Don't add range bounds for fields or global variables

john-h-kastner · john-h-kastner · commit c2079545bd21 · 2021-10-05T17:17:21.000-04:00
diff --git a/clang/include/clang/3C/AVarBoundsInfo.h b/clang/include/clang/3C/AVarBoundsInfo.h
@@ -253,11 +253,13 @@ class AVarBoundsInfo {
   // Check if the given bounds key has a pointer arithmetic done on it.
   bool hasPointerArithmetic(BoundsKey BK);
 
+  // Check if range bounds can be inferred by 3C for the pointer corresponding
+  // to the bounds key.
+  bool canInferRangeBounds(BoundsKey BK);
+
   // Check if the bounds keys will need to be rewritten with range bounds. This
   // is true for bounds keys that are subject to pointer arithmetic but
   // otherwise have inferred bounds.
-  // TODO: disqualify pointers based on other conditions: e.g., fields probably
-  //       can't get range bound.
   bool needsRangeBound(BoundsKey BK);
 
   // Get the ProgramVar for the provided VarKey.
@@ -319,9 +321,18 @@ class AVarBoundsInfo {
   std::map<BoundsKey, std::map<BoundsPriority, ABounds *>> BInfo;
   // Set that contains BoundsKeys of variables which have invalid bounds.
   std::set<BoundsKey> InvalidBounds;
+
   // These are the bounds key of the pointers that has arithmetic operations
-  // performed on them.
+  // performed on them. These pointers cannot have the standard `count(n)`
+  // bounds and instead must use range bounds e.g., `bounds(p, p + n)`.
   std::set<BoundsKey> ArrPointersWithArithmetic;
+
+  // Some pointers, however, cannot be automatically given range bounds. This
+  // includes global variables and structure fields. If a pointer is in both the
+  // above pointer arithmetic set and this set, then it cannot be assigned any
+  // bound.
+  std::set<BoundsKey> IneligibleForRangeBounds;
+
   // Set of BoundsKeys that correspond to pointers.
   std::set<BoundsKey> PointerBoundsKey;
   // Set of BoundsKey that correspond to array pointers.
diff --git a/clang/lib/3C/AVarBoundsInfo.cpp b/clang/lib/3C/AVarBoundsInfo.cpp
@@ -352,7 +352,6 @@ bool AvarBoundsInference::getReachableBoundKeys(const ProgramVarScope *DstScope,
 
 void AvarBoundsInference::getRelevantBounds(BoundsKey BK,
                                             BndsKindMap &ResBounds) {
-  // Try to get the bounds of all RBKeys.
   if (CurrIterInferBounds.find(BK) != CurrIterInferBounds.end()) {
     // get the bounds inferred from the current iteration
     ResBounds = CurrIterInferBounds[BK];
@@ -812,8 +811,11 @@ BoundsKey AVarBoundsInfo::getVariable(clang::VarDecl *VD) {
     auto *PVar =
         ProgramVar::createNewProgramVar(NK, VD->getNameAsString(), PVS);
     insertProgramVar(NK, PVar);
-    if (isPtrOrArrayType(VD->getType()))
+    if (isPtrOrArrayType(VD->getType())) {
       PointerBoundsKey.insert(NK);
+      if (!VD->isLocalVarDeclOrParm())
+        IneligibleForRangeBounds.insert(NK);
+    }
   }
   return getVarKey(PSL);
 }
@@ -876,8 +878,10 @@ BoundsKey AVarBoundsInfo::getVariable(clang::FieldDecl *FD) {
     const StructScope *SS = StructScope::getStructScope(StName);
     auto *PVar = ProgramVar::createNewProgramVar(NK, FD->getNameAsString(), SS);
     insertProgramVar(NK, PVar);
-    if (isPtrOrArrayType(FD->getType()))
+    if (isPtrOrArrayType(FD->getType())) {
       PointerBoundsKey.insert(NK);
+      IneligibleForRangeBounds.insert(NK);
+    }
   }
   return getVarKey(PSL);
 }
@@ -938,7 +942,8 @@ void AVarBoundsInfo::addAssignment(BoundsKey L, BoundsKey R) {
   // pointer. For future work, all bounds "down stream" of pointer arithmetic
   // could also use range bounds using the same base pointer.
   auto AddEdgeUnlessPointerArithmetic = [this](BoundsKey From, BoundsKey To) {
-    if (!hasPointerArithmetic(From))
+    if (!hasPointerArithmetic(From) &&
+        (!hasPointerArithmetic(To) || canInferRangeBounds(To)))
       ProgVarGraph.addUniqueEdge(From, To);
   };
 
@@ -987,10 +992,17 @@ bool AVarBoundsInfo::hasPointerArithmetic(BoundsKey BK) {
   return ArrPointersWithArithmetic.find(BK) != ArrPointersWithArithmetic.end();
 }
 
-// A pointer needs range bounds if it is computed by pointer arithmetic and
-// would otherwise need bounds.
+bool AVarBoundsInfo::canInferRangeBounds(BoundsKey BK) {
+  return IneligibleForRangeBounds.find(BK) == IneligibleForRangeBounds.end();
+}
+
 bool AVarBoundsInfo::needsRangeBound(BoundsKey BK) {
-  return hasPointerArithmetic(BK) && getBounds(BK) != nullptr;
+  // A pointer should get range bounds if it is computed by pointer arithmetic
+  // and would otherwise need bounds. Some pointers (global variables and struct
+  // fields) can't be rewritten to use range bounds (by 3C; Checked C does
+  // permit it), so we return false on these.
+  return hasPointerArithmetic(BK) && canInferRangeBounds(BK) &&
+         getBounds(BK) != nullptr;
 }
 
 ProgramVar *AVarBoundsInfo::getProgramVar(BoundsKey VK) {
diff --git a/clang/lib/3C/DeclRewriter.cpp b/clang/lib/3C/DeclRewriter.cpp
@@ -42,7 +42,7 @@ void DeclRewriter::buildItypeDecl(PVConstraint *Defn, DeclaratorDecl *Decl,
     Info.getABoundsInfo().needsRangeBound(Defn->getBoundsKey());
   assert("Adding range bounds on return, global variable, or field!" &&
          (!NeedsRangeBound || (isa_and_nonnull<VarDecl>(Decl) &&
-                               cast<VarDecl>(Decl)->hasLocalStorage())));
+                               cast<VarDecl>(Decl)->isLocalVarDeclOrParm())));
 
   std::string DeclName = Decl ? Decl->getNameAsString() : "";
   // The idea here is that the name should only be empty if this is an unnamed
@@ -135,7 +135,7 @@ void DeclRewriter::buildCheckedDecl(PVConstraint *Defn, DeclaratorDecl *Decl,
     Info.getABoundsInfo().needsRangeBound(Defn->getBoundsKey());
   assert("Adding range bounds on return, global variable, or field!" &&
          (!NeedsRangeBound || (isa_and_nonnull<VarDecl>(Decl) &&
-                               cast<VarDecl>(Decl)->hasLocalStorage())));
+                               cast<VarDecl>(Decl)->isLocalVarDeclOrParm())));
 
   std::string DeclName = UseName;
   // The idea here is that the name should only be empty if this is an unnamed
diff --git a/clang/lib/3C/RewriteUtils.cpp b/clang/lib/3C/RewriteUtils.cpp
@@ -594,8 +594,10 @@ std::string ArrayBoundsRewriter::getBoundsString(const PVConstraint *PV,
 
   if (ValidBKey && !PV->hasSomeSizedArr()) {
     ABounds *ArrB = ABInfo.getBounds(DK);
-    // Only we we have bounds and no pointer arithmetic on the variable.
-    if (ArrB != nullptr) {
+    // If we have pointer arithmetic and cannot add range bounds, then do not
+    // emit any bounds string.
+    if (ArrB != nullptr &&
+        (!ABInfo.hasPointerArithmetic(DK) || ABInfo.canInferRangeBounds(DK))) {
       if (UseRange)
         BString = ArrB->mkRangeString(&ABInfo, D, BasePtr);
       else
diff --git a/clang/test/3C/range_bounds.c b/clang/test/3C/range_bounds.c
@@ -141,3 +141,27 @@ void test7(int *s) {
   for (int i = 0; i < 5; i++)
     s[i];
 }
+
+// A structure field is handled as it was before implementing range bounds.
+// Future work could insert a new field, and update all struct initializer to
+// include it.
+struct s {
+  int *a;
+  // CHECK_ALL: _Array_ptr<int> a;
+};
+void test8() {
+  struct s t;
+  t.a++;
+  t.a[0];
+  // expected-error@-1 {{expression has unknown bounds}}
+}
+
+// Same as above. Future work might figure out how to emit range bounds for
+// global variables.
+int *glob;
+// CHECK_ALL: _Array_ptr<int> glob = ((void *)0);
+void test9() {
+  glob++;
+  glob[0];
+  // expected-error@-1 {{expression has unknown bounds}}
+}
