Compile error assigning `__func__` to `_Nt_array_ptr<const char>` in unchecked scope

correctcomputation / checkedc-clang

This is the primary development repository for 3C, a tool for automatically converting legacy C code to the Checked C extension of C, which aims to enforce spatial memory safety. This repository is a fork of Checked C's.

14 stars 5 forks source link

Compile error assigning `func` to `_Nt_array_ptr<const char>` in unchecked scope #727

Open kyleheadley opened 2 years ago

kyleheadley commented 2 years ago

The predefined identifier __func__ represents the name of the enclosing function as a const char []. This is used in macros in 3C's icecast benchmark. It can be assigned to an _Nt_array_ptr<const char>, but only in a checked scope. 3C doesn't insert that checked scope without -addcr and block safety, but still rewrites to the nt array pointer.

We need a better way to handle these situations.

john-h-kastner commented 2 years ago

A concrete failing test case:

#include<string.h>
void test(void) {
  char *d = __func__;
  strlen(d);
}

converts to

#include<string.h>
void test(void) {
  _Nt_array_ptr<char> d = __func__;
  strlen(d);
}

but this fails to compile with

error: initializing '_Nt_array_ptr<char>' with an expression of incompatible type 'const char [5]'
  _Nt_array_ptr<char> d = __func__;

mattmccutchen-cci commented 2 years ago

It looks like a cast would come to our rescue again, just as in #725:

void test(void) {
  // Error
  _Nt_array_ptr<char> p = __func__;
  // No error
  _Nt_array_ptr<char> p2 = (_Nt_array_ptr<char>) __func__;
}

We can go ahead and do that in 3C. Ideally, we'd also file a bug against the compiler.

correctcomputation / checkedc-clang

Compile error assigning `__func__` to `_Nt_array_ptr<const char>` in unchecked scope #727

Compile error assigning `func` to `_Nt_array_ptr<const char>` in unchecked scope #727