This was a fork of Checked C clang used from 2021-2024. The changes have been merged into the original Checked C clang repo, which is now at https://github.com/checkedc/checkedc-clang.
This PR updates bounds validation to handle the following cases:
Validate the bounds of a pointer dereference *p or array subscript p[i].
Account for uses of pointer dereferences and array subscripts in observed bounds
The behavior for synthesizing member expressions whose bounds depend on a member expression that is being modified via an assignment has been extended: we now synthesize member expressions whose bounds depend on an lvalue expression that uses a member expression to update memory via an assignment. For example:
struct S {
_Array_ptr<int> f : count(*ptr_to_len);
_Array_ptr<int> ptr_to_len : count(10);
};
void f(struct S *s) {
*s->ptr_to_len = 0;
}
The lvalue expression *s->ptr_to_len uses the member expression s->ptr_to_len to write to memory. We synthesize the member expression s->f whose declared bounds bounds(s->f, s->f + *s->ptr_to_len) depend on *s->ptr_to_len.
There is also a minor fix included in this PR that the pointer bounds checking depends on: in PreorderAST, the canonical form of e1[e2] is now *(e1 + e2 + 0) rather than *(e1 + e2). This enables bounds validation to treat expressions such as p[i] and *(p + i) as equivalent, since PreorderAST canonicalizes *(p + i) to *(p + i + 0).
This issue was copied from https://github.com/microsoft/checkedc-clang/issues/1176
This PR updates bounds validation to handle the following cases:
*p
or array subscriptp[i]
.The behavior for synthesizing member expressions whose bounds depend on a member expression that is being modified via an assignment has been extended: we now synthesize member expressions whose bounds depend on an lvalue expression that uses a member expression to update memory via an assignment. For example:
The lvalue expression
*s->ptr_to_len
uses the member expressions->ptr_to_len
to write to memory. We synthesize the member expressions->f
whose declared boundsbounds(s->f, s->f + *s->ptr_to_len)
depend on*s->ptr_to_len
.There is also a minor fix included in this PR that the pointer bounds checking depends on: in PreorderAST, the canonical form of
e1[e2]
is now*(e1 + e2 + 0)
rather than*(e1 + e2)
. This enables bounds validation to treat expressions such asp[i]
and*(p + i)
as equivalent, since PreorderAST canonicalizes*(p + i)
to*(p + i + 0)
.