Skip to content

Reject aligned attribute on bit fields in struct types#585

Open
xavierleroy wants to merge 1 commit into
masterfrom
no-bitfield-align
Open

Reject aligned attribute on bit fields in struct types#585
xavierleroy wants to merge 1 commit into
masterfrom
no-bitfield-align

Conversation

@xavierleroy

Copy link
Copy Markdown
Contributor

Currently, we reject _Alignas(N) on bit fields, as per ISO C, but tolerate attribute((aligned(N))). However:

  • The verified part of CompCert (Ctypes.v) explicitly ignores alignment specifiers on the types of bit fields.

  • The unverified part (Cutils.ml) implicitly honors alignment specifiers on the types of bit fields in one place (function Cutil.sizeof_layout_struct). This can cause __builtin_offsetof and some rare uses of sizeof to return results that are inconsistent with the actual layout done in Ctypes.v.

  • There is no specification of struct member layout that includes bit-fields with alignment specifiers. The ELF ABI says nothing about this. GCC and Clang do something, but it's unclear what they do.

It seems safer to just report an error for attribute((aligned(N))) on bit-fields.

Issue reported by Christos Papakonstantinou (Cantina Security).

Just like we already reject `_Alignas(N)` on bit fields.

Alignment on bit fields was already ignored by the verified part of CompCert.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant