This repo contains a version of clang that is modified to support Checked C. Checked C is an extension to C that lets programmers write C code with bounds checking and improved type-safety.
13
stars
19
forks
source link
Extend Checked C format-string checks to unchecked scopes #1225
@mattmccutchen-cci suggested the following in #1159:
A side issue: as I briefly suggested in my original post, IMO the Checked-C-specific format string checks (currently in CheckVarargsInCheckedScope) should generate at least -Wformat warnings (or maybe even errors) in unchecked scopes too, if checked pointers or arrays are being used. (No new diagnostics would be generated in plain-C code that does not use checked pointers or arrays.) This would be consistent with the passing of arguments to non-variadic functions and would help catch problems sooner. In essence, we want to check a printf argument corresponding to a %s as if the declared parameter type were const char * : itype(_Nt_array_ptr), and so forth. I realize this is outside the scope of the original title of this issue. Do you prefer that I broaden the title or file a separate issue?
@mattmccutchen-cci suggested the following in #1159:
A side issue: as I briefly suggested in my original post, IMO the Checked-C-specific format string checks (currently in CheckVarargsInCheckedScope) should generate at least -Wformat warnings (or maybe even errors) in unchecked scopes too, if checked pointers or arrays are being used. (No new diagnostics would be generated in plain-C code that does not use checked pointers or arrays.) This would be consistent with the passing of arguments to non-variadic functions and would help catch problems sooner. In essence, we want to check a printf argument corresponding to a %s as if the declared parameter type were const char * : itype(_Nt_array_ptr), and so forth. I realize this is outside the scope of the original title of this issue. Do you prefer that I broaden the title or file a separate issue?