Re: [RFC PATCH] Add alloc_size attribute to the default operator new and operator new[]

[Richard Guenther <richard dot guenther at gmail dot com>]

On Wed, Aug 3, 2011 at 2:31 PM, Jakub Jelinek <jakub@redhat.com> wrote:
> Hi!
>
> As mentioned in PR49905, -D_FORTIFY_SOURCE{,=2} handles e.g.
> malloc (4) or malloc (16) well, knowing that the resulting pointer
> has object size 4 resp. 16, but for new int or new int[4], it currently
> doesn't assume anything (i.e. __builtin_object_size (new int, 0) returns
> -1). ?While I see the C++ standard unfortunately allows redefining
> of the new and vector new operators, I wonder if for -D_FORTIFY_SOURCE
> we could assume similar properties as for malloc for the object size
> checking, i.e. that if these two operators are called with a constant
> parameter, the object size allocated is the given size. ?I hope there
> aren't C++ programs that override the default operator new, allocate fewer
> or more bytes and expect that those can be accessed through the pointer
> returned by new. ?At least -D_FORTIFY_SOURCE=2 is declared to be stricter
> than the standard (but -D_FORTIFY_SOURCE=1 is not). ?Of course this wouldn't
> affect programs not compiled with -D_FORTIFY_SOURCE{,=2}, wouldn't affect
> placement new nor any class operator new/new[] (unless it calls the default
> operator new/new[]).
>
> Comments?

If that's reasonable then adding the malloc attribute should be, too.
Finally.  Please.  Doesn't C++0x maybe "fix" the issue we were
discussing to death?

Richard.

> 2011-08-03 ?Jakub Jelinek ?<jakub@redhat.com>
>
> ? ? ? ?PR middle-end/49905
> ? ? ? ?* decl.c (cxx_init_decl_processing): Add alloc_size (1) attribute
> ? ? ? ?for operator new and operator new [].
>
> ? ? ? ?* g++.dg/ext/builtin-object-size3.C: New test.
>
> --- gcc/cp/decl.c.jj ? ?2011-07-22 22:14:59.000000000 +0200
> +++ gcc/cp/decl.c ? ? ? 2011-08-03 14:00:48.000000000 +0200
> @@ -3629,6 +3629,7 @@ cxx_init_decl_processing (void)
> ? current_lang_name = lang_name_cplusplus;
>
> ? {
> + ? ?tree newattrs;
> ? ? tree newtype, deltype;
> ? ? tree ptr_ftype_sizetype;
> ? ? tree new_eh_spec;
> @@ -3656,7 +3657,11 @@ cxx_init_decl_processing (void)
> ? ? else
> ? ? ? new_eh_spec = noexcept_false_spec;
>
> - ? ?newtype = build_exception_variant (ptr_ftype_sizetype, new_eh_spec);
> + ? ?newattrs
> + ? ? ?= build_tree_list (get_identifier ("alloc_size"),
> + ? ? ? ? ? ? ? ? ? ? ? ?build_tree_list (NULL_TREE, integer_one_node));
> + ? ?newtype = cp_build_type_attribute_variant (ptr_ftype_sizetype, newattrs);
> + ? ?newtype = build_exception_variant (newtype, new_eh_spec);
> ? ? deltype = build_exception_variant (void_ftype_ptr, empty_except_spec);
> ? ? push_cp_library_fn (NEW_EXPR, newtype);
> ? ? push_cp_library_fn (VEC_NEW_EXPR, newtype);
> --- gcc/testsuite/g++.dg/ext/builtin-object-size3.C.jj ?2011-08-03 14:06:03.000000000 +0200
> +++ gcc/testsuite/g++.dg/ext/builtin-object-size3.C ? ? 2011-08-03 14:04:21.000000000 +0200
> @@ -0,0 +1,26 @@
> +// { dg-do compile }
> +// { dg-options "-O2" }
> +
> +void baz (int *, int *);
> +
> +#define MEMCPY(d,s,l) __builtin___memcpy_chk (d, s, l, __builtin_object_size (d, 0))
> +
> +int
> +foo ()
> +{
> + ?int *p = new int;
> + ?int *q = new int[4];
> + ?MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int));
> + ?MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int));
> + ?baz (p, q);
> +}
> +
> +int
> +bar ()
> +{
> + ?int *p = new int;
> + ?int *q = new int[4];
> + ?MEMCPY (p, "abcdefghijklmnopqrstuvwxyz", sizeof (int) + 1); ? ? ? ? ?// { dg-warning "will always overflow destination buffer" }
> + ?MEMCPY (q, "abcdefghijklmnopqrstuvwxyz", 4 * sizeof (int) + 1); ? ? ?// { dg-warning "will always overflow destination buffer" }
> + ?baz (p, q);
> +}
>
> ? ? ? ?Jakub
>