This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug other/68270] New: Common pattern for variable sized data clashes with MPX bound checks

From: "jussi.judin at ericsson dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 10 Nov 2015 10:01:28 +0000
Subject: [Bug other/68270] New: Common pattern for variable sized data clashes with MPX bound checks
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68270

            Bug ID: 68270
           Summary: Common pattern for variable sized data clashes with
                    MPX bound checks
           Product: gcc
           Version: 5.2.0
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jussi.judin at ericsson dot com
  Target Milestone: ---

A very common pattern due to pedantic C89, C90, and C++ compatibility is to
declare an array of size 1 when having a structure with a variable sized member
at the end. GCC's memory protection extensions, however, work in a way that
only zero/variable sized members are treated in such way that their bounds are
not explicitly checked
(https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler#line-142).
This makes it impossible to use existing code with MPX checks without changes
that go through large amount of header files that use this pattern of arrays
size 1.

To demonstrate this issue, here are 3 different ways to indicate structures
with a variable sized array at the end of the structure:

typedef struct struktura1 {
    long len;
    char data[];
} struktura1;

typedef struct struktura2 {
    long len;
    char data[0];
} struktura2;

typedef struct struktura3 {
    long len;
    char data[1] __attribute__((bnd_variable_size));
} struktura3;

If we compile them with different standards and warning levels, we'll get these
kind of results:

$ gcc-5.2.0 --std=c89 -pedantic tst.c
tst.c:3:10: warning: ISO C90 does not support flexible array members
[-Wpedantic]
     char data[];
          ^
tst.c:8:10: warning: ISO C forbids zero-size array âdataâ [-Wpedantic]
     char data[0];

$ gcc-5.2.0 -xc++ --std=c++14 -pedantic tst.c 
tst.c:3:15: warning: ISO C++ forbids zero-size array âdataâ [-Wpedantic]
     char data[];
               ^
tst.c:8:16: warning: ISO C++ forbids zero-size array âdataâ [-Wpedantic]
     char data[0];                                                              

$ gcc-4.8 --std=c11 -pedantic tst.c 
tst.c:8:10: warning: ISO C forbids zero-size array âdataâ [-Wpedantic]          
     char data[0];                                                              
          ^                                                                     
tst.c:13:5: warning: âbnd_variable_sizeâ attribute directive ignored
[-Wattributes]
     char data[1] __attribute__((bnd_variable_size));
     ^

Not to mention that a lot of code is compiled with other compilers than GCC
that don't know about "bnd_variable_size" attribute, so making the code shown
above to be compatible with different compilers and also having MPX checks in
place requires some macro magic depending on which compiler is in use and which
standard the compilation is done against.

GCC should ignore or have an option to ignore bound checks for arrays of size 1
at the end of the structure so that just trying out MPX support wouldn't need
large scale changes to existing code bases.

Follow-Ups:
- [Bug middle-end/68270] [MPX] Common pattern for variable sized data clashes with MPX bound checks
  - From: rguenth at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]