provide "element_count" attribute to give more context to __builtin_dynamic_object_size() and -fsanitize=bounds

[kees]

Frequently a structure containing a flexible array member will also contain a member where the count of array elements is stored. For example:

struct foo {
    ...
    unsigned int count;
    ...
    int data[];
};

struct foo *allocate_foo(unsigned int how_many)
{
    struct foo *p;

    p = malloc(sizeof(*p) + how_many * sizeof(*byte_array));
    p->count = how_many;

    return p;
}

While __builtin_dynamic_object_size(p->data, 1) will know the size within allocate_foo() due to malloc's __alloc_size hinting, this information is immediately lost on return. However, the information is still available in p->count, but the compiler has no way to know about it.

Please provide a struct member attribute element_count that can be used to associate the size of a flexible array to another struct member. For example:

struct foo {
    ...
    unsigned int count;
    ...
    int data[] __attribute__((__element_count__(count)));
};

Now any later examination of the size of data can be calculated. For example, this equality will hold true:

    __builtin_dynamic_object_size(p->data) == p->count * sizeof(*p->data)

and -fsanitize-bounds can examine this as well, to trap:

    p->data[index] = ...; /* traps when index < 0, or index >= p->count */

[kees]

The corresponding GCC feature request is here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896

[llvmbot]

@llvm/issue-subscribers-clang-frontend