This is the primary development repository for 3C, a tool for automatically converting legacy C code to the Checked C extension of C, which aims to enforce spatial memory safety. This repository is a fork of Checked C's.
14
stars
5
forks
source link
Should `DeclRewriter::buildItypeDecl` use the actual internal `PVConstraint`? #704
It looks like DeclRewriter::buildItypeDecl currently uses either the original type or an all-wild type for the unchecked side of the itype. This may be wrong in cases such as double pointers. A simple example:
void foo(int **x) {
*x = (int *)1;
int **y;
x = y;
}
3C output:
void foo(int **x : itype(_Ptr<_Ptr<int>>)) {
*x = (int *)1;
_Ptr<int *> y = ((void *)0);
x = y; // error: assigning to 'int **' from incompatible type '_Ptr<int *>'
}
Here the solution for the internal PVConstraint of x was _Ptr<int *>, but it was written as int **, causing the indicated compile error.
Should we make DeclRewriter::buildItypeDecl use the actual internal PVConstraint? I prototyped this and it fixed the example above, but that simple-minded approach broke many regression tests and I don't know how much work it would take to fix them (maybe not much, but I don't want to spend any more time on it now).
It looks like
DeclRewriter::buildItypeDeclcurrently uses either the original type or an all-wild type for the unchecked side of the itype. This may be wrong in cases such as double pointers. A simple example:3C output:
Here the solution for the internal
PVConstraintofxwas_Ptr<int *>, but it was written asint **, causing the indicated compile error.Should we make
DeclRewriter::buildItypeDecluse the actual internalPVConstraint? I prototyped this and it fixed the example above, but that simple-minded approach broke many regression tests and I don't know how much work it would take to fix them (maybe not much, but I don't want to spend any more time on it now).