_by' attribute (#68750)
rG9a954c693573: [Clang] Implement the 'counted_by' attribute

Summary

The 'counted_by' attribute is used on flexible array members. The
argument for the attribute is the name of the field member in the same
structure holding the count of elements in the flexible array. This
information can be used to improve the results of the array bound sanitizer
and the '__builtin_dynamic_object_size' builtin.

This example specifies the that the flexible array member 'array' has the
number of elements allocated for it in 'count':

struct bar;
struct foo {
  size_t count;
   /* ... */
  struct bar *array[] __attribute__((counted_by(count)));
};

This establishes a relationship between 'array' and 'count', specifically
that 'p->array' must have *at least* 'p->count' number of elements available.
It's the user's responsibility to ensure that this relationship is maintained
through changes to the structure.

In the following, the allocated array erroneously has fewer elements than
what's specified by 'p->count'. This would result in an out-of-bounds access not
not being detected:

struct foo *p;

void foo_alloc(size_t count) {
  p = malloc(MAX(sizeof(struct foo),
                 offsetof(struct foo, array[0]) + count *
                     sizeof(struct bar *)));
  p->count = count + 42;
}

The next example updates 'p->count', breaking the relationship requirement that
'p->array' must have at least 'p->count' number of elements available:

struct foo *p;

void foo_alloc(size_t count) {
  p = malloc(MAX(sizeof(struct foo),
                 offsetof(struct foo, array[0]) + count *
                     sizeof(struct bar *)));
  p->count = count + 42;
}

void use_foo(int index) {
  p->count += 42;
  p->array[index] = 0; /* The sanitizer cannot properly check this access */
}

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

nickdesaulniers added a subscriber: serge-sans-paille.Aug 29 2023, 9:08 AM

Jumping a bit late in the thread, apologize in advance if I missed something.

The GCC version of the attributes seems to be element_count (as found in the link https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 mentionned by @kees) I guess we could align (I personally prefer the GCC name, FWIW)

I may be wrong , but it seems to me that there is nothing specific to FAM there, and this would work as well for

struct foo {
  size_t num_elements;
   // ...
  struct bar ** data __attribute__((counted_by(num_elements)));
};

struct foo make_foo(size_t num_elements) {
struct foo f;
  f.data = malloc(num_elements *
                         sizeof(struct bar *));

  f.num_elements = num_elements;
  return f;
}

Which makes us very close to:

void stuff(int n, int *data __attribute__((counted_by(n)))) {
    for(int i = 0; i < n; ++i)
      other_stuff(data[i]);
}

which is very close to VLA, right?

clang/lib/AST/Expr.cpp
286	I really like this cleanup!

In D148381#4626229, @serge-sans-paille wrote:

Jumping a bit late in the thread, apologize in advance if I missed something.

The GCC version of the attributes seems to be element_count (as found in the link https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 mentionned by @kees) I guess we could align (I personally prefer the GCC name, FWIW)

Qing Zhao has been sending out patches to gcc-patches@, so I've been trying to follow those as much as possible. I plan to go through my implementation to ensure that I copy hers as much as possible. See the thread here: https://gcc.gnu.org/pipermail/gcc-patches/2023-August/626376.html

I may be wrong , but it seems to me that there is nothing specific to FAM there, and this would work as well for

struct foo {
  size_t num_elements;
   // ...
  struct bar ** data __attribute__((counted_by(num_elements)));
};

struct foo make_foo(size_t num_elements) {
struct foo f;
  f.data = malloc(num_elements *
                         sizeof(struct bar *));

  f.num_elements = num_elements;
  return f;
}

Which makes us very close to:

void stuff(int n, int *data __attribute__((counted_by(n)))) {
    for(int i = 0; i < n; ++i)
      other_stuff(data[i]);
}

which is very close to VLA, right?

Yeah. It could definitely be extended to the Apple RFC (which is similar to your example).

In D148381#4625462, @nickdesaulniers wrote:

I assume you plan to add some clang CodeGen tests at some point?

Yes. :-)

clang/lib/CodeGen/CodeGenFunction.h
527–528	Ah! Thanks for catching this. I had trouble with this scoping mechanism and for a while used a reference counting method to get around it, but put it back to its previous impl, except for this. I still think the `SanitizerScope` needs work, but that's beyond this project.
clang/lib/Sema/SemaDecl.cpp
18027	I prefer it this way in this case (actually, I wish C++ had a way to combine those two `if`'s into one). But it's not a big deal.
18046	That should be an error. I'll add that as a check.

Fix some issues Nick pointed out.

Harbormaster completed remote builds in B255657: Diff 554533.Aug 29 2023, 8:57 PM

Add more diagnostics.

Coming next: testcases!!!

Add testcases.

Harbormaster completed remote builds in B255847: Diff 554792.Aug 30 2023, 12:35 PM

Add a few more tests to the codegen testcase.

Harbormaster completed remote builds in B256111: Diff 555169.Aug 31 2023, 3:09 PM

Remove un-needed change.

Harbormaster completed remote builds in B256120: Diff 555180.Aug 31 2023, 4:00 PM

Fix testcase.

Harbormaster completed remote builds in B256152: Diff 555219.Aug 31 2023, 7:11 PM

void retitled this revision from [WIP][Clang] Add counted_by attribute to [Clang] Add counted_by attribute.Sep 5 2023, 1:13 PM

Update documentation. Cribbed off of Qing Zhao's GCC implementation.

Harbormaster completed remote builds in B256656: Diff 555946.Sep 5 2023, 3:42 PM

This is now ready for a non-WIP review. PTAL. :-)

Will gcc use counted_by or element_count ?

In D148381#4639436, @xbolva00 wrote:

Will gcc use counted_by or element_count ?

GCC is using __counted_by: https://gcc.gnu.org/pipermail/gcc-patches/2023-August/628459.html

kees mentioned this in D144136: Add a "remark" to report on array accesses.Sep 6 2023, 10:55 AM

I can generate warnings for anonymous structs were the __counted_by member is reported as "not found". For example:

little.c:7:28: warning: counted_by field 'count' not found
    7 |                 int array[] __counted_by(count);
      |                                          ^~~~~

For this:

#define __counted_by(member)   __attribute__((__counted_by__(member)))

struct anon {
        unsigned long flags;
        struct {
                unsigned char count;
                int array[] __counted_by(count);
        };
};

extern void bar(int input);

void foo(struct anon *p, int index)
{
        bar(p->array[index]);
}

Otherwise, things are looking good on test builds so far...

In D148381#4639909, @kees wrote:

I can generate warnings for anonymous structs were the __counted_by member is reported as "not found". For example:

little.c:7:28: warning: counted_by field 'count' not found
    7 |                 int array[] __counted_by(count);
      |                                          ^~~~~

For this:

#define __counted_by(member)   __attribute__((__counted_by__(member)))

struct anon {
        unsigned long flags;
        struct {
                unsigned char count;
                int array[] __counted_by(count);
        };
};

extern void bar(int input);

void foo(struct anon *p, int index)
{
        bar(p->array[index]);
}

I'll look into this.

Patch LGTM; just want moar tests.

Mind adding a test for

#if !__has_attribute(counted_by)
#error "has attribute broken"
#endif

clang/test/CodeGen/attr-counted-by.c
3	Can you add another run line without the `-fsanitize` flags set, and use 2 different `--check-prefixes` for the two RUN lines? I'd be curious to see the differences in codegen between those set or not. I assume this attribute should affect codegen even with all of those disabled (maybe trapping instead of libcalling into ubsan runtime). I think update_cc_test_checks should be able to handle that.
40–52	Is the call to `func` is unnecessary for this test or can we just `return __builtin_dynamic_object_size(p->array, 1)`?
68–74	What is the intent of this test? Mind adding a comment? In particular, it's not clear to my why this case should conditionally trap, seeing as the dynamically allocated object's `array` field is yet to be accessed in this example. What am I missing?

Expand test to show the unsanitized version,
Unify the ways of finding a specific field based on a predicate,
Make sure we're using the correct types in a couple of key places.

Remove unneded extern decl from test.

I changed more than just the testcase (not a lot, but non-trivial nonetheless). PTAL.

clang/test/CodeGen/attr-counted-by.c
3	Done.
40–52	Nope. Not sure why I had it. :-/ Removed.
68–74	This is a bit weird. I don't understand why it would trap either. It might have something to do with the 'alloc_size' attribute? (The code that this patch generates doesn't put that trap in there.) That's probably a bug. However, when I modify the test to include an actual store: void test3(int index) { /* ... */ p->array[index] = 42; } I get two checks: one for the 'counted_by' attribute, and this one, probably for the bounds check. Again, it's probably because of the 'alloc_size', because when I remove the call to 'malloc' it generates only the 'counted_by' check...

nickdesaulniers added inline comments.Sep 8 2023, 3:51 PM

clang/test/CodeGen/attr-counted-by.c
3	I guess that's what I was curious about; how come the attribute doesn't affect codegen unless the sanitizers are enabled?

void retitled this revision from [Clang] Add counted_by attribute to [Clang] Implement the counted_by attribute.Sep 8 2023, 3:58 PM

void edited the summary of this revision. (Show Details)

void retitled this revision from [Clang] Implement the counted_by attribute to [Clang] Implement the 'counted_by' attribute.Sep 8 2023, 4:10 PM

void edited the summary of this revision. (Show Details)

void edited the summary of this revision. (Show Details)Sep 8 2023, 4:12 PM

Fix docs to use the correct code examples throughout.

void added inline comments.Sep 8 2023, 4:16 PM

clang/test/CodeGen/attr-counted-by.c
3	I don't think we would want the bounds checking unless explicitly told so. I could be wrong?

void added inline comments.Sep 8 2023, 4:19 PM

clang/test/CodeGen/attr-counted-by.c
3	To clarify. It does generate the code for the `__bdos` calculation. It just doesn't generate a trap.

Add test output when the attribute isn't used.

Harbormaster completed remote builds in B256909: Diff 556324.Sep 8 2023, 5:33 PM

This is ready for review. Please take a look.

Harbormaster completed remote builds in B257113: Diff 556619.Sep 12 2023, 6:06 PM

Thanks for the patch!

This revision is now accepted and ready to land.Sep 13 2023, 9:33 AM

Also, I encourage you to test a build of the linux kernel with __counted_by BEFORE merging this!

Perhaps worth updating the release notes, too.

Thank you for working on this! Please be sure to also add a release note to clang/docs/ReleaseNotes.rst so users know about this. Also adding the codegen and attribute code owners for awareness.

clang/include/clang/AST/Decl.h
4308–4311	Could this be implemented as: `return !field_empty() ? *std::prev(field_end()) : nullptr;` ? Then maybe someday we'll get better iterator support that isn't forward-only and this code will automagically get faster.
4313–4318	We use this pattern fairly often to avoid repeating the implementation.
clang/include/clang/Basic/Attr.td
4249	Clang supports both as extensions in C++, as does GCC: https://godbolt.org/z/5xP7ncoha -- I think we should consider enabling this attribute in C++ mode, but I'm fine considering that in a follow-up.
4258–4261	Teeny tiniest of coding style nits :-D
clang/include/clang/Basic/AttrDocs.td
7252	If we land the changes with the attribute as a C-only attribute, we should document that explicitly here (unless we're immediately enabling it C++ mode; not asking for busywork).
clang/include/clang/Basic/DiagnosticSemaKinds.td
6386–6387	Why is this a warning and not a typical `err_no_member` error? I think we want that behavior so that we get typo correction for free. e.g., struct S { int Count; int FAM[] __attribute__((counted_by(Clount))); // Should get a "did you mean 'Count'" fix-it };
6389–6393	We try to wrap syntax elements in single quotes in our diagnostics so it's more visually distinct
clang/lib/AST/ASTImporter.cpp
8981–8982	Should these be `castAttrAs` so it's more clear that type mismatches don't result in a null pointer, but an assertion?
clang/lib/AST/DeclBase.cpp
443–444	Can you explain a bit about what this code is for? I didn't spot any test coverage for it, but perhaps I missed something.
clang/lib/CodeGen/CGBuiltin.cpp
857	We don't generally use top-level const on local variables.
886
clang/lib/Sema/SemaDecl.cpp
18025–18027	Ask and you shall receive! :-D
18037	This logic seems like it should live in SemaDeclAttr.cpp when handling the attribute. We're given the declaration the attribute is applied to, so we can do everything we need from that (the `FieldDecl` has a `getParent()` so we don't need the `RecordDecl` to be passed in. Is there a reason we need it to live here instead?
18060	Errr any integer type? struct S { bool HerpADerp; int FAM[] __attribute__((counted_by(HerpADerp))); }; seems like something we don't want, but I also wonder about enumeration types and more interestingly, plain `char` where it could be treated as signed or unsigned depending on compiler flags.
clang/test/Misc/warning-flags.c
21 ↗	(On Diff #556619)	One line up: "The list of warnings below should NEVER grow. It should gradually shrink to 0." ;-) That said, I don't think this warning needs to be added because I think we have an existing error that is more appropriate.
clang/test/Sema/attr-counted-by.c
2	Is the triple necessary? Also, do we have to enable `-fsanitize=array-bounds` to test this?
22	Please add test with the other strange FAM-like members, as well as one that is just a trailing constant array of size 2. Some more tests or situations to consider: struct S { struct { int NotInThisStruct; }; int FAM[] __counted_by(NotInThisStruct); // Should this work? }; int Global; struct T { int FAM[] __counted_by(Global); // Should fail per your design but is that the behavior you want? }; struct U { struct { int Count; } data; int FAM[] __counted_by(data.Count); // Thoughts? }; struct V { int Sizes[2]; int FAM[] __counted_by(Sizes[0]); // Thoughts? }; (I'm not suggesting any of this needs to be accepted in order to land the patch.) You should also have tests showing the attribute is diagnosed when applied to something other than a field, given something other than an identifier, is given zero arguments, and is given two arguments.

This revision now requires changes to proceed.Sep 13 2023, 11:25 AM

nickdesaulniers added a subscriber: jyknight.Sep 13 2023, 11:35 AM

nickdesaulniers added inline comments.

clang/lib/CodeGen/CGBuiltin.cpp
857	Do we explicitly document this in the style guide? This came up for me recently in a code review (cc @jyknight ). https://llvm.org/docs/CodingStandards.html

aaron.ballman added inline comments.Sep 13 2023, 11:38 AM

clang/lib/CodeGen/CGBuiltin.cpp
857	It's the prevailing style in our files rather than a hard rule. In Clang, we seem to have organically landed on "const members are fine, const locals are not fine, do not use globals". Our const-correctness story is terrible and if we had better const correct interfaces, I think we'd have landed somewhere different.

nickdesaulniers added inline comments.Sep 13 2023, 11:40 AM

clang/lib/CodeGen/CGBuiltin.cpp
857	prevailing styles should be documented explicitly in the style guide. That settles all discussions, now and in the future. Or perhaps an RFC on discourse.

erichkeane added inline comments.Sep 13 2023, 11:56 AM

clang/include/clang/AST/DeclBase.h
482	Why isn't this a member function?
clang/include/clang/Basic/Attr.td
4258	Should we instead be capturing the field itself, rather than its location? It seems to me that would be more useful?
clang/include/clang/Basic/AttrDocs.td
7255	As this is the purpose of this attribute, it seems to me that the documentation should headline/more obviously highlight that the purpose here is to improve the result of the sanitizer when it comes to flexible array members.
clang/include/clang/Basic/DiagnosticSemaKinds.td
6389	This one isn't clear... something more specifically about 'cannot point to itself' is perhaps more useful/explainatory. Also, the beginning of all of these is really quite awkward as well, perhaps something like: `field %0 referenced by 'counted_by' attribute ...` ?
clang/lib/AST/DeclBase.cpp
482	Whats going on here? Is this simply an attempt to see if this is the last one? Can we combine this effort with the 'getLastFieldDecl' above? Alternatively, can we get a good comment here?

Added more error messages. Changed some code around to align with coding practices. Added some more test cases.

clang/include/clang/AST/Decl.h
4308–4311	Using `std::prev` on a forward iterator won't work: https://stackoverflow.com/questions/23868378/why-stdprev-does-not-fire-an-error-with-an-iterator-of-stdunordered-set `std::prev` itself is defined only for bidirectional iterators: template<typename _BidirectionalIterator> _GLIBCXX_NODISCARD inline _GLIBCXX17_CONSTEXPR _BidirectionalIterator prev(_BidirectionalIterator __x, typename iterator_traits<_BidirectionalIterator>::difference_type __n = 1) { ...
4313–4318	Done. I just hate the use of `const_cast`...
clang/include/clang/AST/DeclBase.h
482	Because I want to be able to call it with a `nullptr`. I'll document this.
clang/include/clang/Basic/Attr.td
4249	I understand we can accept it as an extension, but yeah let's burn that bridge when we come to it.
4258	I tried that before and it didn't work. The issue is that at the time of parsing we don't yet have the full definition of the structure / union. So the `Decl`'s aren't really available to us yet. There may be a way to massage the parsing code to allow this to happen, but I'd like to do it as a separate patch. I'll document it with a `FIXME`.
clang/include/clang/Basic/AttrDocs.td
7252	That's not something normally done for other `COnly` attributes. (However, the documentation shows those attributes being available for C++11, which is probably a mistake...) I went ahead and added that this is for C though.
7255	I'm not sure how much more I could do to highlight that. :-)
7265	This was a suggestion by a GCC developer as well. I personally hate that syntax. Regardless, it's something to be done in the future. :-)
clang/include/clang/Basic/DiagnosticSemaKinds.td
6386–6387	I thought it would be too harsh to make this an error. But I suppose there's no harm in doing this. I'm not sure how to implement a fixit for a closely matching identifier. Do you have an example of how to find the closest matching Decl?
6389	I reworded them a bit. As for referring to itself, it could be a bit confusing to say that it 'cannot point to itself' because the 'itself' in that is the attribute, not the flexible array member. I think it's more-or-less clear what the error's referring to. The user can use this attribute only with a flexible array member. So they should know what what's meant by the message.
clang/lib/AST/ASTImporter.cpp
8981–8982	Sure.
clang/lib/AST/DeclBase.cpp
443–444	Short answer is I don't know. :-) This is copied from the original implementation of this method.
482	It's not really the same as the `getLastField` method. That one will return a non-null pointer whether or not the last field is a FAM. This code is just shorthand for getting the iterator for the FAM and then quickly testing if it's the final one. Again, this is because of the forward iterator that RecordDecl uses, for some reason. If we had bidirectional iterators, this would be much clearer.
clang/lib/CodeGen/CGBuiltin.cpp
857	Easy enough to do. Done.
clang/lib/Sema/SemaDecl.cpp
18025–18027	Nice!! :-D
18037	I put it here only because it's close to where it's called. I'm ambivalent on where it should live. Am I performing the check in the correct place? Changed to use `getParent()`.
18060	Yeah...unless they want just 1 element. ;-) I can rule a `bool` out. (Done) A `char` should be fine. Dunno about signed vs. unsigned...
clang/test/Misc/warning-flags.c
21 ↗	(On Diff #556619)	Awww....gatekeeping. ;-) Reverted.
clang/test/Sema/attr-counted-by.c
2	I suppose their not 100% necessary. I'll remove them.
22	I added a "this isn't a flexible array member" error message. struct S { struct { int NotInThisStruct; }; int FAM[] __counted_by(NotInThisStruct); // Should this work? }; Yes, I believe it should. Kees had a similar example: struct S { int x; struct { int count; int FAM[] __counted_by(count); }; }; I made changes to support this. It may be controversial, so please let me know if you or anyone has an issue with it. int Global; struct T { int FAM[] __counted_by(Global); // Should fail per your design but is that the behavior you want? }; Yes, it should fail. I'll add a test case. struct U { struct { int Count; } data; int FAM[] __counted_by(data.Count); // Thoughts? }; I don't think we should support that at the moment. Referencing arbitrary fields in a nested structure is very complicated and the syntax for it is not at all settled on. struct V { int Sizes[2]; int FAM[] __counted_by(Sizes[0]); // Thoughts? }; Hmm...Not sure. I'll ask the GCC person who's implementing this on her side about this.

Harbormaster completed remote builds in B257192: Diff 556734.Sep 13 2023, 5:58 PM

Add release note.

Harbormaster completed remote builds in B257203: Diff 556749.Sep 14 2023, 2:49 AM

aaron.ballman added inline comments.Sep 14 2023, 6:29 AM

clang/include/clang/AST/Decl.h
4308–4311	Drat! Oh well, it was a lovely thought.
4313–4318	Yeah, I usually go take a shower after that sort of thing. :-D
clang/include/clang/Basic/Attr.td
4258	I think at some point we're going to want this to take an `Expr` argument instead of an identifier argument, so we can support `foo.bar` and `baz[0]`, etc as arguments for more complicated situations. But I believe the current form is reasonable as-is (we can start taking an expression and all of these identifiers should become a `MemberExpr`, so users don't have to change their code).
clang/include/clang/Basic/AttrDocs.td
7252	Heh, our attribute documentation has been slowly getting better over time but is still pretty inconsistent; thank you for adding it!
clang/include/clang/Basic/DiagnosticSemaKinds.td
6386–6387	I'll leave a comment below with what I'm thinking.
clang/lib/AST/DeclBase.cpp
443–444	Good enough for me, thank you. :-) (I made that comment before I realized this was a refactor, I forgot to come back and delete it.)
clang/lib/Sema/SemaDecl.cpp
18057	When the lookup result is not found, I think you should call `Sema::DiagnoseEmptyLookup()`. This will handle giving you the error about the member not being found, but it should also give you typo correction for free, and if typo correction happens, you should then already know what new declaration was found via the correction, so you can continue to check for the other cases from there. https://github.com/llvm/llvm-project/blob/b57df9fe9a1a230f277d671bfa0884bbda9fc1c5/clang/lib/Sema/SemaLambda.cpp#L1151 is an example of this being called elsewhere.
18060	The `char` situation I'm thinking about is morally: https://godbolt.org/z/377WPYojz With `-fsigned-char`, accessing `Idx` means you get the value `-1` and with `-funsigned-char`, you get the value `255`. If that was used to index into `FAM`, the `signed char` version would become a bounds access issue whereas the `unsigned char` version works fine, so it's hard to write a portable attribute that refers to a `char` member. Then again, the `counted_by` attribute is intended to catch exactly this kind of issue, so perhaps it's fine on `char`?

void added inline comments.Sep 14 2023, 1:34 PM

clang/include/clang/Basic/Attr.td
4258	I think that GCC may not be able to use expressions (apart from simple, resolvable integer arithmetic). But yeah, those types of expansions would be nice. There are many issues to resolve with them first---such as how to reference a field in a sub-struct when the fam is in another substruct: struct S { struct A { int count; } a; struct C { int count; struct X { int count; } x; } c; struct F { int fam[] __counted_by(/* how to refer to p->c.x.count? */); } f; };
clang/lib/Sema/SemaDecl.cpp
18057	GAAAA! It's just like the rest of Clang: There are a million ways to do something, but none of them are documented and only one of them works for your particular case...kind of...and it takes a ton of arguments which seem counter-intuitive (`CXXScopeSpec` instead of `DeclSpec`?). All of Clang has been over-engineered from the beginning and it shows in how hard it is to do even the most basic things. So hard that people write the same things over and over with only small changes (see the two designated initializers implementations) leading to a nightmare. The example you pointed to doesn't work. And none of the other forms seem to fit well enough. There are apparently many ways to "correct" a typo, but none of them seemed appropriate or like they'd do what I want. Is it really necessary to have this?
18060	True. But we technically have that issue with every type. Maybe it'd be best to make sure we don't have a negative result?

In D148381#4645600, @void wrote:

Added more error messages. Changed some code around to align with coding practices. Added some more test cases.

Doing a full "allmodconfig" Linux kernel build with my 200ish __counted_by annotations is building cleanly. Yay! :)

clang/test/Sema/attr-counted-by.c
22	Yes, I believe it should. Kees had a similar example: struct S { int x; struct { int count; int FAM[] __counted_by(count); }; }; I made changes to support this. It may be controversial, so please let me know if you or anyone has an issue with it. FWIW, the Linux kernel has a LOT of this style (in an anonymous struct), which is why I wanted to make sure it was supported in this first version of the feature.

In D148381#4646780, @kees wrote:

In D148381#4645600, @void wrote:

Added more error messages. Changed some code around to align with coding practices. Added some more test cases.

Doing a full "allmodconfig" Linux kernel build with my 200ish __counted_by annotations is building cleanly. Yay! :)

Great! That means I did something wrong.

;-)

struct V {
  int Sizes[2];
  int FAM[] __counted_by(Sizes[0]); // Thoughts?
};

-fbounds-safety doesn't allow this. In our internal adoption experience, we haven't encountered such use cases yet. So, I think it's best to make the model restrictive to avoid surprises. If we were to support it, I think it should at least be limited to cases where the array subscript expression is known to be in bounds at compile time, to avoid an OOB access when the counted_by argument is evaluated.

In D148381#4646833, @rapidsna wrote:

-fbounds-safety doesn't allow this. In our internal adoption experience, we haven't encountered such use cases yet. So, I think it's best to make the model restrictive to avoid surprises. If we were to support it, I think it should at least be limited to cases where the array subscript expression is known to be in bounds at compile time, to avoid an OOB access when the counted_by argument is evaluated.

Additionally: it is probably safe from an aliasing perspective (or at least not worse than using any other field) to use an array subscript in a count expression, provided the array's storage exists within the struct. However, we certainly wouldn't want people to go towards array[variable], pointer[anything], or (worse!) FAM[anything], and constant array subscripts are confusingly adjacent to the boundary we need to close. If we're just entertaining the possibility without motivating use cases at this time, I'd advise to leave it be.

I've got no further comments/concerns.

clang/include/clang/AST/Decl.h
4308–4311	something like `!field_empty() ? *std::advance(field_begin(), std::distance(field_begin(), field_end() - 1) : nullptr` would do what Aaron would like, though perhaps with an extra run through the fields list until then.
clang/include/clang/Basic/DiagnosticSemaKinds.td
6389	I think the reword helps, I am less confident that referring to the 'flexible array member' is clear. One of the things I've noticed in the past is users 'trying' attributes without looking them up to see what they do. Frankly, I think that should be a supported strategy, and one that we manage by making clear diagnostics. I'm up for suggestions/hopeful someone else will come up with something better, but I can hold my nose at this if we don't have anything better (and in fact, my attempts to put a strawman up were at least as bad).

void added inline comments.Sep 18 2023, 1:32 PM

clang/include/clang/AST/Decl.h
4308–4311	Yeah, I want to avoid unnecessary iterations through the list.
clang/include/clang/Basic/DiagnosticSemaKinds.td
6389	I added a diagnostic (the first one) that indicates it must apply to a FAM. So maybe it'll be okay? I'm open to other wording...

Friendly Ping.

In D148381#4649683, @void wrote:

Friendly Ping.

Aaron is away at a conference this week, so hopefully he'll do another pass when he gets back next week.

pirama added a subscriber: pirama.Sep 25 2023, 1:47 PM

void added a child revision: D144136: Add a "remark" to report on array accesses.Sep 26 2023, 1:46 PM

Use CBA as an acronym of CountedByAttribute instead of EBA, which is oldspeak.

Harbormaster completed remote builds in B257639: Diff 557415.Sep 27 2023, 1:36 PM

aaron.ballman added inline comments.Sep 28 2023, 9:05 AM

clang/include/clang/Basic/Attr.td
4258	FWIW, my intuition is that we'd want something close to: struct S { struct A { int count; } a; struct C { int count; struct X { int count; } x; } c; struct F { int fam[] __counted_by(c.x.count); } f; }; but this is in follow-up territory.
clang/lib/Sema/SemaDecl.cpp
18037	I prefer it to live in SemaDeclAttr.cpp as that's where the other attribute checking logic generally lives; it makes it slightly easier for us to find the checking logic in the future.
18057	Necessary? No. A better implementation of the feature? I think so; we want the user experience to be consistent whenever possible and it's pretty unfortunate that users would get typo correction elsewhere but not here. That said, I don't think this patch needs to be gated on that; we can add a FIXME to use a more general mechanism instead of even more custom logic.
18060	So at CodeGen time we see if we know the value within the field, and if it's known to be negative, we diagnose? Or are you thinking of something else?

Move attribute checking over to SemaDeclAttr.cpp

Harbormaster completed remote builds in B257672: Diff 557462.Sep 28 2023, 3:12 PM

void added inline comments.Sep 28 2023, 4:19 PM

clang/include/clang/Basic/Attr.td
4258	I'm similarly inclined, though I'd like to adopt the "designator syntax" and add a dot (`.`) before it: `.c.x.count`. But yeah, that's something for future us to decide. :-)
clang/lib/Sema/SemaDecl.cpp
18037	Okay. I moved it over there.
18057	I'm still not able to get it to work for me. Is there any documentation on how to work with that feature?
18060	No, because we generally won't know the value in this field at codegen time. I meant it as a runtime check. I'm going to see what GCC does.

Add a "FIXME" to improve the diagnostics with a typo hint.

Harbormaster completed remote builds in B257676: Diff 557473.Sep 28 2023, 8:29 PM

FINALLY! found out how to do suggestions for typos.

Okay, I now have a suggested fix hint. PTAL.

Harbormaster completed remote builds in B257693: Diff 557496.Sep 29 2023, 12:32 PM

In D148381#4652056, @void wrote:

FINALLY! found out how to do suggestions for typos.

<3 Thank you for your perseverance!

clang/lib/Sema/SemaDeclAttr.cpp

8420–8428

The logic here still seems incorrect. I was expecting the code to look more like this:

bool Sema::CheckCountedByAttr(Scope *S, const FieldDecl *FD) {
  const RecordDecl *RD = FD->getParent();
  const auto *CBA = FD->getAttr<CountedByAttr>();
  const IdentifierInfo *FieldName = CBA->getCountedByField();
  DeclarationNameInfo NameInfo(FieldName,
                               CBA->getCountedByFieldLoc().getBegin());
  LookupResult Result(*this, NameInfo, Sema::LookupMemberName);

  LookupName(Result, S);
  if (Result.empty()) {
    CXXScopeSpec SS;
    DeclFilterCCC<FieldDecl> Filter(const_cast<IdentifierInfo *>(FieldName));
    if (DiagnoseEmptyLookup(S, SS, Result, Filter, nullptr, std::nullopt,
                            const_cast<DeclContext *>(FD->getDeclContext())))
      return true;
  }

  const FieldDecl *Field = Result.getAsSingle<FieldDecl>();
  LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =
      Context.getLangOpts().getStrictFlexArraysLevel();
  ...

I tested this locally on code like:

struct not_a_fam {
  int foo;
  int fam[] __attribute__((counted_by(fob)));
};

and get a diagnostic like:

C:\Users\aballman\OneDrive - Intel Corporation\Desktop\test.c:3:39: error: use of undeclared identifier 'fob'; did you
      mean 'foo'?
    3 |   int fam[] __attribute__((counted_by(fob)));
      |                                       ^~~
      |                                       foo
C:\Users\aballman\OneDrive - Intel Corporation\Desktop\test.c:2:7: note: 'foo' declared here
    2 |   int foo;
      |       ^
1 error generated.

Note, I had to add a constructor to DeclFilterCCC to expose the base class constructor, and modify DiagnoseEmptyLookup() like this:

diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 2ed31a90c5dc..3c4ade391a5e 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -2458,7 +2458,8 @@ bool Sema::DiagnoseDependentMemberLookup(const LookupResult &R) {
 bool Sema::DiagnoseEmptyLookup(Scope *S, CXXScopeSpec &SS, LookupResult &R,
                                CorrectionCandidateCallback &CCC,
                                TemplateArgumentListInfo *ExplicitTemplateArgs,
-                               ArrayRef<Expr *> Args, TypoExpr **Out) {
+                               ArrayRef<Expr *> Args, DeclContext *LookupCtx,
+                               TypoExpr **Out) {
   DeclarationName Name = R.getLookupName();

   unsigned diagnostic = diag::err_undeclared_var_use;
@@ -2474,7 +2475,9 @@ bool Sema::DiagnoseEmptyLookup(Scope *S, CXXScopeSpec &SS, LookupResult &R,
   // unqualified lookup.  This is useful when (for example) the
   // original lookup would not have found something because it was a
   // dependent name.
-  DeclContext *DC = SS.isEmpty() ? CurContext : nullptr;
+  DeclContext *DC =
+      LookupCtx ? LookupCtx : (SS.isEmpty() ? CurContext : nullptr);
+  DeclContext *OrigLookupCtx = DC;
   while (DC) {
     if (isa<CXXRecordDecl>(DC)) {
       LookupQualifiedName(R, DC);
@@ -2517,12 +2520,12 @@ bool Sema::DiagnoseEmptyLookup(Scope *S, CXXScopeSpec &SS, LookupResult &R,
           emitEmptyLookupTypoDiagnostic(TC, *this, SS, Name, TypoLoc, Args,
                                         diagnostic, diagnostic_suggest);
         },
-        nullptr, CTK_ErrorRecovery);
+        nullptr, CTK_ErrorRecovery, OrigLookupCtx);
     if (*Out)
       return true;
-  } else if (S &&
-             (Corrected = CorrectTypo(R.getLookupNameInfo(), R.getLookupKind(),
-                                      S, &SS, CCC, CTK_ErrorRecovery))) {
+  } else if (S && (Corrected = CorrectTypo(R.getLookupNameInfo(),
+                                           R.getLookupKind(), S, &SS, CCC,
+                                           CTK_ErrorRecovery, OrigLookupCtx))) {
     std::string CorrectedStr(Corrected.getAsString(getLangOpts()));
     bool DroppedSpecifier =
         Corrected.WillReplaceSpecifier() && Name.getAsString() == CorrectedStr;
@@ -2812,7 +2815,7 @@ Sema::ActOnIdExpression(Scope *S, CXXScopeSpec &SS,
     // a template name, but we happen to have always already looked up the name
     // before we get here if it must be a template name.
     if (DiagnoseEmptyLookup(S, SS, R, CCC ? *CCC : DefaultValidator, nullptr,
-                            std::nullopt, &TE)) {
+                            std::nullopt, nullptr, &TE)) {
       if (TE && KeywordReplacement) {
         auto &State = getTypoExprState(TE);
         auto BestTC = State.Consumer->getNextCorrection();

Can you give something like this a shot and see how well it works for you?

void added inline comments.Oct 3 2023, 2:02 AM

clang/lib/Sema/SemaDeclAttr.cpp
8420–8428	I wanted to check for two different issues when the field isn't found: The field is outside of the struct, or The field isn't found (or is misspelled). If I do your version, that distinction goes away. But if you want me to work on this more, would you mind if I did it in a follow-up commit? I'm not at all happy about adding yet another parameter to a method that already has a million parameters. It would be nice if that was cleaned up.

aaron.ballman added inline comments.Oct 3 2023, 6:31 AM

clang/lib/Sema/SemaDeclAttr.cpp

8420–8428

I wanted to check for two different issues when the field isn't found:

The field is outside of the struct, or

The field isn't found (or is misspelled).

If I do your version, that distinction goes away.

Correct, my version is only looking for the field as a member name because we never want it to find a variable outside the scope of the structure. We could augment it to do what you want though:

bool Sema::CheckCountedByAttr(Scope *S, const FieldDecl *FD) {
  const RecordDecl *RD = FD->getParent();
  const auto *CBA = FD->getAttr<CountedByAttr>();
  const IdentifierInfo *FieldName = CBA->getCountedByField();
  DeclarationNameInfo NameInfo(FieldName,
                               CBA->getCountedByFieldLoc().getBegin());
  LookupResult Result(*this, NameInfo, Sema::LookupMemberName);

  LookupName(Result, S);
  if (Result.empty()) {
    // Look for the name outside of the scope of the structure so we can issue a different
    // diagnostic in that case.
    LookupResult BackupResult(*this, NameInfo, Sema::LookupOrdinaryName);
    LookupName(BackupResult, S);
    if (!BackupResult.empty()) {
      return Diag(Loc, diag::whatever);
    } else {
      // Otherwise, diagnose the empty lookup.
      CXXScopeSpec SS;
      DeclFilterCCC<FieldDecl> Filter(const_cast<IdentifierInfo *>(FieldName));
      if (DiagnoseEmptyLookup(S, SS, Result, Filter, nullptr, std::nullopt,
                              const_cast<DeclContext *>(FD->getDeclContext())))
        return true;
    }
  }

  const FieldDecl *Field = Result.getAsSingle<FieldDecl>();
  LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =
      Context.getLangOpts().getStrictFlexArraysLevel();
  ...

But if you want me to work on this more, would you mind if I did it in a follow-up commit? I'm not at all happy about adding yet another parameter to a method that already has a million parameters. It would be nice if that was cleaned up.

I don't insist on doing it as part of this patch but I do strongly prefer doing it now. Waiting runs the risk of not actually doing that work, but also, I worry that the lookups will be subtly different and we might risk breaking code by changing it later. That said, if you mean "(almost) immediately after landing this" kind of follow-up, I'm not worried about the breakage and that's fine.

Yes, I mean to do it as a direct follow-up. 😊

-bw

In D148381#4652825, @void wrote:

Yes, I mean to do it as a direct follow-up. 😊

Okay, let's go that route then. This gets a fairly significant review off Phab with incremental progress, so LGTM!

This revision is now accepted and ready to land.Oct 4 2023, 5:38 AM

Closed by commit rG9a954c693573: [Clang] Implement the 'counted_by' attribute (authored by void). · Explain WhyOct 4 2023, 6:26 PM

This revision was automatically updated to reflect the committed changes.

void added a commit: rG9a954c693573: [Clang] Implement the 'counted_by' attribute.

GitHub <noreply@github.com> added a reverting change: rG67b675ee55cc: Revert "[Clang] Implement the 'counted_by' attribute" (#68603).Oct 9 2023, 11:53 AM

GitHub <noreply@github.com> added a commit: rG769bc11f684d: [Clang] Implement the 'counted_by' attribute (#68750).Oct 14 2023, 4:18 AM

thesamesam added a subscriber: thesamesam.Dec 6 2023, 10:25 AM

Revision Contents

Path

Size

clang/

docs/

ReleaseNotes.rst

5 lines

include/

clang/

AST/

Decl.h

24 lines

DeclBase.h

10 lines

Basic/

Attr.td

18 lines

AttrDocs.td

66 lines

DiagnosticSemaKinds.td

15 lines

Sema/

Sema.h

2 lines

lib/

AST/

ASTImporter.cpp

13 lines

DeclBase.cpp

76 lines

Expr.cpp

83 lines

CodeGen/

CGBuiltin.cpp

51 lines

CGExpr.cpp

64 lines

CodeGenFunction.h

6 lines

Sema/

SemaDecl.cpp

12 lines

SemaDeclAttr.cpp

132 lines

test/

CodeGen/

attr-counted-by.c

227 lines

Misc/

pragma-attribute-supported-attributes-list.test

1 line

Sema/

attr-counted-by.c

42 lines

Diff 557602

clang/docs/ReleaseNotes.rst

	Show First 20 Lines • Show All 126 Lines • ▼ Show 20 Lines
	Resolutions to C++ Defect Reports			Resolutions to C++ Defect Reports
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^			^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	C Language Changes			C Language Changes
	------------------			------------------
	- ``structs``, ``unions``, and ``arrays`` that are const may now be used as			- ``structs``, ``unions``, and ``arrays`` that are const may now be used as
	constant expressions. This change is more consistent with the behavior of			constant expressions. This change is more consistent with the behavior of
	GCC.			GCC.
				- Clang now supports the C-only attribute ``counted_by``. When applied to a
				struct's flexible array member, it points to the struct field that holds the
				number of elements in the flexible array member. This information can improve
				the results of the array bound sanitizer and the
				``__builtin_dynamic_object_size`` builtin.

	C23 Feature Support			C23 Feature Support
	^^^^^^^^^^^^^^^^^^^			^^^^^^^^^^^^^^^^^^^
	- Clang now accepts ``-std=c23`` and ``-std=gnu23`` as language standard modes,			- Clang now accepts ``-std=c23`` and ``-std=gnu23`` as language standard modes,
	and the ``__STDC_VERSION__`` macro now expands to ``202311L`` instead of its			and the ``__STDC_VERSION__`` macro now expands to ``202311L`` instead of its
	previous placeholder value. Clang continues to accept ``-std=c2x`` and			previous placeholder value. Clang continues to accept ``-std=c2x`` and
	``-std=gnu2x`` as aliases for C23 and GNU C23, respectively.			``-std=gnu2x`` as aliases for C23 and GNU C23, respectively.
	- Clang now supports `requires c23` for module maps.			- Clang now supports `requires c23` for module maps.
	▲ Show 20 Lines • Show All 496 Lines • Show Last 20 Lines

clang/include/clang/AST/Decl.h

Show First 20 Lines • Show All 4,298 Lines • ▼ Show 20 Lines field_iterator field_end() const {

return field_iterator(decl_iterator()); return field_iterator(decl_iterator());

} }

// Whether there are any fields (non-static data members) in this record. // Whether there are any fields (non-static data members) in this record.

bool field_empty() const { bool field_empty() const {

return field_begin() == field_end(); return field_begin() == field_end();

} }

FieldDecl *getLastField() {

FieldDecl *FD = nullptr;

for (FieldDecl *Field : fields())

FD = Field;

return FD;

aaron.ballmanUnsubmitted

Done

Could this be implemented as: return !field_empty() ? *std::prev(field_end()) : nullptr; ? Then maybe someday we'll get better iterator support that isn't forward-only and this code will automagically get faster.

aaron.ballman: Could this be implemented as: `return !field_empty() ? *std::prev(field_end()) : nullptr;` ?

voidAuthorUnsubmitted

Done

Using std::prev on a forward iterator won't work:

https://stackoverflow.com/questions/23868378/why-stdprev-does-not-fire-an-error-with-an-iterator-of-stdunordered-set

std::prev itself is defined only for bidirectional iterators:

 template<typename _BidirectionalIterator>
    _GLIBCXX_NODISCARD
    inline _GLIBCXX17_CONSTEXPR _BidirectionalIterator
    prev(_BidirectionalIterator __x, typename
         iterator_traits<_BidirectionalIterator>::difference_type __n = 1)
    {
...

void: Using `std::prev` on a forward iterator won't work: https://stackoverflow.

aaron.ballmanUnsubmitted

Done

Drat! Oh well, it was a lovely thought.

aaron.ballman: Drat! Oh well, it was a lovely thought.

erichkeaneUnsubmitted

Not Done

something like !field_empty() ? *std::advance(field_begin(), std::distance(field_begin(), field_end() - 1) : nullptr

would do what Aaron would like, though perhaps with an extra run through the fields list until then.

erichkeane: something like `!field_empty() ? *std::advance(field_begin(), std::distance(field_begin()…

voidAuthorUnsubmitted

Done

Yeah, I want to avoid unnecessary iterations through the list.

void: Yeah, I want to avoid unnecessary iterations through the list.

}

const FieldDecl *getLastField() const {

return const_cast<RecordDecl *>(this)->getLastField();

}

template <typename Functor>

const FieldDecl *findFieldIf(Functor &Pred) const {

aaron.ballmanUnsubmitted

Done

return FD;

}

const FieldDecl *getLastField() const {

- const FieldDecl *FD = nullptr;

- for (const FieldDecl *Field : fields())

- FD = Field;

- return FD;

+ return const_cast<FieldDecl *>(this)->getLastField();

}

/// Note that the definition of this type is now complete.

We use this pattern fairly often to avoid repeating the implementation.

aaron.ballman: We use this pattern fairly often to avoid repeating the implementation.

voidAuthorUnsubmitted

Done

Done. I just hate the use of const_cast...

void: Done. I just hate the use of `const_cast`...

aaron.ballmanUnsubmitted

Done

Yeah, I usually go take a shower after that sort of thing. :-D

aaron.ballman: Yeah, I usually go take a shower after that sort of thing. :-D

for (const Decl *D : decls()) {

if (const auto *FD = dyn_cast<FieldDecl>(D); FD && Pred(FD))

return FD;

if (const auto *RD = dyn_cast<RecordDecl>(D))

if (const FieldDecl *FD = RD->findFieldIf(Pred))

return FD;

}

return nullptr;

}

/// Note that the definition of this type is now complete. /// Note that the definition of this type is now complete.

virtual void completeDefinition(); virtual void completeDefinition();

static bool classof(const Decl *D) { return classofKind(D->getKind()); } static bool classof(const Decl *D) { return classofKind(D->getKind()); }

static bool classofKind(Kind K) { static bool classofKind(Kind K) {

return K >= firstRecord && K <= lastRecord; return K >= firstRecord && K <= lastRecord;

} }

▲ Show 20 Lines • Show All 656 Lines • Show Last 20 Lines

clang/include/clang/AST/DeclBase.h

Show All 12 Lines
#ifndef LLVM_CLANG_AST_DECLBASE_H		#ifndef LLVM_CLANG_AST_DECLBASE_H
#define LLVM_CLANG_AST_DECLBASE_H		#define LLVM_CLANG_AST_DECLBASE_H

#include "clang/AST/ASTDumperUtils.h"		#include "clang/AST/ASTDumperUtils.h"
#include "clang/AST/AttrIterator.h"		#include "clang/AST/AttrIterator.h"
#include "clang/AST/DeclarationName.h"		#include "clang/AST/DeclarationName.h"
#include "clang/Basic/IdentifierTable.h"		#include "clang/Basic/IdentifierTable.h"
#include "clang/Basic/LLVM.h"		#include "clang/Basic/LLVM.h"
		#include "clang/Basic/LangOptions.h"
#include "clang/Basic/SourceLocation.h"		#include "clang/Basic/SourceLocation.h"
#include "clang/Basic/Specifiers.h"		#include "clang/Basic/Specifiers.h"
#include "llvm/ADT/ArrayRef.h"		#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/PointerIntPair.h"		#include "llvm/ADT/PointerIntPair.h"
#include "llvm/ADT/PointerUnion.h"		#include "llvm/ADT/PointerUnion.h"
#include "llvm/ADT/iterator.h"		#include "llvm/ADT/iterator.h"
#include "llvm/ADT/iterator_range.h"		#include "llvm/ADT/iterator_range.h"
#include "llvm/Support/Casting.h"		#include "llvm/Support/Casting.h"
▲ Show 20 Lines • Show All 443 Lines • ▼ Show 20 Lines	public:

bool isInAnonymousNamespace() const;		bool isInAnonymousNamespace() const;

bool isInStdNamespace() const;		bool isInStdNamespace() const;

// Return true if this is a FileContext Decl.		// Return true if this is a FileContext Decl.
bool isFileContextDecl() const;		bool isFileContextDecl() const;

		/// Whether it resembles a flexible array member. This is a static member
		/// because we want to be able to call it with a nullptr. That allows us to
		erichkeaneUnsubmitted Done Reply Inline Actions Why isn't this a member function? erichkeane: Why isn't this a member function?
		voidAuthorUnsubmitted Done Reply Inline Actions Because I want to be able to call it with a `nullptr`. I'll document this. void: Because I want to be able to call it with a `nullptr`. I'll document this.
		/// perform non-Decl specific checks based on the object's type and strict
		/// flex array level.
		static bool isFlexibleArrayMemberLike(
		ASTContext &Context, const Decl *D, QualType Ty,
		LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel,
		bool IgnoreTemplateOrMacroSubstitution);

ASTContext &getASTContext() const LLVM_READONLY;		ASTContext &getASTContext() const LLVM_READONLY;

/// Helper to get the language options from the ASTContext.		/// Helper to get the language options from the ASTContext.
/// Defined out of line to avoid depending on ASTContext.h.		/// Defined out of line to avoid depending on ASTContext.h.
const LangOptions &getLangOpts() const LLVM_READONLY;		const LangOptions &getLangOpts() const LLVM_READONLY;

void setAccess(AccessSpecifier AS) {		void setAccess(AccessSpecifier AS) {
Access = AS;		Access = AS;
▲ Show 20 Lines • Show All 2,240 Lines • Show Last 20 Lines

clang/include/clang/Basic/Attr.td

Show First 20 Lines • Show All 4,240 Lines • ▼ Show 20 Lines def ReadOnlyPlacement : InheritableAttr {

let Documentation = [ReadOnlyPlacementDocs]; let Documentation = [ReadOnlyPlacementDocs];

} }

def AvailableOnlyInDefaultEvalMethod : InheritableAttr { def AvailableOnlyInDefaultEvalMethod : InheritableAttr {

let Spellings = [Clang<"available_only_in_default_eval_method">]; let Spellings = [Clang<"available_only_in_default_eval_method">];

let Subjects = SubjectList<[TypedefName], ErrorDiag>; let Subjects = SubjectList<[TypedefName], ErrorDiag>;

let Documentation = [Undocumented]; let Documentation = [Undocumented];

} }

nickdesaulniersUnsubmitted

Done

Does C++ not support VLAs?

nickdesaulniers: Does C++ not support VLAs?

voidAuthorUnsubmitted

Done

C++ doesn't support flexible array members or VLAs.

void: C++ doesn't support flexible array members or VLAs.

aaron.ballmanUnsubmitted

Done

Clang supports both as extensions in C++, as does GCC: https://godbolt.org/z/5xP7ncoha -- I think we should consider enabling this attribute in C++ mode, but I'm fine considering that in a follow-up.

aaron.ballman: Clang supports both as extensions in C++, as does GCC: https://godbolt.org/z/5xP7ncoha -- I…

voidAuthorUnsubmitted

Done

I understand we can accept it as an extension, but yeah let's burn that bridge when we come to it.

void: I understand we can accept it as an extension, but yeah let's burn that bridge when we come to…

def CountedBy : InheritableAttr {

let Spellings = [Clang<"counted_by">];

let Subjects = SubjectList<[Field]>;

nickdesaulniersUnsubmitted

Done

mutable...my least favorite keyword in C++. If you drop const from addCountFieldSourceRange then you don't need mutable.

nickdesaulniers: `mutable`...my least favorite keyword in C++. If you drop `const` from…

voidAuthorUnsubmitted

Done

Hmm...I needed it at one point, but it no longer looks like I do.

void: Hmm...I needed it at one point, but it no longer looks like I do.

let Args = [IdentifierArgument<"CountedByField">];

let Documentation = [CountedByDocs];

let LangOpts = [COnly];

// FIXME: This is ugly. Let using a DeclArgument would be nice, but a Decl

// isn't yet available due to the fact that we're still parsing the

// structure. Maybe that code could be changed sometime in the future.

erichkeaneUnsubmitted

Done

Should we instead be capturing the field itself, rather than its location? It seems to me that would be more useful?

erichkeane: Should we instead be capturing the field itself, rather than its location? It seems to me that…

voidAuthorUnsubmitted

Done

I tried that before and it didn't work. The issue is that at the time of parsing we don't yet have the full definition of the structure / union. So the Decl's aren't really available to us yet. There may be a way to massage the parsing code to allow this to happen, but I'd like to do it as a separate patch. I'll document it with a FIXME.

void: I tried that before and it didn't work. The issue is that at the time of parsing we don't yet…

aaron.ballmanUnsubmitted

Done

I think at some point we're going to want this to take an Expr argument instead of an identifier argument, so we can support foo.bar and baz[0], etc as arguments for more complicated situations. But I believe the current form is reasonable as-is (we can start taking an expression and all of these identifiers should become a MemberExpr, so users don't have to change their code).

aaron.ballman: I think at some point we're going to want this to take an `Expr` argument instead of an…

voidAuthorUnsubmitted

Done

I think that GCC may not be able to use expressions (apart from simple, resolvable integer arithmetic). But yeah, those types of expansions would be nice. There are many issues to resolve with them first---such as how to reference a field in a sub-struct when the fam is in another substruct:

struct S {
  struct A {
    int count;
  } a;
  struct C {
    int count;
    struct X {
      int count;
    } x;
  } c;
  struct F {
    int fam[] __counted_by(/* how to refer to p->c.x.count? */);
  } f;
};

void: I think that GCC may not be able to use expressions (apart from simple, resolvable integer…

aaron.ballmanUnsubmitted

Not Done

FWIW, my intuition is that we'd want something close to:

struct S {
  struct A {
    int count;
  } a;
  struct C {
    int count;
    struct X {
      int count;
    } x;
  } c;
  struct F {
    int fam[] __counted_by(c.x.count);
  } f;
};

but this is in follow-up territory.

aaron.ballman: FWIW, my intuition is that we'd want something close to: ``` struct S { struct A { int…

voidAuthorUnsubmitted

Done

I'm similarly inclined, though I'd like to adopt the "designator syntax" and add a dot (.) before it: .c.x.count. But yeah, that's something for future us to decide. :-)

void: I'm similarly inclined, though I'd like to adopt the "designator syntax" and add a dot (`.`)…

code AdditionalMembers = [{

private:

SourceRange CountedByFieldLoc;

aaron.ballmanUnsubmitted

Done

private:

- SourceRange countedByFieldLoc;

+ SourceRange CountedByFieldLoc;

public:

- SourceRange getCountedByFieldLoc(void) const { return countedByFieldLoc; }

- void setCountedByFieldLoc(SourceRange Loc) { countedByFieldLoc = Loc; }

+ SourceRange getCountedByFieldLoc() const { return CountedByFieldLoc; }

+ void setCountedByFieldLoc(SourceRange Loc) { CountedByFieldLoc = Loc; }

}];

}

Teeny tiniest of coding style nits :-D

aaron.ballman: Teeny tiniest of coding style nits :-D

public:

SourceRange getCountedByFieldLoc() const { return CountedByFieldLoc; }

void setCountedByFieldLoc(SourceRange Loc) { CountedByFieldLoc = Loc; }

}];

}

clang/include/clang/Basic/AttrDocs.td

This file is larger than 256 KB, so syntax highlighting is disabled by default.

	Show First 20 Lines • Show All 7,216 Lines • ▼ Show 20 Lines
	This attribute may be attached to a function pointer type, where it modifies			This attribute may be attached to a function pointer type, where it modifies
	its underlying representation to be a WebAssembly ``funcref``.			its underlying representation to be a WebAssembly ``funcref``.
	}];			}];
	}			}

	def CleanupDocs : Documentation {			def CleanupDocs : Documentation {
	let Category = DocCatType;			let Category = DocCatType;
	let Content = [{			let Content = [{
	This attribute allows a function to be run when a local variable goes out of			This attribute allows a function to be run when a local variable goes out of
				nickdesaulniersUnsubmitted Done Reply Inline Actions Maybe worth noting that this the number of elements and not the number of bytes? nickdesaulniers: Maybe worth noting that this the number of elements and not the number of bytes?
				voidAuthorUnsubmitted Done Reply Inline Actions There's a lot more to be put here. This is just a placeholder. :-) void: There's a lot more to be put here. This is just a placeholder. :-)
	scope. The attribute takes the identifier of a function with a parameter type			scope. The attribute takes the identifier of a function with a parameter type
	that is a pointer to the type with the attribute.			that is a pointer to the type with the attribute.

	.. code-block:: c			.. code-block:: c

	static void foo (int *) { ... }			static void foo (int *) { ... }
	static void bar (int *) { ... }			static void bar (int *) { ... }
	void baz (void) {			void baz (void) {
	Show All 10 Lines
	the variables were declared in. It is not possible to check the return value			the variables were declared in. It is not possible to check the return value
	(if any) of these ``cleanup`` callback functions.			(if any) of these ``cleanup`` callback functions.
	}];			}];
	}			}

	def CtorDtorDocs : Documentation {			def CtorDtorDocs : Documentation {
	let Category = DocCatFunction;			let Category = DocCatFunction;
	let Content = [{			let Content = [{
	The ``constructor`` attribute causes the function to be called before entering			The ``constructor`` attribute causes the function to be called before entering
				aaron.ballmanUnsubmitted Done Reply Inline Actions If we land the changes with the attribute as a C-only attribute, we should document that explicitly here (unless we're immediately enabling it C++ mode; not asking for busywork). aaron.ballman: If we land the changes with the attribute as a C-only attribute, we should document that…
				voidAuthorUnsubmitted Done Reply Inline Actions That's not something normally done for other `COnly` attributes. (However, the documentation shows those attributes being available for C++11, which is probably a mistake...) I went ahead and added that this is for C though. void: That's not something normally done for other `COnly` attributes. (However, the documentation…
				aaron.ballmanUnsubmitted Done Reply Inline Actions Heh, our attribute documentation has been slowly getting better over time but is still pretty inconsistent; thank you for adding it! aaron.ballman: Heh, our attribute documentation has been slowly getting better over time but is still pretty…
	``main()``, and the ``destructor`` attribute causes the function to be called			``main()``, and the ``destructor`` attribute causes the function to be called
	after returning from ``main()`` or when the ``exit()`` function has been			after returning from ``main()`` or when the ``exit()`` function has been
	called. Note, ``quick_exit()``, ``_Exit()``, and ``abort()`` prevent a function			called. Note, ``quick_exit()``, ``_Exit()``, and ``abort()`` prevent a function
				erichkeaneUnsubmitted Done Reply Inline Actions As this is the purpose of this attribute, it seems to me that the documentation should headline/more obviously highlight that the purpose here is to improve the result of the sanitizer when it comes to flexible array members. erichkeane: As this is the purpose of this attribute, it seems to me that the documentation should…
				voidAuthorUnsubmitted Done Reply Inline Actions I'm not sure how much more I could do to highlight that. :-) void: I'm not sure how much more I could do to highlight that. :-)
	marked ``destructor`` from being called.			marked ``destructor`` from being called.

	The constructor or destructor function should not accept any arguments and its			The constructor or destructor function should not accept any arguments and its
	return type should be ``void``.			return type should be ``void``.

	The attributes accept an optional argument used to specify the priority order			The attributes accept an optional argument used to specify the priority order
	in which to execute constructor and destructor functions. The priority is			in which to execute constructor and destructor functions. The priority is
	given as an integer constant expression between 101 and 65535 (inclusive).			given as an integer constant expression between 101 and 65535 (inclusive).
	Priorities outside of that range are reserved for use by the implementation. A			Priorities outside of that range are reserved for use by the implementation. A
	lower value indicates a higher priority of initialization. Note that only the			lower value indicates a higher priority of initialization. Note that only the
				rapidsnaUnsubmitted Done Reply Inline Actions I don't think it's necessary for this patch but for -fbounds-safety, we'd eventually turn this into a type attribute that we will use to create a sugared type or qualified type. And we'd make the attribute work for both this position and inside the array bracket (e.g., `fam[__counted_by(n)]`). Would it work for you? rapidsna: I don't think it's necessary for this patch but for [[ https://discourse.llvm.org/t/rfc…
				voidAuthorUnsubmitted Done Reply Inline Actions This was a suggestion by a GCC developer as well. I personally hate that syntax. Regardless, it's something to be done in the future. :-) void: This was a suggestion by a GCC developer as well. I personally hate that syntax. Regardless…
	relative ordering of values is important. For example:			relative ordering of values is important. For example:

	.. code-block:: c++			.. code-block:: c++

	__attribute__((constructor(200))) void foo(void);			__attribute__((constructor(200))) void foo(void);
	__attribute__((constructor(101))) void bar(void);			__attribute__((constructor(101))) void bar(void);

	``bar()`` will be called before ``foo()``, and both will be called before			``bar()`` will be called before ``foo()``, and both will be called before
	``main()``. If no argument is given to the ``constructor`` or ``destructor``			``main()``. If no argument is given to the ``constructor`` or ``destructor``
	attribute, they default to the value ``65535``.			attribute, they default to the value ``65535``.
	}];			}];
	}			}

				nickdesaulniersUnsubmitted Done Reply Inline Actions Question: does `bork` need to occur before `fam` for this substructure reference to work? Does that mean that `element_count` is essentially variadic with this syntax? nickdesaulniers: Question: does `bork` need to occur before `fam` for this substructure reference to work? Does…
				voidAuthorUnsubmitted Done Reply Inline Actions It doesn't need to be before the FAM, but I think a flexible array member needs to be at the end of a structure (I think anyway). And yes, it's variadic. I'll need to expand that in the documentation, but really the documentation should be reworked a lot. void: It doesn't need to be before the FAM, but I think a flexible array member needs to be at the…
				def CountedByDocs : Documentation {
				let Category = DocCatField;
				let Content = [{
				Clang supports the ``counted_by`` attribute on the flexible array member of a
				structure in C. The argument for the attribute is the name of a field member in
				the same structure holding the count of elements in the flexible array. This
				information can be used to improve the results of the array bound sanitizer and
				the ``__builtin_dynamic_object_size`` builtin.

				For example, the following code:

				.. code-block:: c

				struct bar;

				struct foo {
				size_t count;
				char other;
				struct bar *array[] __attribute__((counted_by(count)));
				};

				specifies that the flexible array member ``array`` has the number of elements
				allocated for it stored in ``count``. This establishes a relationship between
				``array`` and ``count``. Specifically, ``p->array`` must have at least
				``p->count`` number of elements available. It's the user's responsibility to
				ensure that this relationship is maintained through changes to the structure.

				In the following example, the allocated array erroneously has fewer elements
				than what's specified by ``p->count``. This would result in an out-of-bounds
				access not being detected.

				.. code-block:: c

				#define SIZE_INCR 42

				struct foo *p;

				void foo_alloc(size_t count) {
				p = malloc(MAX(sizeof(struct foo),
				offsetof(struct foo, array[0]) + count * sizeof(struct bar *)));
				p->count = count + SIZE_INCR;
				}

				The next example updates ``p->count``, breaking the relationship requirement
				that ``p->array`` must have at least ``p->count`` number of elements available:

				.. code-block:: c

				#define SIZE_INCR 42

				struct foo *p;

				void foo_alloc(size_t count) {
				p = malloc(MAX(sizeof(struct foo),
				offsetof(struct foo, array[0]) + count * sizeof(struct bar *)));
				p->count = count;
				}

				void use_foo(int index) {
				p->count += SIZE_INCR + 1; /* 'count' is now larger than the number of elements of 'array'. */
				p->array[index] = 0; /* the sanitizer can't properly check if this is an out-of-bounds access. */
				}

				}];
				}

clang/include/clang/Basic/DiagnosticSemaKinds.td

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 6,377 Lines • ▼ Show 20 Lines def err_flexible_array_arc_retainable : Error<

"ARC forbids flexible array members with retainable object type">; "ARC forbids flexible array members with retainable object type">;

def warn_variable_sized_ivar_visibility : Warning< def warn_variable_sized_ivar_visibility : Warning<

"field %0 with variable sized type %1 is not visible to subclasses and" "field %0 with variable sized type %1 is not visible to subclasses and"

" can conflict with their instance variables">, InGroup<ObjCFlexibleArray>; " can conflict with their instance variables">, InGroup<ObjCFlexibleArray>;

def warn_superclass_variable_sized_type_not_at_end : Warning< def warn_superclass_variable_sized_type_not_at_end : Warning<

"field %0 can overwrite instance variable %1 with variable sized type %2" "field %0 can overwrite instance variable %1 with variable sized type %2"

" in superclass %3">, InGroup<ObjCFlexibleArray>; " in superclass %3">, InGroup<ObjCFlexibleArray>;

def err_counted_by_attr_not_on_flexible_array_member : Error<

"'counted_by' only applies to flexible array members">;

aaron.ballmanUnsubmitted

Done

Why is this a warning and not a typical err_no_member error? I think we want that behavior so that we get typo correction for free. e.g.,

struct S {
  int Count;
  int FAM[] __attribute__((counted_by(Clount))); // Should get a "did you mean 'Count'" fix-it
};

aaron.ballman: Why is this a warning and not a typical `err_no_member` error? I think we want that behavior so…

voidAuthorUnsubmitted

Done

I thought it would be too harsh to make this an error. But I suppose there's no harm in doing this. I'm not sure how to implement a fixit for a closely matching identifier. Do you have an example of how to find the closest matching Decl?

void: I thought it would be too harsh to make this an error. But I suppose there's no harm in doing…

aaron.ballmanUnsubmitted

Not Done

I'll leave a comment below with what I'm thinking.

aaron.ballman: I'll leave a comment below with what I'm thinking.

def err_flexible_array_counted_by_attr_field_not_found : Error<

"field %0 in 'counted_by' not found">;

erichkeaneUnsubmitted

Done

This one isn't clear... something more specifically about 'cannot point to itself' is perhaps more useful/explainatory.

Also, the beginning of all of these is really quite awkward as well, perhaps something like:

field %0 referenced by 'counted_by' attribute ... ?

erichkeane: This one isn't clear... something more specifically about 'cannot point to itself' is perhaps…

voidAuthorUnsubmitted

Done

I reworded them a bit.

As for referring to itself, it could be a bit confusing to say that it 'cannot point to itself' because the 'itself' in that is the attribute, not the flexible array member. I think it's more-or-less clear what the error's referring to. The user can use this attribute only with a flexible array member. So they should know what what's meant by the message.

void: I reworded them a bit. As for referring to itself, it could be a bit confusing to say that it…

erichkeaneUnsubmitted

Not Done

I think the reword helps, I am less confident that referring to the 'flexible array member' is clear. One of the things I've noticed in the past is users 'trying' attributes without looking them up to see what they do. Frankly, I think that should be a supported strategy, and one that we manage by making clear diagnostics.

I'm up for suggestions/hopeful someone else will come up with something better, but I can hold my nose at this if we don't have anything better (and in fact, my attempts to put a strawman up were at least as bad).

erichkeane: I think the reword helps, I am less confident that referring to the 'flexible array member' is…

voidAuthorUnsubmitted

Done

I added a diagnostic (the first one) that indicates it must apply to a FAM. So maybe it'll be okay? I'm open to other wording...

void: I added a diagnostic (the first one) that indicates it must apply to a FAM. So maybe it'll be…

def err_flexible_array_counted_by_attr_field_not_found_suggest : Error<

"field %0 in 'counted_by' not found; did you mean %1?">;

def err_flexible_array_counted_by_attr_field_not_found_in_struct : Error<

"field %0 in 'counted_by' is not found in struct">;

aaron.ballmanUnsubmitted

Done

def err_flexible_array_counted_by_attr_refers_to_self : Error<

- "counted_by field %0 cannot refer to the flexible array">;

+ "'counted_by' field %0 cannot refer to the flexible array">;

def err_flexible_array_counted_by_attr_field_not_integral : Error<

- "counted_by field %0 is not an integral type">;

+ "'counted_by' field %0 is not an integral type">;

def note_flexible_array_counted_by_attr_field : Note<

- "counted_by field %0 declared here">;

+ "'counted_by' field %0 declared here">;

let CategoryName = "ARC Semantic Issue" in {

We try to wrap syntax elements in single quotes in our diagnostics so it's more visually distinct

aaron.ballman: We try to wrap syntax elements in single quotes in our diagnostics so it's more visually…

def err_flexible_array_counted_by_attr_refers_to_self : Error<

"field %0 in 'counted_by' cannot refer to the flexible array">;

def err_flexible_array_counted_by_attr_field_not_integer : Error<

"field %0 in 'counted_by' is not a non-boolean integer type">;

def note_flexible_array_counted_by_attr_field : Note<

"field %0 declared here">;

let CategoryName = "ARC Semantic Issue" in { let CategoryName = "ARC Semantic Issue" in {

// ARC-mode diagnostics. // ARC-mode diagnostics.

let CategoryName = "ARC Weak References" in { let CategoryName = "ARC Weak References" in {

def err_arc_weak_no_runtime : Error< def err_arc_weak_no_runtime : Error<

"cannot create __weak reference because the current deployment target " "cannot create __weak reference because the current deployment target "

▲ Show 20 Lines • Show All 5,636 Lines • Show Last 20 Lines

clang/include/clang/Sema/Sema.h

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 4,798 Lines • ▼ Show 20 Lines	public:

void CheckAlignasUnderalignment(Decl *D);		void CheckAlignasUnderalignment(Decl *D);

bool CheckNoInlineAttr(const Stmt OrigSt, const Stmt CurSt,		bool CheckNoInlineAttr(const Stmt OrigSt, const Stmt CurSt,
const AttributeCommonInfo &A);		const AttributeCommonInfo &A);
bool CheckAlwaysInlineAttr(const Stmt OrigSt, const Stmt CurSt,		bool CheckAlwaysInlineAttr(const Stmt OrigSt, const Stmt CurSt,
const AttributeCommonInfo &A);		const AttributeCommonInfo &A);

		bool CheckCountedByAttr(Scope Scope, const FieldDecl FD);

/// Adjust the calling convention of a method to be the ABI default if it		/// Adjust the calling convention of a method to be the ABI default if it
/// wasn't specified explicitly. This handles method types formed from		/// wasn't specified explicitly. This handles method types formed from
/// function type typedefs and typename template arguments.		/// function type typedefs and typename template arguments.
void adjustMemberFunctionCC(QualType &T, bool HasThisPointer,		void adjustMemberFunctionCC(QualType &T, bool HasThisPointer,
bool IsCtorOrDtor, SourceLocation Loc);		bool IsCtorOrDtor, SourceLocation Loc);

// Check if there is an explicit attribute, but only look through parens.		// Check if there is an explicit attribute, but only look through parens.
// The intent is to look for an attribute on the current declarator, but not		// The intent is to look for an attribute on the current declarator, but not
▲ Show 20 Lines • Show All 9,447 Lines • Show Last 20 Lines

clang/lib/AST/ASTImporter.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 8,963 Lines • ▼ Show 20 Lines	template <typename T> struct AttrArgArrayImporter {

T *value() { return To.data(); }		T *value() { return To.data(); }

private:		private:
llvm::SmallVector<T, 2> To;		llvm::SmallVector<T, 2> To;
};		};

class AttrImporter {		class AttrImporter {
Error Err{Error::success()};		Error Err{Error::success()};
		balazskeUnsubmitted Done Reply Inline Actions This line is not necessary. balazske: This line is not necessary.
		voidAuthorUnsubmitted Done Reply Inline Actions I need access to the `ToAttr` member. I can add an accesser though. void: I need access to the `ToAttr` member. I can add an accesser though.
Attr *ToAttr = nullptr;		Attr *ToAttr = nullptr;
ASTImporter &Importer;		ASTImporter &Importer;
ASTNodeImporter NImporter;		ASTNodeImporter NImporter;

public:		public:
AttrImporter(ASTImporter &I) : Importer(I), NImporter(I) {}		AttrImporter(ASTImporter &I) : Importer(I), NImporter(I) {}

		// Useful for accessing the imported attribute.
		template <typename T> T *castAttrAs() { return cast<T>(ToAttr); }
		template <typename T> const T *castAttrAs() const { return cast<T>(ToAttr); }
		aaron.ballmanUnsubmitted Done Reply Inline Actions Should these be `castAttrAs` so it's more clear that type mismatches don't result in a null pointer, but an assertion? aaron.ballman: Should these be `castAttrAs` so it's more clear that type mismatches don't result in a null…
		voidAuthorUnsubmitted Done Reply Inline Actions Sure. void: Sure.

// Create an "importer" for an attribute parameter.		// Create an "importer" for an attribute parameter.
// Result of the 'value()' of that object is to be passed to the function		// Result of the 'value()' of that object is to be passed to the function
// 'importAttr', in the order that is expected by the attribute class.		// 'importAttr', in the order that is expected by the attribute class.
template <class T> AttrArgImporter<T> importArg(const T &From) {		template <class T> AttrArgImporter<T> importArg(const T &From) {
return AttrArgImporter<T>(NImporter, Err, From);		return AttrArgImporter<T>(NImporter, Err, From);
}		}

// Create an "importer" for an attribute parameter that has array type.		// Create an "importer" for an attribute parameter that has array type.
▲ Show 20 Lines • Show All 190 Lines • ▼ Show 20 Lines	Expected<Attr > ASTImporter::Import(const Attr FromAttr) {
}		}
case attr::LocksExcluded: {		case attr::LocksExcluded: {
const auto *From = cast<LocksExcludedAttr>(FromAttr);		const auto *From = cast<LocksExcludedAttr>(FromAttr);
AI.importAttr(From,		AI.importAttr(From,
AI.importArrayArg(From->args(), From->args_size()).value(),		AI.importArrayArg(From->args(), From->args_size()).value(),
From->args_size());		From->args_size());
break;		break;
}		}
		case attr::CountedBy: {
		AI.cloneAttr(FromAttr);
		const auto *CBA = cast<CountedByAttr>(FromAttr);
		Expected<SourceRange> SR = Import(CBA->getCountedByFieldLoc()).get();
		balazskeUnsubmitted Done Reply Inline Actions From `ASTImporter` point of view this looks not correct: The `ToAttr` has a different AST context than the `FromAttr`, simple copy of a source location is not enough. There is a `ASTImporter::Import(SourceRange)` function that can be used. balazske: From `ASTImporter` point of view this looks not correct: The `ToAttr` has a different AST…
		voidAuthorUnsubmitted Done Reply Inline Actions Ah! Thanks. void: Ah! Thanks.
		if (!SR)
		return SR.takeError();
		balazskeUnsubmitted Done Reply Inline Actions Expected<SourceRange> SR = Import(ECA->getCountFieldSourceRange(I)); if (!SR) return SR.takeError(); AI.getAttrAs<ElementCountAttr>()->addCountFieldSourceRange(SR); balazske:* Expected<SourceRange> SR = Import(ECA->getCountFieldSourceRange(I)); if (!SR)…
		AI.castAttrAs<CountedByAttr>()->setCountedByFieldLoc(SR.get());
		break;
		}

default: {		default: {
// The default branch works for attributes that have no arguments to import.		// The default branch works for attributes that have no arguments to import.
// FIXME: Handle every attribute type that has arguments of type to import		// FIXME: Handle every attribute type that has arguments of type to import
// (most often Expr* or Decl* or type) in the switch above.		// (most often Expr* or Decl* or type) in the switch above.
AI.cloneAttr(FromAttr);		AI.cloneAttr(FromAttr);
break;		break;
}		}
▲ Show 20 Lines • Show All 1,118 Lines • Show Last 20 Lines

clang/lib/AST/DeclBase.cpp

Show All 23 Lines
#include "clang/AST/DeclOpenMP.h"		#include "clang/AST/DeclOpenMP.h"
#include "clang/AST/DeclTemplate.h"		#include "clang/AST/DeclTemplate.h"
#include "clang/AST/DependentDiagnostic.h"		#include "clang/AST/DependentDiagnostic.h"
#include "clang/AST/ExternalASTSource.h"		#include "clang/AST/ExternalASTSource.h"
#include "clang/AST/Stmt.h"		#include "clang/AST/Stmt.h"
#include "clang/AST/Type.h"		#include "clang/AST/Type.h"
#include "clang/Basic/IdentifierTable.h"		#include "clang/Basic/IdentifierTable.h"
#include "clang/Basic/LLVM.h"		#include "clang/Basic/LLVM.h"
#include "clang/Basic/LangOptions.h"
#include "clang/Basic/Module.h"		#include "clang/Basic/Module.h"
#include "clang/Basic/ObjCRuntime.h"		#include "clang/Basic/ObjCRuntime.h"
#include "clang/Basic/PartialDiagnostic.h"		#include "clang/Basic/PartialDiagnostic.h"
#include "clang/Basic/SourceLocation.h"		#include "clang/Basic/SourceLocation.h"
#include "clang/Basic/TargetInfo.h"		#include "clang/Basic/TargetInfo.h"
#include "llvm/ADT/ArrayRef.h"		#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/PointerIntPair.h"		#include "llvm/ADT/PointerIntPair.h"
#include "llvm/ADT/SmallVector.h"		#include "llvm/ADT/SmallVector.h"
▲ Show 20 Lines • Show All 365 Lines • ▼ Show 20 Lines	bool Decl::isInStdNamespace() const {
return DC && DC->isStdNamespace();		return DC && DC->isStdNamespace();
}		}

bool Decl::isFileContextDecl() const {		bool Decl::isFileContextDecl() const {
const auto *DC = dyn_cast<DeclContext>(this);		const auto *DC = dyn_cast<DeclContext>(this);
return DC && DC->isFileContext();		return DC && DC->isFileContext();
}		}

		bool Decl::isFlexibleArrayMemberLike(
		ASTContext &Ctx, const Decl *D, QualType Ty,
		LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel,
		bool IgnoreTemplateOrMacroSubstitution) {
		// For compatibility with existing code, we treat arrays of length 0 or
		// 1 as flexible array members.
		const auto *CAT = Ctx.getAsConstantArrayType(Ty);
		if (CAT) {
		using FAMKind = LangOptions::StrictFlexArraysLevelKind;

		llvm::APInt Size = CAT->getSize();
		FAMKind StrictFlexArraysLevel =
		Ctx.getLangOpts().getStrictFlexArraysLevel();

		if (StrictFlexArraysLevel == FAMKind::IncompleteOnly)
		return false;

		// GCC extension, only allowed to represent a FAM.
		if (Size.isZero())
		return true;

		if (StrictFlexArraysLevel == FAMKind::ZeroOrIncomplete && Size.uge(1))
		return false;

		if (StrictFlexArraysLevel == FAMKind::OneZeroOrIncomplete && Size.uge(2))
		return false;
		} else if (!Ctx.getAsIncompleteArrayType(Ty)) {
		return false;
		}

		if (const auto *OID = dyn_cast_if_present<ObjCIvarDecl>(D))
		return OID->getNextIvar() == nullptr;
		aaron.ballmanUnsubmitted Done Reply Inline Actions Can you explain a bit about what this code is for? I didn't spot any test coverage for it, but perhaps I missed something. aaron.ballman: Can you explain a bit about what this code is for? I didn't spot any test coverage for it, but…
		voidAuthorUnsubmitted Done Reply Inline Actions Short answer is I don't know. :-) This is copied from the original implementation of this method. void: Short answer is I don't know. :-) This is copied from the original implementation of this…
		aaron.ballmanUnsubmitted Done Reply Inline Actions Good enough for me, thank you. :-) (I made that comment before I realized this was a refactor, I forgot to come back and delete it.) aaron.ballman: Good enough for me, thank you. :-) (I made that comment before I realized this was a refactor…

		const auto *FD = dyn_cast_if_present<FieldDecl>(D);
		if (!FD)
		return false;

		if (CAT) {
		// GCC treats an array memeber of a union as an FAM if the size is one or
		// zero.
		llvm::APInt Size = CAT->getSize();
		if (FD->getParent()->isUnion() && (Size.isZero() \|\| Size.isOne()))
		return true;
		}

		// Don't consider sizes resulting from macro expansions or template argument
		// substitution to form C89 tail-padded arrays.
		if (IgnoreTemplateOrMacroSubstitution) {
		TypeSourceInfo *TInfo = FD->getTypeSourceInfo();
		while (TInfo) {
		TypeLoc TL = TInfo->getTypeLoc();

		// Look through typedefs.
		if (TypedefTypeLoc TTL = TL.getAsAdjusted<TypedefTypeLoc>()) {
		const TypedefNameDecl *TDL = TTL.getTypedefNameDecl();
		TInfo = TDL->getTypeSourceInfo();
		continue;
		}

		if (auto CTL = TL.getAs<ConstantArrayTypeLoc>()) {
		const Expr *SizeExpr = dyn_cast<IntegerLiteral>(CTL.getSizeExpr());
		if (!SizeExpr \|\| SizeExpr->getExprLoc().isMacroID())
		return false;
		}

		break;
		}
		}

		// Test that the field is the last in the structure.
		erichkeaneUnsubmitted Done Reply Inline Actions Whats going on here? Is this simply an attempt to see if this is the last one? Can we combine this effort with the 'getLastFieldDecl' above? Alternatively, can we get a good comment here? erichkeane: Whats going on here? Is this simply an attempt to see if this is the last one? Can we combine…
		voidAuthorUnsubmitted Done Reply Inline Actions It's not really the same as the `getLastField` method. That one will return a non-null pointer whether or not the last field is a FAM. This code is just shorthand for getting the iterator for the FAM and then quickly testing if it's the final one. Again, this is because of the forward iterator that RecordDecl uses, for some reason. If we had bidirectional iterators, this would be much clearer. void: It's not really the same as the `getLastField` method. That one will return a non-null pointer…
		RecordDecl::field_iterator FI(
		DeclContext::decl_iterator(const_cast<FieldDecl *>(FD)));
		return ++FI == FD->getParent()->field_end();
		}

TranslationUnitDecl *Decl::getTranslationUnitDecl() {		TranslationUnitDecl *Decl::getTranslationUnitDecl() {
if (auto *TUD = dyn_cast<TranslationUnitDecl>(this))		if (auto *TUD = dyn_cast<TranslationUnitDecl>(this))
return TUD;		return TUD;

DeclContext *DC = getDeclContext();		DeclContext *DC = getDeclContext();
assert(DC && "This decl is not contained in a translation unit!");		assert(DC && "This decl is not contained in a translation unit!");

while (!DC->isTranslationUnit()) {		while (!DC->isTranslationUnit()) {
▲ Show 20 Lines • Show All 1,670 Lines • Show Last 20 Lines

clang/lib/AST/Expr.cpp

Show First 20 Lines • Show All 199 Lines • ▼ Show 20 Lines	if (!Semantic && FD->getType()->isUnsignedIntegerType() &&
!FD->getBitWidth()->isValueDependent() &&		!FD->getBitWidth()->isValueDependent() &&
FD->getBitWidthValue(FD->getASTContext()) == 1)		FD->getBitWidthValue(FD->getASTContext()) == 1)
return true;		return true;

return false;		return false;
}		}

bool Expr::isFlexibleArrayMemberLike(		bool Expr::isFlexibleArrayMemberLike(
ASTContext &Context,		ASTContext &Ctx,
LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel,		LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel,
bool IgnoreTemplateOrMacroSubstitution) const {		bool IgnoreTemplateOrMacroSubstitution) const {

// For compatibility with existing code, we treat arrays of length 0 or
// 1 as flexible array members.
const auto *CAT = Context.getAsConstantArrayType(getType());
if (CAT) {
llvm::APInt Size = CAT->getSize();

using FAMKind = LangOptions::StrictFlexArraysLevelKind;

if (StrictFlexArraysLevel == FAMKind::IncompleteOnly)
return false;

// GCC extension, only allowed to represent a FAM.
if (Size == 0)
return true;

if (StrictFlexArraysLevel == FAMKind::ZeroOrIncomplete && Size.uge(1))
return false;

if (StrictFlexArraysLevel == FAMKind::OneZeroOrIncomplete && Size.uge(2))
return false;
} else if (!Context.getAsIncompleteArrayType(getType()))
return false;

const Expr *E = IgnoreParens();		const Expr *E = IgnoreParens();
		const Decl *D = nullptr;

const NamedDecl *ND = nullptr;		if (const auto *ME = dyn_cast<MemberExpr>(E))
if (const auto *DRE = dyn_cast<DeclRefExpr>(E))		D = ME->getMemberDecl();
ND = DRE->getDecl();		else if (const auto *DRE = dyn_cast<DeclRefExpr>(E))
else if (const auto *ME = dyn_cast<MemberExpr>(E))		D = DRE->getDecl();
ND = ME->getMemberDecl();
else if (const auto *IRE = dyn_cast<ObjCIvarRefExpr>(E))		else if (const auto *IRE = dyn_cast<ObjCIvarRefExpr>(E))
return IRE->getDecl()->getNextIvar() == nullptr;		D = IRE->getDecl();

if (!ND)
return false;

// A flexible array member must be the last member in the class.
// FIXME: If the base type of the member expr is not FD->getParent(),
// this should not be treated as a flexible array member access.
if (const auto *FD = dyn_cast<FieldDecl>(ND)) {
// GCC treats an array memeber of a union as an FAM if the size is one or
// zero.
if (CAT) {
llvm::APInt Size = CAT->getSize();
if (FD->getParent()->isUnion() && (Size.isZero() \|\| Size.isOne()))
return true;
}

// Don't consider sizes resulting from macro expansions or template argument		return Decl::isFlexibleArrayMemberLike(Ctx, D, E->getType(),
// substitution to form C89 tail-padded arrays.		StrictFlexArraysLevel,
if (IgnoreTemplateOrMacroSubstitution) {		IgnoreTemplateOrMacroSubstitution);
TypeSourceInfo *TInfo = FD->getTypeSourceInfo();
while (TInfo) {
TypeLoc TL = TInfo->getTypeLoc();
// Look through typedefs.
if (TypedefTypeLoc TTL = TL.getAsAdjusted<TypedefTypeLoc>()) {
const TypedefNameDecl *TDL = TTL.getTypedefNameDecl();
TInfo = TDL->getTypeSourceInfo();
continue;
}
if (ConstantArrayTypeLoc CTL = TL.getAs<ConstantArrayTypeLoc>()) {
const Expr *SizeExpr = dyn_cast<IntegerLiteral>(CTL.getSizeExpr());
if (!SizeExpr \|\| SizeExpr->getExprLoc().isMacroID())
return false;
}
break;
}
}

RecordDecl::field_iterator FI(
DeclContext::decl_iterator(const_cast<FieldDecl *>(FD)));
return ++FI == FD->getParent()->field_end();
}

return false;
serge-sans-pailleUnsubmitted Not Done Reply Inline Actions I really like this cleanup! serge-sans-paille: I really like this cleanup!
}		}

const ValueDecl *		const ValueDecl *
Expr::getAsBuiltinConstantDeclRef(const ASTContext &Context) const {		Expr::getAsBuiltinConstantDeclRef(const ASTContext &Context) const {
Expr::EvalResult Eval;		Expr::EvalResult Eval;

if (EvaluateAsConstantExpr(Eval, Context)) {		if (EvaluateAsConstantExpr(Eval, Context)) {
APValue &Value = Eval.Val;		APValue &Value = Eval.Val;
▲ Show 20 Lines • Show All 4,953 Lines • Show Last 20 Lines

clang/lib/CodeGen/CGBuiltin.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 847 Lines • ▼ Show 20 Lines if (Param != nullptr && PS != nullptr &&

auto DIter = LocalDeclMap.find(D); auto DIter = LocalDeclMap.find(D);

assert(DIter != LocalDeclMap.end()); assert(DIter != LocalDeclMap.end());

return EmitLoadOfScalar(DIter->second, /*Volatile=*/false, return EmitLoadOfScalar(DIter->second, /*Volatile=*/false,

getContext().getSizeType(), E->getBeginLoc()); getContext().getSizeType(), E->getBeginLoc());

} }

if (IsDynamic) {

LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =

aaron.ballmanUnsubmitted

Done

if (IsDynamic) {

- const LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =

+ LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =

getLangOpts().getStrictFlexArraysLevel();

We don't generally use top-level const on local variables.

aaron.ballman: We don't generally use top-level const on local variables.

nickdesaulniersUnsubmitted

Done

Do we explicitly document this in the style guide? This came up for me recently in a code review (cc @jyknight ).
https://llvm.org/docs/CodingStandards.html

nickdesaulniers: Do we explicitly document this in the style guide? This came up for me recently in a code…

aaron.ballmanUnsubmitted

Done

It's the prevailing style in our files rather than a hard rule. In Clang, we seem to have organically landed on "const members are fine, const locals are not fine, do not use globals". Our const-correctness story is terrible and if we had better const correct interfaces, I think we'd have landed somewhere different.

aaron.ballman: It's the prevailing style in our files rather than a hard rule. In Clang, we seem to have…

nickdesaulniersUnsubmitted

Done

prevailing styles should be documented explicitly in the style guide. That settles all discussions, now and in the future.

Or perhaps an RFC on discourse.

nickdesaulniers: prevailing styles should be documented explicitly in the style guide. That settles all…

voidAuthorUnsubmitted

Done

Easy enough to do. Done.

void: Easy enough to do. Done.

getLangOpts().getStrictFlexArraysLevel();

const Expr *Base = E->IgnoreParenImpCasts();

if (FieldDecl *FD = FindCountedByField(Base, StrictFlexArraysLevel)) {

const auto *ME = dyn_cast<MemberExpr>(Base);

llvm::Value *ObjectSize = nullptr;

if (!ME) {

const auto *DRE = dyn_cast<DeclRefExpr>(Base);

ValueDecl *VD = nullptr;

ObjectSize = ConstantInt::get(

ResType,

getContext().getTypeSize(DRE->getType()->getPointeeType()) / 8,

true);

if (auto *RD = DRE->getType()->getPointeeType()->getAsRecordDecl())

VD = RD->getLastField();

nickdesaulniersUnsubmitted

Done

You should use your newly added RecordDecl::getLastField() here.

nickdesaulniers: You should use your newly added `RecordDecl::getLastField()` here.

Expr *ICE = ImplicitCastExpr::Create(

getContext(), DRE->getType(), CK_LValueToRValue,

const_cast<Expr *>(cast<Expr>(DRE)), nullptr, VK_PRValue,

FPOptionsOverride());

ME = MemberExpr::CreateImplicit(getContext(), ICE, true, VD,

VD->getType(), VK_LValue, OK_Ordinary);

}

// At this point, we know that \p ME is a flexible array member.

const auto *ArrayTy = getContext().getAsArrayType(ME->getType());

aaron.ballmanUnsubmitted

Done

// At this point, we know that \p ME is a flexible array member.

- const auto *ArrayTy = dyn_cast<ArrayType>(ME->getType());

+ const auto *ArrayTy = getContext().getAsArrayType(ME->getType());

unsigned Size = getContext().getTypeSize(ArrayTy->getElementType());

aaron.ballman:

unsigned Size = getContext().getTypeSize(ArrayTy->getElementType());

llvm::Value *CountField =

EmitAnyExprToTemp(MemberExpr::CreateImplicit(

getContext(), const_cast<Expr *>(ME->getBase()),

ME->isArrow(), FD, FD->getType(), VK_LValue,

OK_Ordinary))

.getScalarVal();

llvm::Value *Mul = Builder.CreateMul(

CountField, llvm::ConstantInt::get(CountField->getType(), Size / 8));

Mul = Builder.CreateZExtOrTrunc(Mul, ResType);

if (ObjectSize)

return Builder.CreateAdd(ObjectSize, Mul);

return Mul;

}

// LLVM can't handle Type=3 appropriately, and __builtin_object_size shouldn't // LLVM can't handle Type=3 appropriately, and __builtin_object_size shouldn't

// evaluate E for side-effects. In either case, we shouldn't lower to // evaluate E for side-effects. In either case, we shouldn't lower to

// @llvm.objectsize. // @llvm.objectsize.

if (Type == 3 || (!EmittedE && E->HasSideEffects(getContext()))) if (Type == 3 || (!EmittedE && E->HasSideEffects(getContext())))

return getDefaultBuiltinObjectSizeResult(Type, ResType); return getDefaultBuiltinObjectSizeResult(Type, ResType);

Value *Ptr = EmittedE ? EmittedE : EmitScalarExpr(E); Value *Ptr = EmittedE ? EmittedE : EmitScalarExpr(E);

assert(Ptr->getType()->isPointerTy() && assert(Ptr->getType()->isPointerTy() &&

▲ Show 20 Lines • Show All 19,740 Lines • Show Last 20 Lines

clang/lib/CodeGen/CGExpr.cpp

Show All 24 Lines
#include "clang/AST/ASTContext.h"		#include "clang/AST/ASTContext.h"
#include "clang/AST/Attr.h"		#include "clang/AST/Attr.h"
#include "clang/AST/DeclObjC.h"		#include "clang/AST/DeclObjC.h"
#include "clang/AST/NSAPI.h"		#include "clang/AST/NSAPI.h"
#include "clang/Basic/Builtins.h"		#include "clang/Basic/Builtins.h"
#include "clang/Basic/CodeGenOptions.h"		#include "clang/Basic/CodeGenOptions.h"
#include "clang/Basic/SourceManager.h"		#include "clang/Basic/SourceManager.h"
#include "llvm/ADT/Hashing.h"		#include "llvm/ADT/Hashing.h"
		#include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/StringExtras.h"		#include "llvm/ADT/StringExtras.h"
#include "llvm/IR/DataLayout.h"		#include "llvm/IR/DataLayout.h"
#include "llvm/IR/Intrinsics.h"		#include "llvm/IR/Intrinsics.h"
#include "llvm/IR/IntrinsicsWebAssembly.h"		#include "llvm/IR/IntrinsicsWebAssembly.h"
#include "llvm/IR/LLVMContext.h"		#include "llvm/IR/LLVMContext.h"
#include "llvm/IR/MDBuilder.h"		#include "llvm/IR/MDBuilder.h"
#include "llvm/IR/MatrixBuilder.h"		#include "llvm/IR/MatrixBuilder.h"
#include "llvm/Passes/OptimizationLevel.h"		#include "llvm/Passes/OptimizationLevel.h"
▲ Show 20 Lines • Show All 885 Lines • ▼ Show 20 Lines	static llvm::Value *getArrayIndexingBound(CodeGenFunction &CGF,
}		}

Base = Base->IgnoreParens();		Base = Base->IgnoreParens();

if (const auto *CE = dyn_cast<CastExpr>(Base)) {		if (const auto *CE = dyn_cast<CastExpr>(Base)) {
if (CE->getCastKind() == CK_ArrayToPointerDecay &&		if (CE->getCastKind() == CK_ArrayToPointerDecay &&
!CE->getSubExpr()->isFlexibleArrayMemberLike(CGF.getContext(),		!CE->getSubExpr()->isFlexibleArrayMemberLike(CGF.getContext(),
StrictFlexArraysLevel)) {		StrictFlexArraysLevel)) {
		CodeGenFunction::SanitizerScope SanScope(&CGF);

IndexedType = CE->getSubExpr()->getType();		IndexedType = CE->getSubExpr()->getType();
const ArrayType *AT = IndexedType->castAsArrayTypeUnsafe();		const ArrayType *AT = IndexedType->castAsArrayTypeUnsafe();
if (const auto *CAT = dyn_cast<ConstantArrayType>(AT))		if (const auto *CAT = dyn_cast<ConstantArrayType>(AT))
return CGF.Builder.getInt(CAT->getSize());		return CGF.Builder.getInt(CAT->getSize());
else if (const auto *VAT = dyn_cast<VariableArrayType>(AT))
		if (const auto *VAT = dyn_cast<VariableArrayType>(AT))
return CGF.getVLASize(VAT).NumElts;		return CGF.getVLASize(VAT).NumElts;
// Ignore pass_object_size here. It's not applicable on decayed pointers.		// Ignore pass_object_size here. It's not applicable on decayed pointers.
}		}

		if (FieldDecl *FD = CGF.FindCountedByField(Base, StrictFlexArraysLevel)) {
		const auto *ME = dyn_cast<MemberExpr>(CE->getSubExpr());
		IndexedType = Base->getType();
		nickdesaulniersUnsubmitted Done Reply Inline Actions eventually, we may want to support non-FAMs: struct foo { size_t count; char arr [PATH_MAX] __attribute((element_count("count"))); }; char foo (size_t offset) { struct foo my_foo = { .count = sizeof("hello"), .arr = "hello", }; return &my_foo.arr[offset]; } nickdesaulniers:* eventually, we may want to support non-FAMs: ``` struct foo { size_t count; char arr…
		voidAuthorUnsubmitted Done Reply Inline Actions Maybe? Though this attribute is really only for the sanitizer, which could all ready use `PATH_MAX` to ensure that it doesn't overrun the array. void: Maybe? Though this attribute is really only for the sanitizer, which could all ready use…
		nickdesaulniersUnsubmitted Done Reply Inline Actions Note that `my_foo.arr` is not fully initialized; a value > sizeof("hello") and < PATH_MAX will access uninitialized memory. I think this pattern is very common in C code (use excessive stack allocation partially initialized rather than heap). nickdesaulniers: Note that `my_foo.arr` is not fully initialized; a value > sizeof("hello") and < PATH_MAX will…
		voidAuthorUnsubmitted Done Reply Inline Actions I understand that it could be useful, though as far as uninitialized memory defaulting to zero-initialized stack variables is probably the best defense. :-) void: I understand that it could be useful, though as far as uninitialized memory defaulting to zero…
		return CGF
		.EmitAnyExprToTemp(MemberExpr::CreateImplicit(
		nickdesaulniersUnsubmitted Done Reply Inline Actions `const auto ECA = ...` nickdesaulniers:* `const auto *ECA = ...`
		voidAuthorUnsubmitted Done Reply Inline Actions Doh! void: Doh!
		CGF.getContext(), const_cast<Expr *>(ME->getBase()),
		ME->isArrow(), FD, FD->getType(), VK_LValue, OK_Ordinary))
		.getScalarVal();
		}
}		}

		CodeGenFunction::SanitizerScope SanScope(&CGF);

QualType EltTy{Base->getType()->getPointeeOrArrayElementType(), 0};		QualType EltTy{Base->getType()->getPointeeOrArrayElementType(), 0};
		nickdesaulniersUnsubmitted Done Reply Inline Actions What happens if we never find the field? I guess that's checked below in `CheckElementCountAttr`? Do we need a diagnostic though? nickdesaulniers: What happens if we never find the field? I guess that's checked below in…
		voidAuthorUnsubmitted Done Reply Inline Actions In that case, a diagnostic is emitted during SEMA. void: In that case, a diagnostic is emitted during SEMA.
if (llvm::Value *POS = CGF.LoadPassedObjectSize(Base, EltTy)) {		if (llvm::Value *POS = CGF.LoadPassedObjectSize(Base, EltTy)) {
IndexedType = Base->getType();		IndexedType = Base->getType();
return POS;		return POS;
}		}

return nullptr;		return nullptr;
}		}

		FieldDecl *CodeGenFunction::FindCountedByField(
		const Expr *Base,
		LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel) {
		const ValueDecl *VD = nullptr;

		Base = Base->IgnoreParenImpCasts();

		if (const auto *ME = dyn_cast<MemberExpr>(Base)) {
		VD = dyn_cast<ValueDecl>(ME->getMemberDecl());
		} else if (const auto *DRE = dyn_cast<DeclRefExpr>(Base)) {
		// Pointing to the full structure.
		VD = dyn_cast<ValueDecl>(DRE->getDecl());

		QualType Ty = VD->getType();
		if (Ty->isPointerType())
		Ty = Ty->getPointeeType();

		if (const auto *RD = Ty->getAsRecordDecl())
		nickdesaulniersUnsubmitted Done Reply Inline Actions Why is this re-assigning VD? Is this trying to get the last field in the RecordDecl? Can you use `field_end()` or `--field_end()`? In fact I see this pattern a lot in this patch. Time for a new method on RecordDecl? `const FieldDecl RecordDecl::getLastField()`? nickdesaulniers:* Why is this re-assigning VD? Is this trying to get the last field in the RecordDecl? Can you…
		voidAuthorUnsubmitted Done Reply Inline Actions Created the method. We can't use `field_end` or `--field_end` because it's a forward iterator... void: Created the method. We can't use `field_end` or `--field_end` because it's a forward iterator...
		VD = RD->getLastField();
		} else if (const auto *CE = dyn_cast<CastExpr>(Base)) {
		if (const auto *ME = dyn_cast<MemberExpr>(CE->getSubExpr()))
		VD = dyn_cast<ValueDecl>(ME->getMemberDecl());
		}

		const auto *FD = dyn_cast_if_present<FieldDecl>(VD);
		if (!FD \|\| !FD->getParent() \|\|
		!Decl::isFlexibleArrayMemberLike(getContext(), FD, FD->getType(),
		StrictFlexArraysLevel, true))
		return nullptr;

		const auto *CBA = FD->getAttr<CountedByAttr>();
		if (!CBA)
		return nullptr;

		StringRef FieldName = CBA->getCountedByField()->getName();
		auto It =
		llvm::find_if(FD->getParent()->fields(), [&](const FieldDecl *Field) {
		return FieldName == Field->getName();
		nickdesaulniersUnsubmitted Done Reply Inline Actions Can `llvm::is_contained` from llvm/ADT/STLExtras.h help here? nickdesaulniers: Can `llvm::is_contained` from llvm/ADT/STLExtras.h help here?
		voidAuthorUnsubmitted Done Reply Inline Actions I don't think that works. I thin it requires that the element we search for is of the same type. Here we have only its name. There might be a nicer way of doing this though. void: I don't think that works. I thin it requires that the element we search for is of the same type.
		});
		return It != FD->getParent()->field_end() ? *It : nullptr;
		}

void CodeGenFunction::EmitBoundsCheck(const Expr E, const Expr Base,		void CodeGenFunction::EmitBoundsCheck(const Expr E, const Expr Base,
llvm::Value *Index, QualType IndexType,		llvm::Value *Index, QualType IndexType,
bool Accessed) {		bool Accessed) {
assert(SanOpts.has(SanitizerKind::ArrayBounds) &&		assert(SanOpts.has(SanitizerKind::ArrayBounds) &&
"should not be called unless adding bounds checks");		"should not be called unless adding bounds checks");
SanitizerScope SanScope(this);

const LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =		const LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =
getLangOpts().getStrictFlexArraysLevel();		getLangOpts().getStrictFlexArraysLevel();

QualType IndexedType;		QualType IndexedType;
llvm::Value *Bound =		llvm::Value *Bound =
getArrayIndexingBound(*this, Base, IndexedType, StrictFlexArraysLevel);		getArrayIndexingBound(*this, Base, IndexedType, StrictFlexArraysLevel);
if (!Bound)		if (!Bound)
return;		return;

		SanitizerScope SanScope(this);

bool IndexSigned = IndexType->isSignedIntegerOrEnumerationType();		bool IndexSigned = IndexType->isSignedIntegerOrEnumerationType();
llvm::Value *IndexVal = Builder.CreateIntCast(Index, SizeTy, IndexSigned);		llvm::Value *IndexVal = Builder.CreateIntCast(Index, SizeTy, IndexSigned);
llvm::Value *BoundVal = Builder.CreateIntCast(Bound, SizeTy, false);		llvm::Value *BoundVal = Builder.CreateIntCast(Bound, SizeTy, false);

llvm::Constant *StaticData[] = {		llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(E->getExprLoc()),		EmitCheckSourceLocation(E->getExprLoc()),
EmitCheckTypeDescriptor(IndexedType),		EmitCheckTypeDescriptor(IndexedType),
EmitCheckTypeDescriptor(IndexType)		EmitCheckTypeDescriptor(IndexType)
▲ Show 20 Lines • Show All 4,750 Lines • Show Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.h

Show First 20 Lines • Show All 518 Lines • ▼ Show 20 Lines	const ParmVarDecl *getParamDecl(unsigned I) const {
return *(cast<ObjCMethodDecl>(CalleeDecl)->param_begin() + I);		return *(cast<ObjCMethodDecl>(CalleeDecl)->param_begin() + I);
}		}
};		};

/// Sanitizers enabled for this function.		/// Sanitizers enabled for this function.
SanitizerSet SanOpts;		SanitizerSet SanOpts;

/// True if CodeGen currently emits code implementing sanitizer checks.		/// True if CodeGen currently emits code implementing sanitizer checks.
bool IsSanitizerScope = false;		bool IsSanitizerScope = false;

		nickdesaulniersUnsubmitted Done Reply Inline Actions I don't understand this change. Grepping for `IsSanitizerScope` doesn't show any changed references to how this variable is used. Intentional? nickdesaulniers: I don't understand this change. Grepping for `IsSanitizerScope` doesn't show any changed…
		voidAuthorUnsubmitted Done Reply Inline Actions Ah! Thanks for catching this. I had trouble with this scoping mechanism and for a while used a reference counting method to get around it, but put it back to its previous impl, except for this. I still think the `SanitizerScope` needs work, but that's beyond this project. void: Ah! Thanks for catching this. I had trouble with this scoping mechanism and for a while used a…
/// RAII object to set/unset CodeGenFunction::IsSanitizerScope.		/// RAII object to set/unset CodeGenFunction::IsSanitizerScope.
class SanitizerScope {		class SanitizerScope {
CodeGenFunction *CGF;		CodeGenFunction *CGF;
public:		public:
SanitizerScope(CodeGenFunction *CGF);		SanitizerScope(CodeGenFunction *CGF);
~SanitizerScope();		~SanitizerScope();
};		};

▲ Show 20 Lines • Show All 2,480 Lines • ▼ Show 20 Lines	void EmitTypeCheck(TypeCheckKind TCK, SourceLocation Loc, llvm::Value *V,
llvm::Value *ArraySize = nullptr);		llvm::Value *ArraySize = nullptr);

/// Emit a check that \p Base points into an array object, which		/// Emit a check that \p Base points into an array object, which
/// we can access at index \p Index. \p Accessed should be \c false if we		/// we can access at index \p Index. \p Accessed should be \c false if we
/// this expression is used as an lvalue, for instance in "&Arr[Idx]".		/// this expression is used as an lvalue, for instance in "&Arr[Idx]".
void EmitBoundsCheck(const Expr E, const Expr Base, llvm::Value *Index,		void EmitBoundsCheck(const Expr E, const Expr Base, llvm::Value *Index,
QualType IndexType, bool Accessed);		QualType IndexType, bool Accessed);

		/// Find the FieldDecl specified in a FAM's "counted_by" attribute. Returns
		/// \p nullptr if either the attribute or the field doesn't exist.
		FieldDecl *FindCountedByField(
		const Expr *Base,
		LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel);

llvm::Value EmitScalarPrePostIncDec(const UnaryOperator E, LValue LV,		llvm::Value EmitScalarPrePostIncDec(const UnaryOperator E, LValue LV,
bool isInc, bool isPre);		bool isInc, bool isPre);
ComplexPairTy EmitComplexPrePostIncDec(const UnaryOperator *E, LValue LV,		ComplexPairTy EmitComplexPrePostIncDec(const UnaryOperator *E, LValue LV,
bool isInc, bool isPre);		bool isInc, bool isPre);

/// Converts Location to a DebugLoc, if debug information is enabled.		/// Converts Location to a DebugLoc, if debug information is enabled.
llvm::DebugLoc SourceLocToDebugLoc(SourceLocation Location);		llvm::DebugLoc SourceLocToDebugLoc(SourceLocation Location);

▲ Show 20 Lines • Show All 1,913 Lines • Show Last 20 Lines

clang/lib/Sema/SemaDecl.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 18,013 Lines • ▼ Show 20 Lines void Sema::ActOnStartCXXMemberDeclarations(Scope *S, Decl *TagD,

InjectedClassName->setAccess(AS_public); InjectedClassName->setAccess(AS_public);

if (ClassTemplateDecl *Template = Record->getDescribedClassTemplate()) if (ClassTemplateDecl *Template = Record->getDescribedClassTemplate())

InjectedClassName->setDescribedClassTemplate(Template); InjectedClassName->setDescribedClassTemplate(Template);

PushOnScopeChains(InjectedClassName, S); PushOnScopeChains(InjectedClassName, S);

assert(InjectedClassName->isInjectedClassName() && assert(InjectedClassName->isInjectedClassName() &&

"Broken injected-class-name"); "Broken injected-class-name");

} }

void Sema::ActOnTagFinishDefinition(Scope *S, Decl *TagD, void Sema::ActOnTagFinishDefinition(Scope *S, Decl *TagD,

SourceRange BraceRange) { SourceRange BraceRange) {

AdjustDeclIfTemplate(TagD); AdjustDeclIfTemplate(TagD);

TagDecl *Tag = cast<TagDecl>(TagD); TagDecl *Tag = cast<TagDecl>(TagD);

Tag->setBraceRange(BraceRange); Tag->setBraceRange(BraceRange);

nickdesaulniersUnsubmitted

Not Done

unnecessary curly braces?

nickdesaulniers: unnecessary curly braces?

voidAuthorUnsubmitted

Done

I prefer it this way in this case (actually, I wish C++ had a way to combine those two if's into one). But it's not a big deal.

void: I prefer it this way in this case (actually, I wish C++ had a way to combine those two `if`'s…

aaron.ballmanUnsubmitted

Done

for (const Decl *D : RD->decls()) {

- if (const auto *FD = dyn_cast<FieldDecl>(D))

- if (Pred(FD))

- return FD;

+ if (const auto *FD = dyn_cast<FieldDecl>(D); FD && Pred(FD))

+ return FD;

if (const auto *SubRD = dyn_cast<RecordDecl>(D))

Ask and you shall receive! :-D

aaron.ballman: Ask and you shall receive! :-D

voidAuthorUnsubmitted

Done

Nice!! :-D

void: Nice!! :-D

// Make sure we "complete" the definition even it is invalid. // Make sure we "complete" the definition even it is invalid.

if (Tag->isBeingDefined()) { if (Tag->isBeingDefined()) {

assert(Tag->isInvalidDecl() && "We should already have completed it"); assert(Tag->isInvalidDecl() && "We should already have completed it");

nickdesaulniersUnsubmitted

Done

I think the if is unnecessary, could simply return FindFieldWithContedByAttr(SubRD);?

nickdesaulniers: I think the `if` is unnecessary, could simply `return FindFieldWithContedByAttr(SubRD);`?

voidAuthorUnsubmitted

Done

Nice catch.

void: Nice catch.

if (RecordDecl *RD = dyn_cast<RecordDecl>(Tag)) if (RecordDecl *RD = dyn_cast<RecordDecl>(Tag))

nickdesaulniersUnsubmitted

Done

unnecessary curly braces?

nickdesaulniers: unnecessary curly braces?

RD->completeDefinition(); RD->completeDefinition();

} }

nickdesaulniersUnsubmitted

Not Done

I think if you made this static function instead be a method of RecordDecl, you could reuse it in clang/lib/CodeGen/CGExpr.cpp (in that for loop where you iterate RD->fields.

FieldDecl *RecordDecl::getFieldWithName(StringRef Name);

nickdesaulniers: I think if you made this static function instead be a method of RecordDecl, you could reuse it…

if (auto *RD = dyn_cast<CXXRecordDecl>(Tag)) { if (auto *RD = dyn_cast<CXXRecordDecl>(Tag)) {

FieldCollector->FinishClass(); FieldCollector->FinishClass();

if (RD->hasAttr<SYCLSpecialClassAttr>()) { if (RD->hasAttr<SYCLSpecialClassAttr>()) {

nickdesaulniersUnsubmitted

Done

consider adding a comment above this function that it returns nullptr on success

nickdesaulniers: consider adding a comment above this function that it returns nullptr on success

aaron.ballmanUnsubmitted

Not Done

This logic seems like it should live in SemaDeclAttr.cpp when handling the attribute. We're given the declaration the attribute is applied to, so we can do everything we need from that (the FieldDecl has a getParent() so we don't need the RecordDecl to be passed in. Is there a reason we need it to live here instead?

aaron.ballman: This logic seems like it should live in SemaDeclAttr.cpp when handling the attribute. We're…

voidAuthorUnsubmitted

Done

I put it here only because it's close to where it's called. I'm ambivalent on where it should live. Am I performing the check in the correct place?

Changed to use getParent().

void: I put it here only because it's close to where it's called. I'm ambivalent on where it should…

aaron.ballmanUnsubmitted

Done

I prefer it to live in SemaDeclAttr.cpp as that's where the other attribute checking logic generally lives; it makes it slightly easier for us to find the checking logic in the future.

aaron.ballman: I prefer it to live in SemaDeclAttr.cpp as that's where the other attribute checking logic…

voidAuthorUnsubmitted

Done

Okay. I moved it over there.

void: Okay. I moved it over there.

auto *Def = RD->getDefinition(); auto *Def = RD->getDefinition();

assert(Def && "The record is expected to have a completed definition"); assert(Def && "The record is expected to have a completed definition");

unsigned NumInitMethods = 0; unsigned NumInitMethods = 0;

for (auto *Method : Def->methods()) { for (auto *Method : Def->methods()) {

if (!Method->getIdentifier()) if (!Method->getIdentifier())

continue; continue;

nickdesaulniersUnsubmitted

Done

const auto *....

nickdesaulniers: const auto *....

if (Method->getName() == "__init") if (Method->getName() == "__init")

NumInitMethods++; NumInitMethods++;

nickdesaulniersUnsubmitted

Not Done

llvm::is_contained?

nickdesaulniers: `llvm::is_contained`?

voidAuthorUnsubmitted

Done

It's a similar issue as the one above: the ECA returns an IdentifierInfo, but fields() has only FieldDecls.

void: It's a similar issue as the one above: the ECA returns an `IdentifierInfo`, but `fields()` has…

} }

rapidsnaUnsubmitted

Not Done

What happens in this corner case where the Field is actually the field that the attribute appertains to?

struct foo {
  int count;
  int counted[__attribute__((counted_by(counted)))];
};

rapidsna: What happens in this corner case where the `Field` is actually the field that the attribute…

voidAuthorUnsubmitted

Done

That should be an error. I'll add that as a check.

void: That should be an error. I'll add that as a check.

if (NumInitMethods > 1 || !Def->hasInitMethod()) if (NumInitMethods > 1 || !Def->hasInitMethod())

Diag(RD->getLocation(), diag::err_sycl_special_type_num_init_method); Diag(RD->getLocation(), diag::err_sycl_special_type_num_init_method);

} }

// Exit this scope of this tag's definition. // Exit this scope of this tag's definition.

PopDeclContext(); PopDeclContext();

if (getCurLexicalContext()->isObjCContainer() && if (getCurLexicalContext()->isObjCContainer() &&

Tag->getDeclContext()->isFileContext()) Tag->getDeclContext()->isFileContext())

Tag->setTopLevelDeclInObjCContainer(); Tag->setTopLevelDeclInObjCContainer();

aaron.ballmanUnsubmitted

Not Done

When the lookup result is not found, I think you should call Sema::DiagnoseEmptyLookup(). This will handle giving you the error about the member not being found, but it should also give you typo correction for free, and if typo correction happens, you should then already know what new declaration was found via the correction, so you can continue to check for the other cases from there.

https://github.com/llvm/llvm-project/blob/b57df9fe9a1a230f277d671bfa0884bbda9fc1c5/clang/lib/Sema/SemaLambda.cpp#L1151 is an example of this being called elsewhere.

aaron.ballman: When the lookup result is not found, I think you should call `Sema::DiagnoseEmptyLookup()`.

voidAuthorUnsubmitted

Done

GAAAA! It's just like the rest of Clang: There are a million ways to do something, but none of them are documented and only one of them works for your particular case...kind of...and it takes a ton of arguments which seem counter-intuitive (CXXScopeSpec instead of DeclSpec?). All of Clang has been over-engineered from the beginning and it shows in how hard it is to do even the most basic things. So hard that people write the same things over and over with only small changes (see the two designated initializers implementations) leading to a nightmare.

The example you pointed to doesn't work. And none of the other forms seem to fit well enough. There are apparently many ways to "correct" a typo, but none of them seemed appropriate or like they'd do what I want. Is it really necessary to have this?

void: GAAAA! It's just like the rest of Clang: There are a million ways to do something, but none of…

aaron.ballmanUnsubmitted

Not Done

Necessary? No. A better implementation of the feature? I think so; we want the user experience to be consistent whenever possible and it's pretty unfortunate that users would get typo correction elsewhere but not here.

That said, I don't think this patch needs to be gated on that; we can add a FIXME to use a more general mechanism instead of even more custom logic.

aaron.ballman: Necessary? No. A better implementation of the feature? I think so; we want the user experience…

voidAuthorUnsubmitted

Done

I'm still not able to get it to work for me. Is there any documentation on how to work with that feature?

void: I'm still not able to get it to work for me. Is there any documentation on how to work with…

// Notify the consumer that we've defined a tag. // Notify the consumer that we've defined a tag.

if (!Tag->isInvalidDecl()) if (!Tag->isInvalidDecl())

aaron.ballmanUnsubmitted

Not Done

Errr any integer type?

struct S {
  bool HerpADerp;
  int FAM[] __attribute__((counted_by(HerpADerp)));
};

seems like something we don't want, but I also wonder about enumeration types and more interestingly, plain char where it could be treated as signed or unsigned depending on compiler flags.

aaron.ballman: Errr any integer type? ``` struct S { bool HerpADerp; int FAM[] __attribute__((counted_by…

voidAuthorUnsubmitted

Done

Yeah...unless they want just 1 element. ;-) I can rule a bool out. (Done)

A char should be fine. Dunno about signed vs. unsigned...

void: Yeah...unless they want just 1 element. ;-) I can rule a `bool` out. (Done) A `char` should be…

aaron.ballmanUnsubmitted

Not Done

The char situation I'm thinking about is morally: https://godbolt.org/z/377WPYojz

With -fsigned-char, accessing Idx means you get the value -1 and with -funsigned-char, you get the value 255. If that was used to index into FAM, the signed char version would become a bounds access issue whereas the unsigned char version works fine, so it's hard to write a portable attribute that refers to a char member.

Then again, the counted_by attribute is intended to catch exactly this kind of issue, so perhaps it's fine on char?

aaron.ballman: The `char` situation I'm thinking about is morally: https://godbolt.org/z/377WPYojz With `…

voidAuthorUnsubmitted

Done

True. But we technically have that issue with every type. Maybe it'd be best to make sure we don't have a negative result?

void: True. But we technically have that issue with every type. Maybe it'd be best to make sure we…

aaron.ballmanUnsubmitted

Not Done

So at CodeGen time we see if we know the value within the field, and if it's known to be negative, we diagnose? Or are you thinking of something else?

aaron.ballman: So at CodeGen time we see if we know the value within the field, and if it's known to be…

voidAuthorUnsubmitted

Done

No, because we generally won't know the value in this field at codegen time. I meant it as a runtime check. I'm going to see what GCC does.

void: No, because we generally won't know the value in this field at codegen time. I meant it as a…

Consumer.HandleTagDeclDefinition(Tag); Consumer.HandleTagDeclDefinition(Tag);

// Clangs implementation of #pragma align(packed) differs in bitfield layout // Clangs implementation of #pragma align(packed) differs in bitfield layout

// from XLs and instead matches the XL #pragma pack(1) behavior. // from XLs and instead matches the XL #pragma pack(1) behavior.

if (Context.getTargetInfo().getTriple().isOSAIX() && if (Context.getTargetInfo().getTriple().isOSAIX() &&

AlignPackStack.hasValue()) { AlignPackStack.hasValue()) {

AlignPackInfo APInfo = AlignPackStack.CurrentValue; AlignPackInfo APInfo = AlignPackStack.CurrentValue;

// Only diagnose #pragma align(packed). // Only diagnose #pragma align(packed).

if (!APInfo.IsAlignAttr() || APInfo.getAlignMode() != AlignPackInfo::Packed) if (!APInfo.IsAlignAttr() || APInfo.getAlignMode() != AlignPackInfo::Packed)

return; return;

const RecordDecl *RD = dyn_cast<RecordDecl>(Tag); const RecordDecl *RD = dyn_cast<RecordDecl>(Tag);

if (!RD) if (!RD)

return; return;

// Only warn if there is at least 1 bitfield member. // Only warn if there is at least 1 bitfield member.

if (llvm::any_of(RD->fields(), if (llvm::any_of(RD->fields(),

[](const FieldDecl *FD) { return FD->isBitField(); })) [](const FieldDecl *FD) { return FD->isBitField(); }))

Diag(BraceRange.getBegin(), diag::warn_pragma_align_not_xl_compatible); Diag(BraceRange.getBegin(), diag::warn_pragma_align_not_xl_compatible);

} }

// Check the "counted_by" attribute to ensure that the count field exists in

// the struct.

if (const auto *RD = dyn_cast<RecordDecl>(Tag)) {

nickdesaulniersUnsubmitted

Done

const auto *

nickdesaulniers: const auto *

auto Pred = [](const Decl *D) {

if (const auto *FD = dyn_cast<FieldDecl>(D))

return FD->hasAttr<CountedByAttr>();

return false;

};

nickdesaulniersUnsubmitted

Done

does it fit on one line to do:

if (const IdentifierInfo *I = CheckCountedByAttr(RD, FD, SR))

nickdesaulniers: does it fit on one line to do: ``` if (const IdentifierInfo *I = CheckCountedByAttr(RD, FD…

voidAuthorUnsubmitted

Done

Yeah. I must have missed that...

void: Yeah. I must have missed that...

if (const FieldDecl *FD = RD->findFieldIf(Pred))

CheckCountedByAttr(S, FD);

}

} }

void Sema::ActOnObjCContainerFinishDefinition() { void Sema::ActOnObjCContainerFinishDefinition() {

// Exit this scope of this interface definition. // Exit this scope of this interface definition.

PopDeclContext(); PopDeclContext();

} }

void Sema::ActOnObjCTemporaryExitContainerContext(ObjCContainerDecl *ObjCCtx) { void Sema::ActOnObjCTemporaryExitContainerContext(ObjCContainerDecl *ObjCCtx) {

▲ Show 20 Lines • Show All 2,259 Lines • Show Last 20 Lines

clang/lib/Sema/SemaDeclAttr.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 8,355 Lines • ▼ Show 20 Lines	S.Diag(LiteralLoc, diag::warn_attribute_type_not_supported)
<< AL << KindStr;		<< AL << KindStr;
return;		return;
}		}

D->dropAttr<ZeroCallUsedRegsAttr>();		D->dropAttr<ZeroCallUsedRegsAttr>();
D->addAttr(ZeroCallUsedRegsAttr::Create(S.Context, Kind, AL));		D->addAttr(ZeroCallUsedRegsAttr::Create(S.Context, Kind, AL));
}		}

		static void handleCountedByAttr(Sema &S, Decl *D, const ParsedAttr &AL) {
		if (!AL.isArgIdent(0)) {
		S.Diag(AL.getLoc(), diag::err_attribute_argument_type)
		<< AL << AANT_ArgumentIdentifier;
		return;
		}

		IdentifierLoc *IL = AL.getArgAsIdent(0);
		CountedByAttr *CBA =
		::new (S.Context) CountedByAttr(S.Context, AL, IL->Ident);
		CBA->setCountedByFieldLoc(IL->Loc);
		D->addAttr(CBA);
		}

		namespace {

		// Callback to only accept typo corrections that are for field members of
		// the given struct or union.
		class FieldDeclValidatorCCC final : public CorrectionCandidateCallback {
		public:
		explicit FieldDeclValidatorCCC(const RecordDecl *RD) : Record(RD) {}

		bool ValidateCandidate(const TypoCorrection &candidate) override {
		FieldDecl *FD = candidate.getCorrectionDeclAs<FieldDecl>();
		return FD && FD->getDeclContext()->getRedeclContext()->Equals(Record);
		}

		std::unique_ptr<CorrectionCandidateCallback> clone() override {
		return std::make_unique<FieldDeclValidatorCCC>(*this);
		}

		private:
		const RecordDecl *Record;
		};

		} // end anonymous namespace

		bool Sema::CheckCountedByAttr(Scope S, const FieldDecl FD) {
		const RecordDecl *RD = FD->getParent();
		const auto *CBA = FD->getAttr<CountedByAttr>();
		const IdentifierInfo *FieldName = CBA->getCountedByField();

		auto Pred = [&](const Decl *D) {
		if (const auto *Field = dyn_cast<FieldDecl>(D))
		return Field->getName() == FieldName->getName();
		return false;
		};
		const FieldDecl *Field = RD->findFieldIf(Pred);

		if (!Field) {
		// The "counted_by" field needs to exist within the struct.
		DeclarationNameInfo NameInfo(FieldName,
		CBA->getCountedByFieldLoc().getBegin());
		LookupResult Result(*this, NameInfo, Sema::LookupOrdinaryName);

		LookupName(Result, S);
		if (Result.getResultKind() == LookupResult::Found) {
		SourceRange SR = CBA->getCountedByFieldLoc();
		Diag(SR.getBegin(),
		diag::err_flexible_array_counted_by_attr_field_not_found_in_struct)
		<< CBA->getCountedByField() << SR;

		SR = Result.getAsSingle<NamedDecl>()->getSourceRange();
		Diag(SR.getBegin(), diag::note_var_declared_here)
		<< Result.getAsSingle<NamedDecl>() << SR;
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions The logic here still seems incorrect. I was expecting the code to look more like this: bool Sema::CheckCountedByAttr(Scope S, const FieldDecl FD) { const RecordDecl RD = FD->getParent(); const auto CBA = FD->getAttr<CountedByAttr>(); const IdentifierInfo FieldName = CBA->getCountedByField(); DeclarationNameInfo NameInfo(FieldName, CBA->getCountedByFieldLoc().getBegin()); LookupResult Result(this, NameInfo, Sema::LookupMemberName); LookupName(Result, S); if (Result.empty()) { CXXScopeSpec SS; DeclFilterCCC<FieldDecl> Filter(const_cast<IdentifierInfo >(FieldName)); if (DiagnoseEmptyLookup(S, SS, Result, Filter, nullptr, std::nullopt, const_cast<DeclContext >(FD->getDeclContext()))) return true; } const FieldDecl Field = Result.getAsSingle<FieldDecl>(); LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel = Context.getLangOpts().getStrictFlexArraysLevel(); ... I tested this locally on code like: struct not_a_fam { int foo; int fam[] __attribute__((counted_by(fob))); }; and get a diagnostic like: C:\Users\aballman\OneDrive - Intel Corporation\Desktop\test.c:3:39: error: use of undeclared identifier 'fob'; did you mean 'foo'? 3 \| int fam[] __attribute__((counted_by(fob))); \| ^~~ \| foo C:\Users\aballman\OneDrive - Intel Corporation\Desktop\test.c:2:7: note: 'foo' declared here 2 \| int foo; \| ^ 1 error generated. Note, I had to add a constructor to `DeclFilterCCC` to expose the base class constructor, and modify `DiagnoseEmptyLookup()` like this: diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp index 2ed31a90c5dc..3c4ade391a5e 100644 --- a/clang/lib/Sema/SemaExpr.cpp +++ b/clang/lib/Sema/SemaExpr.cpp @@ -2458,7 +2458,8 @@ bool Sema::DiagnoseDependentMemberLookup(const LookupResult &R) { bool Sema::DiagnoseEmptyLookup(Scope S, CXXScopeSpec &SS, LookupResult &R, CorrectionCandidateCallback &CCC, TemplateArgumentListInfo ExplicitTemplateArgs, - ArrayRef<Expr > Args, TypoExpr *Out) { + ArrayRef<Expr > Args, DeclContext LookupCtx, + TypoExpr Out) { DeclarationName Name = R.getLookupName(); unsigned diagnostic = diag::err_undeclared_var_use; @@ -2474,7 +2475,9 @@ bool Sema::DiagnoseEmptyLookup(Scope S, CXXScopeSpec &SS, LookupResult &R, // unqualified lookup. This is useful when (for example) the // original lookup would not have found something because it was a // dependent name. - DeclContext DC = SS.isEmpty() ? CurContext : nullptr; + DeclContext DC = + LookupCtx ? LookupCtx : (SS.isEmpty() ? CurContext : nullptr); + DeclContext OrigLookupCtx = DC; while (DC) { if (isa<CXXRecordDecl>(DC)) { LookupQualifiedName(R, DC); @@ -2517,12 +2520,12 @@ bool Sema::DiagnoseEmptyLookup(Scope S, CXXScopeSpec &SS, LookupResult &R, emitEmptyLookupTypoDiagnostic(TC, this, SS, Name, TypoLoc, Args, diagnostic, diagnostic_suggest); }, - nullptr, CTK_ErrorRecovery); + nullptr, CTK_ErrorRecovery, OrigLookupCtx); if (Out) return true; - } else if (S && - (Corrected = CorrectTypo(R.getLookupNameInfo(), R.getLookupKind(), - S, &SS, CCC, CTK_ErrorRecovery))) { + } else if (S && (Corrected = CorrectTypo(R.getLookupNameInfo(), + R.getLookupKind(), S, &SS, CCC, + CTK_ErrorRecovery, OrigLookupCtx))) { std::string CorrectedStr(Corrected.getAsString(getLangOpts())); bool DroppedSpecifier = Corrected.WillReplaceSpecifier() && Name.getAsString() == CorrectedStr; @@ -2812,7 +2815,7 @@ Sema::ActOnIdExpression(Scope S, CXXScopeSpec &SS, // a template name, but we happen to have always already looked up the name // before we get here if it must be a template name. if (DiagnoseEmptyLookup(S, SS, R, CCC ? CCC : DefaultValidator, nullptr, - std::nullopt, &TE)) { + std::nullopt, nullptr, &TE)) { if (TE && KeywordReplacement) { auto &State = getTypoExprState(TE); auto BestTC = State.Consumer->getNextCorrection(); Can you give something like this a shot and see how well it works for you? aaron.ballman: The logic here still seems incorrect. I was expecting the code to look more like this: ``` bool…
		voidAuthorUnsubmitted Done Reply Inline Actions I wanted to check for two different issues when the field isn't found: The field is outside of the struct, or The field isn't found (or is misspelled). If I do your version, that distinction goes away. But if you want me to work on this more, would you mind if I did it in a follow-up commit? I'm not at all happy about adding yet another parameter to a method that already has a million parameters. It would be nice if that was cleaned up. void: I wanted to check for two different issues when the field isn't found: 1. The field is outside…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions I wanted to check for two different issues when the field isn't found: The field is outside of the struct, or The field isn't found (or is misspelled). If I do your version, that distinction goes away. Correct, my version is only looking for the field as a member name because we never want it to find a variable outside the scope of the structure. We could augment it to do what you want though: bool Sema::CheckCountedByAttr(Scope S, const FieldDecl FD) { const RecordDecl RD = FD->getParent(); const auto CBA = FD->getAttr<CountedByAttr>(); const IdentifierInfo FieldName = CBA->getCountedByField(); DeclarationNameInfo NameInfo(FieldName, CBA->getCountedByFieldLoc().getBegin()); LookupResult Result(this, NameInfo, Sema::LookupMemberName); LookupName(Result, S); if (Result.empty()) { // Look for the name outside of the scope of the structure so we can issue a different // diagnostic in that case. LookupResult BackupResult(this, NameInfo, Sema::LookupOrdinaryName); LookupName(BackupResult, S); if (!BackupResult.empty()) { return Diag(Loc, diag::whatever); } else { // Otherwise, diagnose the empty lookup. CXXScopeSpec SS; DeclFilterCCC<FieldDecl> Filter(const_cast<IdentifierInfo >(FieldName)); if (DiagnoseEmptyLookup(S, SS, Result, Filter, nullptr, std::nullopt, const_cast<DeclContext >(FD->getDeclContext()))) return true; } } const FieldDecl Field = Result.getAsSingle<FieldDecl>(); LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel = Context.getLangOpts().getStrictFlexArraysLevel(); ... But if you want me to work on this more, would you mind if I did it in a follow-up commit? I'm not at all happy about adding yet another parameter to a method that already has a million parameters. It would be nice if that was cleaned up. I don't insist on doing it as part of this patch but I do strongly prefer doing it now. Waiting runs the risk of not actually doing that work, but also, I worry that the lookups will be subtly different and we might risk breaking code by changing it later. That said, if you mean "(almost) immediately after landing this" kind of follow-up, I'm not worried about the breakage and that's fine. aaron.ballman: > I wanted to check for two different issues when the field isn't found: > > 1. The field is…
		} else {
		SourceRange SR = CBA->getCountedByFieldLoc();
		FieldDeclValidatorCCC CCC(RD);

		if (TypoCorrection Corrected =
		CorrectTypo(NameInfo, Sema::LookupMemberName, /Scope=/nullptr,
		/SS=/nullptr, CCC, Sema::CTK_ErrorRecovery,
		const_cast<RecordDecl *>(RD))) {
		diagnoseTypo(
		Corrected,
		PDiag(
		diag::
		err_flexible_array_counted_by_attr_field_not_found_suggest)
		<< FieldName);
		} else {
		Diag(SR.getBegin(),
		diag::err_flexible_array_counted_by_attr_field_not_found)
		<< CBA->getCountedByField() << SR;
		}
		}

		return true;
		}

		LangOptions::StrictFlexArraysLevelKind StrictFlexArraysLevel =
		Context.getLangOpts().getStrictFlexArraysLevel();

		if (!Decl::isFlexibleArrayMemberLike(Context, FD, FD->getType(),
		StrictFlexArraysLevel, true)) {
		// The "counted_by" attribute must be on a flexible array member.
		SourceRange SR = FD->getLocation();
		Diag(SR.getBegin(),
		diag::err_counted_by_attr_not_on_flexible_array_member)
		<< SR;
		return true;
		}

		if (Field->hasAttr<CountedByAttr>()) {
		// The "counted_by" field can't point to the flexible array member.
		SourceRange SR = CBA->getCountedByFieldLoc();
		Diag(SR.getBegin(),
		diag::err_flexible_array_counted_by_attr_refers_to_self)
		<< CBA->getCountedByField() << SR;
		return true;
		}

		if (!Field->getType()->isIntegerType() \|\|
		Field->getType()->isBooleanType()) {
		// The "counted_by" field must have an integer type.
		SourceRange SR = Field->getLocation();
		Diag(SR.getBegin(),
		diag::err_flexible_array_counted_by_attr_field_not_integer)
		<< Field << SR;

		SR = CBA->getCountedByFieldLoc();
		Diag(SR.getBegin(), diag::note_flexible_array_counted_by_attr_field)
		<< CBA->getCountedByField() << SR;
		return true;
		}

		return false;
		}

static void handleFunctionReturnThunksAttr(Sema &S, Decl *D,		static void handleFunctionReturnThunksAttr(Sema &S, Decl *D,
const ParsedAttr &AL) {		const ParsedAttr &AL) {
StringRef KindStr;		StringRef KindStr;
SourceLocation LiteralLoc;		SourceLocation LiteralLoc;
if (!S.checkStringLiteralArgumentAttr(AL, 0, KindStr, &LiteralLoc))		if (!S.checkStringLiteralArgumentAttr(AL, 0, KindStr, &LiteralLoc))
return;		return;

FunctionReturnThunksAttr::Kind Kind;		FunctionReturnThunksAttr::Kind Kind;
▲ Show 20 Lines • Show All 937 Lines • ▼ Show 20 Lines	ProcessDeclAttribute(Sema &S, Scope scope, Decl D, const ParsedAttr &AL,
case ParsedAttr::AT_NoUniqueAddress:		case ParsedAttr::AT_NoUniqueAddress:
handleNoUniqueAddressAttr(S, D, AL);		handleNoUniqueAddressAttr(S, D, AL);
break;		break;

case ParsedAttr::AT_AvailableOnlyInDefaultEvalMethod:		case ParsedAttr::AT_AvailableOnlyInDefaultEvalMethod:
handleAvailableOnlyInDefaultEvalMethod(S, D, AL);		handleAvailableOnlyInDefaultEvalMethod(S, D, AL);
break;		break;

		case ParsedAttr::AT_CountedBy:
		handleCountedByAttr(S, D, AL);
		break;

// Microsoft attributes:		// Microsoft attributes:
case ParsedAttr::AT_LayoutVersion:		case ParsedAttr::AT_LayoutVersion:
handleLayoutVersion(S, D, AL);		handleLayoutVersion(S, D, AL);
break;		break;
case ParsedAttr::AT_Uuid:		case ParsedAttr::AT_Uuid:
handleUuidAttr(S, D, AL);		handleUuidAttr(S, D, AL);
break;		break;
case ParsedAttr::AT_MSInheritance:		case ParsedAttr::AT_MSInheritance:
▲ Show 20 Lines • Show All 632 Lines • Show Last 20 Lines

clang/test/CodeGen/attr-counted-by.c

This file was added.

				// NOTE: Assertions have been autogenerated by utils/update_cc_test_checks.py UTC_ARGS: --version 3
				// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -DCOUNTED_BY -O2 -Wall -fsanitize=array-bounds,object-size,local-bounds -fstrict-flex-arrays=3 -emit-llvm -o - %s \| FileCheck --check-prefix=SANITIZE-WITH-ATTR %s
				// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -DCOUNTED_BY -O2 -Wall -fstrict-flex-arrays=3 -emit-llvm -o - %s \| FileCheck --check-prefix=NO-SANITIZE-WITH-ATTR %s
				nickdesaulniersUnsubmitted Done Reply Inline Actions Can you add another run line without the `-fsanitize` flags set, and use 2 different `--check-prefixes` for the two RUN lines? I'd be curious to see the differences in codegen between those set or not. I assume this attribute should affect codegen even with all of those disabled (maybe trapping instead of libcalling into ubsan runtime). I think update_cc_test_checks should be able to handle that. nickdesaulniers: Can you add another run line without the `-fsanitize` flags set, and use 2 different `--check…
				voidAuthorUnsubmitted Done Reply Inline Actions Done. void: Done.
				nickdesaulniersUnsubmitted Not Done Reply Inline Actions I guess that's what I was curious about; how come the attribute doesn't affect codegen unless the sanitizers are enabled? nickdesaulniers: I guess that's what I was curious about; how come the attribute doesn't affect codegen unless…
				voidAuthorUnsubmitted Done Reply Inline Actions I don't think we would want the bounds checking unless explicitly told so. I could be wrong? void: I don't think we would want the bounds checking unless explicitly told so. I could be wrong?
				voidAuthorUnsubmitted Done Reply Inline Actions To clarify. It does generate the code for the `__bdos` calculation. It just doesn't generate a trap. void: To clarify. It does generate the code for the `__bdos` calculation. It just doesn't generate a…
				// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -O2 -Wall -fsanitize=array-bounds,object-size,local-bounds -fstrict-flex-arrays=3 -emit-llvm -o - %s \| FileCheck --check-prefix=SANITIZE-WITHOUT-ATTR %s
				// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -O2 -Wall -fstrict-flex-arrays=3 -emit-llvm -o - %s \| FileCheck --check-prefix=NO-SANITIZE-WITHOUT-ATTR %s

				#if !__has_attribute(counted_by)
				#error "has attribute broken"
				#endif

				#ifdef COUNTED_BY
				#define __counted_by(member) __attribute__((__counted_by__(member)))
				#else
				#define __counted_by(member)
				#endif

				typedef long unsigned int size_t;

				struct annotated {
				unsigned long flags;
				int count;
				int array[] __counted_by(count);
				};

				// SANITIZE-WITH-ATTR-LABEL: define dso_local void @test1(
				// SANITIZE-WITH-ATTR-SAME: ptr noundef [[P:%.]], i32 noundef [[INDEX:%.]], i32 noundef [[VAL:%.*]]) local_unnamed_addr #[[ATTR0:[0-9]+]] {
				// SANITIZE-WITH-ATTR-NEXT: entry:
				// SANITIZE-WITH-ATTR-NEXT: [[COUNT:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 1
				// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load i32, ptr [[COUNT]], align 8, !tbaa [[TBAA2:![0-9]+]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = sext i32 [[INDEX]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: [[TMP2:%.*]] = zext i32 [[TMP0]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: [[TMP3:%.*]] = icmp ult i64 [[TMP1]], [[TMP2]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: br i1 [[TMP3]], label [[CONT7:%.]], label [[HANDLER_OUT_OF_BOUNDS:%.]], !prof [[PROF7:![0-9]+]], !nosanitize !6
				// SANITIZE-WITH-ATTR: handler.out_of_bounds:
				// SANITIZE-WITH-ATTR-NEXT: [[TMP4:%.*]] = zext i32 [[INDEX]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB2:[0-9]+]], i64 [[TMP4]]) #[[ATTR2:[0-9]+]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize !6
				// SANITIZE-WITH-ATTR: cont7:
				// SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [[STRUCT_ANNOTATED]], ptr [[P]], i64 0, i32 2, i64 [[TMP1]]
				// SANITIZE-WITH-ATTR-NEXT: store i32 [[VAL]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITH-ATTR-LABEL: define dso_local void @test1(
				// NO-SANITIZE-WITH-ATTR-SAME: ptr nocapture noundef writeonly [[P:%.]], i32 noundef [[INDEX:%.]], i32 noundef [[VAL:%.*]]) local_unnamed_addr #[[ATTR0:[0-9]+]] {
				// NO-SANITIZE-WITH-ATTR-NEXT: entry:
				// NO-SANITIZE-WITH-ATTR-NEXT: [[IDXPROM:%.*]] = sext i32 [[INDEX]] to i64
				// NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[IDXPROM]]
				// NO-SANITIZE-WITH-ATTR-NEXT: store i32 [[VAL]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2:![0-9]+]]
				// NO-SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test1(
				// SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i32 noundef [[INDEX:%.]], i32 noundef [[VAL:%.*]]) local_unnamed_addr #[[ATTR0:[0-9]+]] {
				nickdesaulniersUnsubmitted Not Done Reply Inline Actions Is the call to `func` is unnecessary for this test or can we just `return __builtin_dynamic_object_size(p->array, 1)`? nickdesaulniers: Is the call to `func` is unnecessary for this test or can we just `return…
				voidAuthorUnsubmitted Done Reply Inline Actions Nope. Not sure why I had it. :-/ Removed. void: Nope. Not sure why I had it. :-/ Removed.
				// SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// SANITIZE-WITHOUT-ATTR-NEXT: [[IDXPROM:%.*]] = sext i32 [[INDEX]] to i64
				// SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[IDXPROM]]
				// SANITIZE-WITHOUT-ATTR-NEXT: store i32 [[VAL]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2:![0-9]+]]
				// SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test1(
				// NO-SANITIZE-WITHOUT-ATTR-SAME: ptr nocapture noundef writeonly [[P:%.]], i32 noundef [[INDEX:%.]], i32 noundef [[VAL:%.*]]) local_unnamed_addr #[[ATTR0:[0-9]+]] {
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[IDXPROM:%.*]] = sext i32 [[INDEX]] to i64
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[IDXPROM]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: store i32 [[VAL]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2:![0-9]+]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				void test1(struct annotated *p, int index, int val) {
				p->array[index] = val;
				}

				// SANITIZE-WITH-ATTR-LABEL: define dso_local void @test2(
				// SANITIZE-WITH-ATTR-SAME: ptr noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR0]] {
				// SANITIZE-WITH-ATTR-NEXT: entry:
				// SANITIZE-WITH-ATTR-NEXT: [[COUNT:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 1
				nickdesaulniersUnsubmitted Not Done Reply Inline Actions What is the intent of this test? Mind adding a comment? In particular, it's not clear to my why this case should conditionally trap, seeing as the dynamically allocated object's `array` field is yet to be accessed in this example. What am I missing? nickdesaulniers: What is the intent of this test? Mind adding a comment? In particular, it's not clear to my…
				voidAuthorUnsubmitted Done Reply Inline Actions This is a bit weird. I don't understand why it would trap either. It might have something to do with the 'alloc_size' attribute? (The code that this patch generates doesn't put that trap in there.) That's probably a bug. However, when I modify the test to include an actual store: void test3(int index) { /* ... / p->array[index] = 42; } I get two checks: one for the 'counted_by' attribute, and this one, probably for the bounds check. Again, it's probably because of the 'alloc_size', because when I remove the call to 'malloc' it generates only the 'counted_by' check... void:* This is a bit weird. I don't understand why it would trap either. It might have something to do…
				// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load i32, ptr [[COUNT]], align 8, !tbaa [[TBAA2]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = zext i32 [[TMP0]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: [[TMP2:%.*]] = icmp ugt i64 [[TMP1]], [[INDEX]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: br i1 [[TMP2]], label [[CONT12:%.]], label [[HANDLER_OUT_OF_BOUNDS:%.]], !prof [[PROF7]], !nosanitize !6
				// SANITIZE-WITH-ATTR: handler.out_of_bounds:
				// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB4:[0-9]+]], i64 [[INDEX]]) #[[ATTR2]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize !6
				// SANITIZE-WITH-ATTR: cont12:
				// SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [[STRUCT_ANNOTATED]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP3:%.*]] = shl i32 [[TMP0]], 2
				// SANITIZE-WITH-ATTR-NEXT: store i32 [[TMP3]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITH-ATTR-LABEL: define dso_local void @test2(
				// NO-SANITIZE-WITH-ATTR-SAME: ptr nocapture noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR1:[0-9]+]] {
				// NO-SANITIZE-WITH-ATTR-NEXT: entry:
				// NO-SANITIZE-WITH-ATTR-NEXT: [[COUNT:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 1
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load i32, ptr [[COUNT]], align 8, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = shl i32 [[TMP0]], 2
				// NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [[STRUCT_ANNOTATED]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// NO-SANITIZE-WITH-ATTR-NEXT: store i32 [[TMP1]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test2(
				// SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR0]] {
				// SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// SANITIZE-WITHOUT-ATTR-NEXT: store i32 -1, ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test2(
				// NO-SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR1:[0-9]+]] {
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: store i32 -1, ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				void test2(struct annotated *p, size_t index) {
				p->array[index] = __builtin_dynamic_object_size(p->array, 1);
				}

				// SANITIZE-WITH-ATTR-LABEL: define dso_local void @test3(
				// SANITIZE-WITH-ATTR-SAME: ptr noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR0]] {
				// SANITIZE-WITH-ATTR-NEXT: entry:
				// SANITIZE-WITH-ATTR-NEXT: [[COUNT:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 1
				// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load i32, ptr [[COUNT]], align 8, !tbaa [[TBAA2]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = zext i32 [[TMP0]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: [[TMP2:%.*]] = icmp ugt i64 [[TMP1]], [[INDEX]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: br i1 [[TMP2]], label [[CONT12:%.]], label [[HANDLER_OUT_OF_BOUNDS:%.]], !prof [[PROF7]], !nosanitize !6
				// SANITIZE-WITH-ATTR: handler.out_of_bounds:
				// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB5:[0-9]+]], i64 [[INDEX]]) #[[ATTR2]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize !6
				// SANITIZE-WITH-ATTR: cont12:
				// SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [[STRUCT_ANNOTATED]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP3:%.*]] = shl i32 [[TMP0]], 2
				// SANITIZE-WITH-ATTR-NEXT: [[CONV:%.*]] = add i32 [[TMP3]], 16
				// SANITIZE-WITH-ATTR-NEXT: store i32 [[CONV]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITH-ATTR-LABEL: define dso_local void @test3(
				// NO-SANITIZE-WITH-ATTR-SAME: ptr nocapture noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR1]] {
				// NO-SANITIZE-WITH-ATTR-NEXT: entry:
				// NO-SANITIZE-WITH-ATTR-NEXT: [[COUNT:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 1
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.*]] = load i32, ptr [[COUNT]], align 8, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = shl i32 [[TMP0]], 2
				// NO-SANITIZE-WITH-ATTR-NEXT: [[CONV:%.*]] = add i32 [[TMP1]], 16
				// NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [[STRUCT_ANNOTATED]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// NO-SANITIZE-WITH-ATTR-NEXT: store i32 [[CONV]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test3(
				// SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR0]] {
				// SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// SANITIZE-WITHOUT-ATTR-NEXT: store i32 -1, ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test3(
				// NO-SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i64 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR1]] {
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED:%.]], ptr [[P]], i64 0, i32 2, i64 [[INDEX]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: store i32 -1, ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				void test3(struct annotated *p, size_t index) {
				// This test differs from 'test2' by checking bdos on the whole array and not
				// just the FAM.
				p->array[index] = __builtin_dynamic_object_size(p, 1);
				}

				struct annotated_with_anon_struct {
				unsigned long flags;
				struct {
				unsigned char count;
				int array[] __counted_by(count);
				};
				};

				// SANITIZE-WITH-ATTR-LABEL: define dso_local void @test4(
				// SANITIZE-WITH-ATTR-SAME: ptr noundef [[P:%.]], i32 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR0]] {
				// SANITIZE-WITH-ATTR-NEXT: entry:
				// SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED_WITH_ANON_STRUCT:%.]], ptr [[P]], i64 0, i32 1
				// SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = load i8, ptr [[TMP0]], align 8, !tbaa [[TBAA8:![0-9]+]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP2:%.*]] = sext i32 [[INDEX]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: [[TMP3:%.*]] = zext i8 [[TMP1]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: [[TMP4:%.*]] = icmp ult i64 [[TMP2]], [[TMP3]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: br i1 [[TMP4]], label [[CONT18:%.]], label [[HANDLER_OUT_OF_BOUNDS:%.]], !prof [[PROF7]], !nosanitize !6
				// SANITIZE-WITH-ATTR: handler.out_of_bounds:
				// SANITIZE-WITH-ATTR-NEXT: [[TMP5:%.*]] = zext i32 [[INDEX]] to i64, !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: tail call void @__ubsan_handle_out_of_bounds_abort(ptr nonnull @[[GLOB6:[0-9]+]], i64 [[TMP5]]) #[[ATTR2]], !nosanitize !6
				// SANITIZE-WITH-ATTR-NEXT: unreachable, !nosanitize !6
				// SANITIZE-WITH-ATTR: cont18:
				// SANITIZE-WITH-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds i8, ptr [[P]], i64 12
				// SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [0 x i32], ptr [[ARRAY]], i64 0, i64 [[TMP2]]
				// SANITIZE-WITH-ATTR-NEXT: [[TMP6:%.*]] = shl i8 [[TMP1]], 2
				// SANITIZE-WITH-ATTR-NEXT: [[CONV:%.*]] = zext i8 [[TMP6]] to i32
				// SANITIZE-WITH-ATTR-NEXT: store i32 [[CONV]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITH-ATTR-LABEL: define dso_local void @test4(
				// NO-SANITIZE-WITH-ATTR-SAME: ptr nocapture noundef [[P:%.]], i32 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR1]] {
				// NO-SANITIZE-WITH-ATTR-NEXT: entry:
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP0:%.]] = getelementptr inbounds [[STRUCT_ANNOTATED_WITH_ANON_STRUCT:%.]], ptr [[P]], i64 0, i32 1
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP1:%.*]] = load i8, ptr [[TMP0]], align 8, !tbaa [[TBAA6:![0-9]+]]
				// NO-SANITIZE-WITH-ATTR-NEXT: [[TMP2:%.*]] = shl i8 [[TMP1]], 2
				// NO-SANITIZE-WITH-ATTR-NEXT: [[CONV:%.*]] = zext i8 [[TMP2]] to i32
				// NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds i8, ptr [[P]], i64 12
				// NO-SANITIZE-WITH-ATTR-NEXT: [[IDXPROM:%.*]] = sext i32 [[INDEX]] to i64
				// NO-SANITIZE-WITH-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [0 x i32], ptr [[ARRAY]], i64 0, i64 [[IDXPROM]]
				// NO-SANITIZE-WITH-ATTR-NEXT: store i32 [[CONV]], ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITH-ATTR-NEXT: ret void
				//
				// SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test4(
				// SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i32 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR0]] {
				// SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds i8, ptr [[P]], i64 12
				// SANITIZE-WITHOUT-ATTR-NEXT: [[IDXPROM:%.*]] = sext i32 [[INDEX]] to i64
				// SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [0 x i32], ptr [[ARRAY]], i64 0, i64 [[IDXPROM]]
				// SANITIZE-WITHOUT-ATTR-NEXT: store i32 -1, ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				// NO-SANITIZE-WITHOUT-ATTR-LABEL: define dso_local void @test4(
				// NO-SANITIZE-WITHOUT-ATTR-SAME: ptr noundef [[P:%.]], i32 noundef [[INDEX:%.]]) local_unnamed_addr #[[ATTR1]] {
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: entry:
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAY:%.*]] = getelementptr inbounds i8, ptr [[P]], i64 12
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[IDXPROM:%.*]] = sext i32 [[INDEX]] to i64
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: [[ARRAYIDX:%.*]] = getelementptr inbounds [0 x i32], ptr [[ARRAY]], i64 0, i64 [[IDXPROM]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: store i32 -1, ptr [[ARRAYIDX]], align 4, !tbaa [[TBAA2]]
				// NO-SANITIZE-WITHOUT-ATTR-NEXT: ret void
				//
				void test4(struct annotated_with_anon_struct *p, int index) {
				p->array[index] = __builtin_dynamic_object_size(p->array, 1);
				}

clang/test/Misc/pragma-attribute-supported-attributes-list.test

	Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines
	// CHECK-NEXT: Cold (SubjectMatchRule_function)			// CHECK-NEXT: Cold (SubjectMatchRule_function)
	// CHECK-NEXT: Common (SubjectMatchRule_variable)			// CHECK-NEXT: Common (SubjectMatchRule_variable)
	// CHECK-NEXT: ConstInit (SubjectMatchRule_variable_is_global)			// CHECK-NEXT: ConstInit (SubjectMatchRule_variable_is_global)
	// CHECK-NEXT: Constructor (SubjectMatchRule_function)			// CHECK-NEXT: Constructor (SubjectMatchRule_function)
	// CHECK-NEXT: Consumable (SubjectMatchRule_record)			// CHECK-NEXT: Consumable (SubjectMatchRule_record)
	// CHECK-NEXT: ConsumableAutoCast (SubjectMatchRule_record)			// CHECK-NEXT: ConsumableAutoCast (SubjectMatchRule_record)
	// CHECK-NEXT: ConsumableSetOnRead (SubjectMatchRule_record)			// CHECK-NEXT: ConsumableSetOnRead (SubjectMatchRule_record)
	// CHECK-NEXT: Convergent (SubjectMatchRule_function)			// CHECK-NEXT: Convergent (SubjectMatchRule_function)
				// CHECK-NEXT: CountedBy (SubjectMatchRule_field)
	// CHECK-NEXT: DLLExport (SubjectMatchRule_function, SubjectMatchRule_variable, SubjectMatchRule_record, SubjectMatchRule_objc_interface)			// CHECK-NEXT: DLLExport (SubjectMatchRule_function, SubjectMatchRule_variable, SubjectMatchRule_record, SubjectMatchRule_objc_interface)
	// CHECK-NEXT: DLLImport (SubjectMatchRule_function, SubjectMatchRule_variable, SubjectMatchRule_record, SubjectMatchRule_objc_interface)			// CHECK-NEXT: DLLImport (SubjectMatchRule_function, SubjectMatchRule_variable, SubjectMatchRule_record, SubjectMatchRule_objc_interface)
	// CHECK-NEXT: Destructor (SubjectMatchRule_function)			// CHECK-NEXT: Destructor (SubjectMatchRule_function)
	// CHECK-NEXT: DiagnoseAsBuiltin (SubjectMatchRule_function)			// CHECK-NEXT: DiagnoseAsBuiltin (SubjectMatchRule_function)
	// CHECK-NEXT: DisableSanitizerInstrumentation (SubjectMatchRule_function, SubjectMatchRule_objc_method, SubjectMatchRule_variable_is_global)			// CHECK-NEXT: DisableSanitizerInstrumentation (SubjectMatchRule_function, SubjectMatchRule_objc_method, SubjectMatchRule_variable_is_global)
	// CHECK-NEXT: DisableTailCalls (SubjectMatchRule_function, SubjectMatchRule_objc_method)			// CHECK-NEXT: DisableTailCalls (SubjectMatchRule_function, SubjectMatchRule_objc_method)
	// CHECK-NEXT: EnableIf (SubjectMatchRule_function)			// CHECK-NEXT: EnableIf (SubjectMatchRule_function)
	// CHECK-NEXT: EnforceTCB (SubjectMatchRule_function, SubjectMatchRule_objc_method)			// CHECK-NEXT: EnforceTCB (SubjectMatchRule_function, SubjectMatchRule_objc_method)
	▲ Show 20 Lines • Show All 141 Lines • Show Last 20 Lines

clang/test/Sema/attr-counted-by.c

This file was added.

				// RUN: %clang_cc1 -fstrict-flex-arrays=3 -fsyntax-only -verify %s

				aaron.ballmanUnsubmitted Done Reply Inline Actions Is the triple necessary? Also, do we have to enable `-fsanitize=array-bounds` to test this? aaron.ballman: Is the triple necessary? Also, do we have to enable `-fsanitize=array-bounds` to test this?
				voidAuthorUnsubmitted Done Reply Inline Actions I suppose their not 100% necessary. I'll remove them. void: I suppose their not 100% necessary. I'll remove them.
				#define __counted_by(f) __attribute__((counted_by(f)))

				struct bar;

				struct not_found {
				int count;
				struct bar *fam[] __counted_by(bork); // expected-error {{field 'bork' in 'counted_by' not found}}
				};

				struct not_found_suggest {
				int bork; // expected-note {{'bork' declared here}}
				struct bar *fam[] __counted_by(blork); // expected-error {{field 'blork' in 'counted_by' not found; did you mean 'bork'?}}
				};

				int global; // expected-note {{variable 'global' is declared here}}

				struct found_outside_of_struct {
				int bork;
				struct bar *fam[] __counted_by(global); // expected-error {{field 'global' in 'counted_by' is not found in struct}}
				};
				aaron.ballmanUnsubmitted Not Done Reply Inline Actions Please add test with the other strange FAM-like members, as well as one that is just a trailing constant array of size 2. Some more tests or situations to consider: struct S { struct { int NotInThisStruct; }; int FAM[] __counted_by(NotInThisStruct); // Should this work? }; int Global; struct T { int FAM[] __counted_by(Global); // Should fail per your design but is that the behavior you want? }; struct U { struct { int Count; } data; int FAM[] __counted_by(data.Count); // Thoughts? }; struct V { int Sizes[2]; int FAM[] __counted_by(Sizes[0]); // Thoughts? }; (I'm not suggesting any of this needs to be accepted in order to land the patch.) You should also have tests showing the attribute is diagnosed when applied to something other than a field, given something other than an identifier, is given zero arguments, and is given two arguments. aaron.ballman: Please add test with the other strange FAM-like members, as well as one that is just a trailing…
				voidAuthorUnsubmitted Done Reply Inline Actions I added a "this isn't a flexible array member" error message. struct S { struct { int NotInThisStruct; }; int FAM[] __counted_by(NotInThisStruct); // Should this work? }; Yes, I believe it should. Kees had a similar example: struct S { int x; struct { int count; int FAM[] __counted_by(count); }; }; I made changes to support this. It may be controversial, so please let me know if you or anyone has an issue with it. int Global; struct T { int FAM[] __counted_by(Global); // Should fail per your design but is that the behavior you want? }; Yes, it should fail. I'll add a test case. struct U { struct { int Count; } data; int FAM[] __counted_by(data.Count); // Thoughts? }; I don't think we should support that at the moment. Referencing arbitrary fields in a nested structure is very complicated and the syntax for it is not at all settled on. struct V { int Sizes[2]; int FAM[] __counted_by(Sizes[0]); // Thoughts? }; Hmm...Not sure. I'll ask the GCC person who's implementing this on her side about this. void: I added a "this isn't a flexible array member" error message. ``` struct S { struct {…
				keesUnsubmitted Not Done Reply Inline Actions Yes, I believe it should. Kees had a similar example: struct S { int x; struct { int count; int FAM[] __counted_by(count); }; }; I made changes to support this. It may be controversial, so please let me know if you or anyone has an issue with it. FWIW, the Linux kernel has a LOT of this style (in an anonymous struct), which is why I wanted to make sure it was supported in this first version of the feature. kees: > Yes, I believe it should. Kees had a similar example: > > ``` > struct S { > int x; >…

				struct self_referrential {
				int bork;
				struct bar *self[] __counted_by(self); // expected-error {{field 'self' in 'counted_by' cannot refer to the flexible array}}
				};

				struct non_int {
				double non_integer; // expected-error {{field 'non_integer' in 'counted_by' is not a non-boolean integer type}}
				struct bar *fam[] __counted_by(non_integer); // expected-note {{field 'non_integer' declared here}}
				};

				struct array_of_ints {
				int non_integer[2]; // expected-error {{field 'non_integer' in 'counted_by' is not a non-boolean integer type}}
				struct bar *fam[] __counted_by(non_integer); // expected-note {{field 'non_integer' declared here}}
				};

				struct not_a_fam {
				double non_integer;
				struct bar *non_fam __counted_by(non_integer); // expected-error {{'counted_by' only applies to flexible array members}}
				};

This is an archive of the discontinued LLVM Phabricator instance.

[Clang] Implement the 'counted_by' attributeClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 557602

clang/docs/ReleaseNotes.rst

clang/include/clang/AST/Decl.h

clang/include/clang/AST/DeclBase.h

clang/include/clang/Basic/Attr.td

clang/include/clang/Basic/AttrDocs.td

clang/include/clang/Basic/DiagnosticSemaKinds.td

clang/include/clang/Sema/Sema.h

clang/lib/AST/ASTImporter.cpp

clang/lib/AST/DeclBase.cpp

clang/lib/AST/Expr.cpp

clang/lib/CodeGen/CGBuiltin.cpp

clang/lib/CodeGen/CGExpr.cpp

clang/lib/CodeGen/CodeGenFunction.h

clang/lib/Sema/SemaDecl.cpp

clang/lib/Sema/SemaDeclAttr.cpp

clang/test/CodeGen/attr-counted-by.c

clang/test/Misc/pragma-attribute-supported-attributes-list.test

clang/test/Sema/attr-counted-by.c

[Clang] Implement the 'counted_by' attribute
ClosedPublic