Merge pull request #479 from secure-sw-dev/3c-headers-update

This includes header files changes that Correct Computation made in porting existing C code to Checked C using their 3C tool. The 3C repo is at https://github.com/correctcomputation/checkedc. This includes a few changes to header files to fix tests that fail on Windows. I'm doing a squash merge so that we include history from several years of changes by 3C to header files as they ported code. Testing: - Built for x64 for Windows and Linux. - Passes Checked C and clang testing for x64 for Windows and Linux.
2022-11-30 14:56:24 -08:00 · 2022-11-30 14:56:24 -08:00 · 24a60e59df
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@ -10,14 +10,30 @@
 set(files
  assert_checked.h
  assert.h
+  crypt_checked.h
+  crypt.h
+  dirent_checked.h
+  dirent.h
  errno_checked.h
  errno.h
+  fcntl.h
+  fcntl_checked.h
  fenv_checked.h
  fenv.h
+  grp_checked.h
+  grp.h
  inttypes_checked.h
  inttypes_checked_internal.h
  math_checked.h
  math.h
+  netdb_checked.h
+  netdb.h
+  poll_checked.h
+  poll.h
+  pwd_checked.h
+  pwd.h
+  shadow_checked.h
+  shadow.h
  signal_checked.h
  signal.h
  stdchecked.h
@ -27,8 +43,12 @@ set(files
  stdlib.h
  string_checked.h
  string.h
+  syslog_checked.h
+  syslog.h
  threads_checked.h
  threads.h
+  utime_checked.h
+  utime.h
  time_checked.h
  time.h
  unistd_checked.h
@ -45,8 +65,20 @@ set(posix_arpa_files
  )

 set(posix_sys_files
+  sys/mman_checked.h
+  sys/mman.h
+  sys/resource_checked.h
+  sys/resource.h
+  sys/select_checked.h
+  sys/select.h
  sys/socket_checked.h
  sys/socket.h
+  sys/stat_checked.h
+  sys/stat.h
+  sys/time_checked.h
+  sys/time.h
+  sys/wait_checked.h
+  sys/wait.h
 )

 # Hack - compute the CLANG version from the LLVM version.  The
@ -80,14 +112,14 @@ install(

 install(
  FILES ${posix_arpa_files}
-  COMPONENT clang-headers
+  COMPONENT checkedc-headers
  PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
  DESTINATION lib${LLVM_LIBDIR_SUFFIX}/clang/${CHECKEDC_CLANG_VERSION}/include/arpa
  )

 install(
  FILES ${posix_sys_files}
-  COMPONENT clang-headers
+  COMPONENT checkedc-headers
  PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
  DESTINATION lib${LLVM_LIBDIR_SUFFIX}/clang/${CHECKEDC_CLANG_VERSION}/include/sys
  )
--- a/include/_builtin_stdio_checked.h
+++ b/include/_builtin_stdio_checked.h
@ -42,7 +42,7 @@ int __builtin___sprintf_chk(char * restrict buffer : itype(restrict _Nt_array_pt
 #if __has_builtin(__builtin___snprintf_chk) || defined(__GNUC__)
 // snprintf
 extern _Unchecked
-int __snprintf_chk(char * restrict buffer : count(maxlen),
+int __snprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
                   size_t maxlen,
                   int flag,
                   size_t obj_size,
@ -51,7 +51,7 @@ int __snprintf_chk(char * restrict buffer : count(maxlen),
                   ...);

 _Unchecked
-int __builtin___snprintf_chk(char * restrict buffer : count(maxlen),
+int __builtin___snprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
                             size_t maxlen,
                             int flag,
                             size_t obj_size,
@ -85,8 +85,8 @@ int __builtin___vsprintf_chk(char * restrict buffer : itype(restrict _Nt_array_p
 #if __has_builtin(__builtin___vsnprintf_chk) || defined(__GNUC__)
 // vsnprintf
 extern _Unchecked
-int __vsnprintf_chk(char * restrict buffer : count(maxlen),
-                    size_t maxlen,
+int __vsnprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen-1),
+                    size_t maxlen _Where maxlen > 0,
                    int flag,
                    size_t obj_size,
                    const char * restrict format :
@ -94,8 +94,8 @@ int __vsnprintf_chk(char * restrict buffer : count(maxlen),
                    va_list);

 _Unchecked
-int __builtin___vsnprintf_chk(char * restrict buffer : count(maxlen),
-                              size_t maxlen,
+int __builtin___vsnprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen-1),
+                              size_t maxlen _Where maxlen > 0,
                              int flag,
                              size_t obj_size,
                              const char * restrict format :
--- a/include/arpa/inet.h
+++ b/include/arpa/inet.h
@ -5,11 +5,10 @@
 /////////////////////////////////////////////////////////////////////////


-#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
-
 // The Windows environment may not have arpa/inet.h
-#if defined __has_include_next
-#if __has_include_next(<arpa/inet.h>)
+#if defined __has_include_next && __has_include_next(<arpa/inet.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -22,9 +21,10 @@
 #pragma CHECKED_SCOPE pop
 #endif

-#endif // has inet.h
-#endif // defined __has_include_next
-
 #else // checkedc && implicit include enabled
 #include <arpa/inet_checked.h>
 #endif
+
+#else // doesn't have arpa/inet.h
+#error "cannot include 'arpa/inet.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/arpa/inet_checked.h
+++ b/include/arpa/inet_checked.h
@ -6,8 +6,7 @@
 /////////////////////////////////////////////////////////////////////////

 // The Windows environment may not have arpa/inet.h
-#if defined __has_include_next
-#if __has_include_next(<arpa/inet.h>)
+#if defined __has_include_next && __has_include_next(<arpa/inet.h>)

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -28,12 +27,24 @@
 #pragma CHECKED_SCOPE on

 extern in_addr_t inet_addr (const char *__cp : itype(_Nt_array_ptr<const char>)) __THROW;
+extern int inet_aton(const char *cp : itype(_Nt_array_ptr<const char>),
+                     struct in_addr *inp : itype(_Ptr<struct in_addr>));

+extern char *inet_ntoa(struct in_addr) : itype(_Nt_array_ptr<char>);
+extern const char *inet_ntop(int af,
+                             const void *restrict src : byte_count(af == AF_INET ? 4 : 16),
+                             char *restrict dst : itype(restrict _Nt_array_ptr<char>) count(size-1),
+                             socklen_t size _Where size > 0)
+                             : itype(_Nt_array_ptr<const char>);
+extern int inet_pton(int af,
+                     const char *restrict src : itype(restrict _Nt_array_ptr<const char>),
+                     void *restrict dst : byte_count(af == AF_INET ? 4 : 16));

 #pragma CHECKED_SCOPE pop

 #endif // guard
 #endif // Checked C

-#endif // has inet.h
-#endif // defined __has_include_next
+#else // doesn't have arpa/inet.h
+#error "cannot include 'arpa/inet_checked.h' because this system does not have the original 'arpa/inet.h'"
+#endif
--- a/include/crypt.h
+++ b/include/crypt.h
@ -0,0 +1,32 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// Uses clang-specific __has_include macro to detect unistd.h
+// which is required by Posix Standard.
+// The Windows environment also may not have unistd.h
+#if defined __has_include_next && __has_include_next(<crypt.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <crypt.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <crypt_checked.h>
+#endif
+
+#else // doesn't have unistd.h
+#error "cannot include 'crypt.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/crypt_checked.h
+++ b/include/crypt_checked.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in crypt.h that               //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <crypt.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __CRYPT_CHECKED_H
+#define __CRYPT_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+char * crypt(const char *phrase : itype(_Nt_array_ptr<const char>), const char *setting : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/dirent.h
+++ b/include/dirent.h
@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <dirent.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <dirent_checked.h>
+#endif
--- a/include/dirent_checked.h
+++ b/include/dirent_checked.h
@ -0,0 +1,34 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for some functions in dirent.h that          //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <dirent.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __DIRENT_CHECKED_H
+#define __DIRENT_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+DIR *opendir(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<DIR>);
+DIR *fdopendir(int fd) : itype(_Ptr<DIR>);
+int closedir(DIR *dirp : itype(_Ptr<DIR>));
+struct dirent *readdir(DIR *dirp : itype(_Ptr<DIR>)) : itype(_Ptr<struct dirent>);
+int dirfd(DIR *dirp : itype(_Ptr<DIR>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/fcntl.h
+++ b/include/fcntl.h
@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <fcntl.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <fcntl_checked.h>
+#endif
--- a/include/fcntl_checked.h
+++ b/include/fcntl_checked.h
@ -0,0 +1,31 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for some functions in fcntl.h that           //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <fcntl.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __FCNTL_CHECKED_H
+#define __FCNTL_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+_Unchecked
+int open(const char *pathname : itype(_Nt_array_ptr<const char>), int flags, ...);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/grp.h
+++ b/include/grp.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have grp.h
+#if defined __has_include_next && __has_include_next(<grp.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <grp.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <grp_checked.h>
+#endif
+
+#else // doesn't have grp.h
+#error "cannot include 'grp.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/grp_checked.h
+++ b/include/grp_checked.h
@ -0,0 +1,37 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in grp.h that                  //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have grp.h
+#if defined __has_include_next && __has_include_next(<grp.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <grp.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __GRP_CHECKED_H
+#define __GRP_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+int initgroups(const char *user : itype(_Nt_array_ptr<const char>), gid_t group);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have grp.h
+#error "cannot include 'grp_checked.h' because this system does not have the original 'grp.h'"
+#endif
--- a/include/netdb.h
+++ b/include/netdb.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have netdb.h
+#if defined __has_include_next && __has_include_next(<netdb.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <netdb.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <netdb_checked.h>
+#endif
+
+#else // doesn't have netdb.h
+#error "cannot include 'netdb.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/netdb_checked.h
+++ b/include/netdb_checked.h
@ -0,0 +1,45 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in netdb.h that                //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have netdb.h
+#if defined __has_include_next && __has_include_next(<netdb.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <netdb.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __NETDB_CHECKED_H
+#define __NETDB_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+extern struct hostent *gethostbyname(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct hostent>);
+extern struct hostent *gethostbyaddr(const void *addr : byte_count(len), socklen_t len, int type) : itype(_Ptr<struct hostent>);
+
+int getaddrinfo(const char *restrict node : itype(_Nt_array_ptr<const char> restrict),
+                const char *restrict service : itype(_Nt_array_ptr<const char> restrict),
+                const struct addrinfo *restrict hints : itype(_Ptr<const struct addrinfo> restrict),
+                struct addrinfo **restrict res : itype(_Ptr<_Ptr<struct addrinfo>> restrict));
+void freeaddrinfo(struct addrinfo *res : itype(_Ptr<struct addrinfo>));
+const char *gai_strerror(int errcode) : itype(_Nt_array_ptr<const char>);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have netdb.h
+#error "cannot include 'netdb_checked.h' because this system does not have the original 'netdb.h'"
+#endif
--- a/include/poll.h
+++ b/include/poll.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have poll.h
+#if defined __has_include_next && __has_include_next(<poll.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <poll.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <poll_checked.h>
+#endif
+
+#else // doesn't have poll.h
+#error "cannot include 'poll.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/poll_checked.h
+++ b/include/poll_checked.h
@ -0,0 +1,37 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in poll.h that                 //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have poll.h
+#if defined __has_include_next && __has_include_next(<poll.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <poll.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __POLL_CHECKED_H
+#define __POLL_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+extern int poll(struct pollfd fds[] : count(nfds), nfds_t nfds, int timeout);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have poll.h
+#error "cannot include 'poll_checked.h' because this system does not have the original 'poll.h'"
+#endif
--- a/include/pwd.h
+++ b/include/pwd.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have pwd.h
+#if defined __has_include_next && __has_include_next(<pwd.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <pwd.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <pwd_checked.h>
+#endif
+
+#else // doesn't have pwd.h
+#error "cannot include 'pwd.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/pwd_checked.h
+++ b/include/pwd_checked.h
@ -0,0 +1,47 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in pwd.h that                  //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have pwd.h
+#if defined __has_include_next && __has_include_next(<pwd.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <pwd.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __PWD_CHECKED_H
+#define __PWD_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+struct passwd *getpwnam(const char *user : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct passwd>);
+int getpwnam_r(const char *user : itype(_Nt_array_ptr<const char>),
+               struct passwd *pwd : itype(_Ptr<struct passwd>),
+               char *buf : byte_count(bufsize),
+               size_t bufsize, struct passwd **result : itype(_Ptr<_Ptr<struct passwd>>));
+
+struct passwd *getpwuid(uid_t uid) : itype(_Ptr<struct passwd>);
+int getpwuid_r(uid_t uid,
+               struct passwd *pwd : itype(_Ptr<struct passwd>),
+               char *buf : byte_count(bufsize),
+               size_t bufsize, struct passwd **result : itype(_Ptr<_Ptr<struct passwd>>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have pwd.h
+#error "cannot include 'pwd_checked.h' because this system does not have the original 'pwd.h'"
+#endif
--- a/include/shadow.h
+++ b/include/shadow.h
@ -0,0 +1,32 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// Uses clang-specific __has_include macro to detect unistd.h
+// which is required by Posix Standard.
+// The Windows environment also may not have unistd.h
+#if defined __has_include_next && __has_include_next(<shadow.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <shadow.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <shadow_checked.h>
+#endif
+
+#else // doesn't have unistd.h
+#error "cannot include 'shadow.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/shadow_checked.h
+++ b/include/shadow_checked.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in shadow.h that               //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <shadow.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __SHADOW_CHECKED_H
+#define __SHADOW_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+struct spwd *getspnam(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct spwd>);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/signal_checked.h
+++ b/include/signal_checked.h
@ -28,6 +28,27 @@ void (*signal(int sig,
              ) : itype(_Ptr<void (int)>) // bounds-safe interface for signal return
     )(int);

+_Unchecked
+void (*sigset(int sig,
+              void ((*func)(int)) :
+                itype(_Ptr<void (int)>) // bound-safe interface for func
+              ) : itype(_Ptr<void (int)>) // bounds-safe interface for signal return
+     )(int);
+
+#ifdef _POSIX_C_SOURCE
+int sigemptyset(sigset_t *set : itype(_Ptr<sigset_t>));
+int sigfillset(sigset_t *set : itype(_Ptr<sigset_t>));
+int sigaddset(sigset_t *set : itype(_Ptr<sigset_t>), int signum);
+int sigdelset(sigset_t *set : itype(_Ptr<sigset_t>), int signum);
+int sigismember(const sigset_t *set : itype(_Ptr<const sigset_t>), int signum);
+
+int sigaction(int signum, const struct sigaction *act : itype(_Ptr<const struct sigaction>),
+              struct sigaction *oldact : itype(_Ptr<struct sigaction>));
+
+
+int sigprocmask(int how, const sigset_t *set : itype(_Ptr<const sigset_t>), sigset_t *oldset : itype(_Ptr<sigset_t>));
+#endif // _POSIX_C_SOURCE
+
 #pragma CHECKED_SCOPE pop

 #endif // guard
--- a/include/stdio_checked.h
+++ b/include/stdio_checked.h
@ -46,6 +46,7 @@ int fclose(FILE *stream : itype(_Ptr<FILE>));
 int fflush(FILE *stream : itype(_Ptr<FILE>));
 FILE *fopen(const char * restrict filename : itype(restrict _Nt_array_ptr<const char>),
            const char * restrict mode : itype(restrict _Nt_array_ptr<const char>)) : itype(_Ptr<FILE>);
+FILE *fdopen(int fd, const char *mode : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<FILE>);
 FILE *freopen(const char * restrict filename : itype(restrict _Nt_array_ptr<const char>),
              const char * restrict mode : itype(restrict _Nt_array_ptr<const char>),
              FILE * restrict stream : itype(restrict _Ptr<FILE>)) :
@ -148,8 +149,9 @@ int vscanf(const char * restrict format : itype(restrict _Nt_array_ptr<const cha
 #if _FORTIFY_SOURCE == 0 || !defined(vsnprintf)
 #undef vsnprintf
 _Unchecked
-int vsnprintf(char * restrict s : count(n), size_t n,
-              const char * restrict format,
+int vsnprintf(char * restrict s : itype(restrict _Nt_array_ptr<char>) count(n-1),
+              size_t n _Where n > 0,
+              const char * restrict format : itype(restrict _Nt_array_ptr<const char>),
              va_list arg);
 #endif

@ -202,6 +204,8 @@ int feof(FILE *stream : itype(_Ptr<FILE>));
 int ferror(FILE *stream : itype(_Ptr<FILE>));
 void perror(const char *s : itype(_Nt_array_ptr<const char>));

+int fileno (FILE *stream : itype(_Ptr<FILE>));
+
 #include "_builtin_stdio_checked.h"

 #pragma CHECKED_SCOPE pop
--- a/include/stdlib_checked.h
+++ b/include/stdlib_checked.h
@ -74,9 +74,14 @@ void *aligned_alloc(size_t alignment, size_t size) : byte_count(size);
 _Itype_for_any(T) void *calloc(size_t nmemb, size_t size) : itype(_Array_ptr<T>) byte_count(nmemb * size);
 _Itype_for_any(T) void free(void *pointer : itype(_Array_ptr<T>) byte_count(0));
 _Itype_for_any(T) void *malloc(size_t size) : itype(_Array_ptr<T>) byte_count(size);
-_Itype_for_any(T) void *realloc(void *pointer : itype(_Array_ptr<T>) byte_count(1), size_t size) : itype(_Array_ptr<T>) byte_count(size);
+_Itype_for_any(T) void *realloc(void *pointer : itype(_Array_ptr<T>) byte_count(0), size_t size) : itype(_Array_ptr<T>) byte_count(size);

 char *getenv(const char *n : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
+#if defined(_WIN32) || defined(_WIN64)
+int putenv(const char *string : itype(_Nt_array_ptr<const char>));
+#else
+int putenv(char *string : itype(_Nt_array_ptr<char>));
+#endif

 int atexit(void ((*func)(void)) : itype(_Ptr<void (void)>));
 int atquick_exit(void ((*func)(void)) : itype(_Ptr<void (void)>));
@ -123,6 +128,12 @@ size_t wcstombs(char * restrict output : count(n),
                  itype(restrict _Nt_array_ptr<const wchar_t>),
                size_t n);

+// This is a Linux-specific extension to stdlib.h.
+#if defined __has_include && __has_include(<linux/limits.h>)
+#include <linux/limits.h>
+char *realpath(const char *path : itype(_Nt_array_ptr<const char>), char *resolved_path : itype(_Array_ptr<char>) count(PATH_MAX)) : itype(_Nt_array_ptr<char>);
+#endif
+
 #pragma CHECKED_SCOPE pop

 #endif  // guard
--- a/include/string_checked.h
+++ b/include/string_checked.h
@ -121,6 +121,8 @@ int memcmp(const void *src1 : byte_count(n), const void *src2 : byte_count(n),

 int strcmp(const char *src1 : itype(_Nt_array_ptr<const char>),
           const char *src2 : itype(_Nt_array_ptr<const char>));
+int strcasecmp(const char *src1 : itype(_Nt_array_ptr<const char>),
+               const char *src2 : itype(_Nt_array_ptr<const char>));
 int strcoll(const char *src1 : itype(_Nt_array_ptr<const char>),
            const char *src2 : itype(_Nt_array_ptr<const  char>));

@ -134,6 +136,9 @@ int strcoll(const char *src1 : itype(_Nt_array_ptr<const char>),
 int strncmp(const char *src : itype(_Nt_array_ptr<const char>),
            const char *s2 : itype(_Nt_array_ptr<const char>),
            size_t n);
+int strncasecmp(const char *src : itype(_Nt_array_ptr<const char>),
+                const char *s2 : itype(_Nt_array_ptr<const char>),
+                size_t n);

 size_t strxfrm(char * restrict dest : count(n),
               const char * restrict src :
@ -167,6 +172,7 @@ char *strerror(int errnum) : itype(_Nt_array_ptr<char>);
 size_t strlen(const char *s : itype(_Nt_array_ptr<const char>));

 char *strdup(const char *s : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
+char *strndup(const char *s : itype(_Nt_array_ptr<const char>), size_t n) : itype(_Nt_array_ptr<char>);

 #include "_builtin_string_checked.h"

--- a/include/sys/mman.h
+++ b/include/sys/mman.h
@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/mman.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <sys/mman_checked.h>
+#endif
--- a/include/sys/mman_checked.h
+++ b/include/sys/mman_checked.h
@ -0,0 +1,32 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in sys/mman.h that             //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/mman.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __MMAN_CHECKED_H
+#define __MMAN_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+_Itype_for_any(T) void * mmap(void *addr : itype(_Array_ptr<T>) byte_count(0), size_t length, int prot, int flags, int fd, off_t offset) : itype(_Array_ptr<T>) byte_count(length);
+_Itype_for_any(T) int munmap(void *addr : itype(_Array_ptr<T>) byte_count(length), size_t length);
+_Itype_for_any(T) int mprotect(void *addr : itype(_Array_ptr<T>) byte_count(len) , size_t len, int prot);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/sys/resource.h
+++ b/include/sys/resource.h
@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/resource.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <sys/resource_checked.h>
+#endif
--- a/include/sys/resource_checked.h
+++ b/include/sys/resource_checked.h
@ -0,0 +1,31 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in sys/resource.h that         //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/resource.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __RESOURCE_CHECKED_H
+#define __RESOURCE_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+int getrlimit(int resource, struct rlimit *rlim : itype(_Ptr<struct rlimit>));
+int setrlimit(int resource, const struct rlimit *rlim : itype(_Ptr<const struct rlimit>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/sys/select.h
+++ b/include/sys/select.h
@ -0,0 +1,16 @@
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/select.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <sys/select_checked.h>
+#endif
--- a/include/sys/select_checked.h
+++ b/include/sys/select_checked.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in sys/select.h that           //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/select.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __SELECT_CHECKED_H
+#define __SELECT_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+int select(int nfds, fd_set *readfds : itype(_Ptr<fd_set>), fd_set *writefds : itype(_Ptr<fd_set>), fd_set *exceptfds : itype(_Ptr<fd_set>), struct timeval *timeout : itype(_Ptr<struct timeval>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/sys/socket.h
+++ b/include/sys/socket.h
@ -5,11 +5,10 @@
 /////////////////////////////////////////////////////////////////////////


-#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
-
 // The Windows environment may not have sys/socket.h
-#if defined __has_include_next
-#if __has_include_next(<sys/socket.h>)
+#if defined __has_include_next && __has_include_next(<sys/socket.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -22,9 +21,10 @@
 #pragma CHECKED_SCOPE pop
 #endif

-#endif // has socket.h
-#endif // defined __has_include_next
-
 #else // checkedc && implicit include enabled
 #include <sys/socket_checked.h>
 #endif
+
+#else // doesn't have sys/socket.h
+#error "cannot include 'sys/socket.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/sys/socket_checked.h
+++ b/include/sys/socket_checked.h
@ -5,8 +5,7 @@
 /////////////////////////////////////////////////////////////////////////

 // The Windows environment may not have sys/socket.h
-#if defined __has_include_next
-#if __has_include_next(<sys/socket.h>)
+#if defined __has_include_next && __has_include_next(<sys/socket.h>)

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -29,8 +28,6 @@
 #ifdef __APPLE__
 // Seems not to be a thing for Mac
 #define __THROW
-#define __CONST_SOCKADDR_ARG const struct sockaddr *
-#define __SOCKADDR_ARG struct sockaddr *__restrict
 #endif

 extern int socketpair (int __domain, int __type, int __protocol, 
@ -38,24 +35,24 @@ extern int socketpair (int __domain, int __type, int __protocol,

 extern int bind (
    int __fd, 
-    __CONST_SOCKADDR_ARG __addr : itype(_Ptr<const struct sockaddr>), 
+    const struct sockaddr *__addr : itype(_Ptr<const struct sockaddr>),
    socklen_t __len)
     __THROW;

 extern int getsockname (
    int __fd, 
-    __SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict), 
+    struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
    socklen_t *__restrict __len : itype(_Ptr<socklen_t> __restrict)
    ) __THROW;

 extern int connect (
    int __fd, 
-    __CONST_SOCKADDR_ARG __addr : itype(_Ptr<const struct sockaddr>), 
+    const struct sockaddr *__addr : itype(_Ptr<const struct sockaddr>),
    socklen_t __len);

 extern int getpeername (
    int __fd, 
-    __SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict), 
+    struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
    socklen_t *__restrict __len : itype(_Ptr<socklen_t> __restrict)
    ) __THROW;

@ -74,14 +71,14 @@ extern ssize_t sendto (
    const void *__buf : itype(_Array_ptr<const void>) byte_count(__n), 
    size_t __n, 
    int __flags, 
-    __CONST_SOCKADDR_ARG __addr : itype(_Ptr<const struct sockaddr>), 
+    const struct sockaddr *__addr : itype(_Ptr<const struct sockaddr>),
    socklen_t __addr_len);

 extern ssize_t recvfrom (
    int __fd, 
    void *__restrict __buf : itype(_Array_ptr<void> __restrict) byte_count(__n), 
    size_t __n, int __flags, 
-    __SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict), 
+    struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
    socklen_t *__restrict __addr_len : itype(_Ptr<socklen_t> __restrict));

 extern ssize_t sendmsg (
@ -124,13 +121,13 @@ extern int setsockopt (

 extern int accept (
    int __fd, 
-    __SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict), 
+    struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
    socklen_t *__restrict __addr_len : itype(_Ptr<socklen_t> __restrict));

 #ifdef __USE_GNU
 extern int accept4 (
    int __fd, 
-    __SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict), 
+    struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
    socklen_t *__restrict __addr_len : itype(_Ptr<socklen_t> __restrict), 
    int __flags);
 #endif
@ -140,5 +137,6 @@ extern int accept4 (
 #endif // guard
 #endif // Checked C

-#endif // has socket.h
-#endif // defined __has_include_next
+#else // doesn't have sys/socket.h
+#error "cannot include 'sys/socket_checked.h' because this system does not have the original 'sys/socket.h'"
+#endif
--- a/include/sys/stat.h
+++ b/include/sys/stat.h
@ -0,0 +1,28 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have sys/stat.h
+#if defined __has_include_next && __has_include_next(<sys/stat.h>)
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/stat.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <sys/stat_checked.h>
+#endif
+
+#else // doesn't have sys/stat.h
+#error "cannot include 'sys/stat.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/sys/stat_checked.h
+++ b/include/sys/stat_checked.h
@ -0,0 +1,36 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in sys/stat.h that             //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/stat.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __STAT_CHECKED_H
+#define __STAT_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+extern int mkdir(const char *pathname : itype(_Nt_array_ptr<const char>), mode_t mode);
+extern int chmod(const char *pathname : itype(_Nt_array_ptr<const char>), mode_t mode);
+extern int fstat(int fd, struct stat *buf : itype(_Ptr<struct stat>));
+extern int lstat(const char *restrict file : itype(restrict _Nt_array_ptr<const char>),
+                 struct stat *restrict buf : itype(restrict _Ptr<struct stat>));
+extern int stat(const char *restrict file : itype(restrict _Nt_array_ptr<const char>),
+                struct stat *restrict buf : itype(restrict _Ptr<struct stat>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/sys/time.h
+++ b/include/sys/time.h
@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/time.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <sys/time_checked.h>
+#endif
--- a/include/sys/time_checked.h
+++ b/include/sys/time_checked.h
@ -0,0 +1,65 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in sys/time.h that             //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/time.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __SYS_TIME_CHECKED_H
+#define __SYS_TIME_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+#ifdef __USE_MISC
+
+// The original system header has defined `struct timezone`, so we
+// should accommodate callers that pass a non-null `struct timezone *`
+// to gettimeofday. The man page shows the second parameter as `struct
+// timezone *tz`, but glibc has it as `void *`, and our redeclaration
+// must be consistent with that.
+//
+// ~ Matt 2022-01-05
+int gettimeofday(struct timeval * tv : itype(_Ptr<struct timeval>), void *tz : itype(_Array_ptr<void>) byte_count(sizeof(struct timezone)));
+
+int settimeofday(const struct timeval *tv : itype(_Ptr<const struct timeval>), const struct timezone *tz : itype(_Ptr<const struct timezone>));
+
+#else
+
+// `struct timezone` has not been defined, so we mustn't reference it
+// from the Checked C annotations. Currently, it looks like if we
+// leave the parameter type as an unchecked pointer (which requires us
+// to declare the function as _Unchecked here), gettimeofday can still
+// be called from a checked scope with a literal null pointer as the
+// argument, though there's a risk of the compiler behavior changing
+// and breaking this in the future.
+//
+// Another reasonable approach would be to declare the parameter
+// `bounds(any)` as described in the specification, but the Checked C
+// compiler doesn't seem to be able to parse that. (TODO: File an
+// issue?) The other obvious approaches (`_Array_ptr<void> :
+// bounds(unknown)`, `_Ptr<void>`) would allow pointers with
+// insufficient bounds to be passed.
+
+_Unchecked
+int gettimeofday(struct timeval * tv : itype(_Ptr<struct timeval>), void *tz);
+
+// glibc doesn't declare settimeofday in this case.
+
+#endif
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/sys/wait.h
+++ b/include/sys/wait.h
@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/wait.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <sys/wait_checked.h>
+#endif
--- a/include/sys/wait_checked.h
+++ b/include/sys/wait_checked.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in sys/wait.h that             //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <sys/wait.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __WAIT_CHECKED_H
+#define __WAIT_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+pid_t wait(int *wstatus : itype(_Ptr<int>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
--- a/include/syslog.h
+++ b/include/syslog.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have syslog.h
+#if defined __has_include_next && __has_include_next(<syslog.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <syslog.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <syslog_checked.h>
+#endif
+
+#else // doesn't have syslog.h
+#error "cannot include 'syslog.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/syslog_checked.h
+++ b/include/syslog_checked.h
@ -0,0 +1,68 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in syslog.h that               //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have syslog.h
+#if defined __has_include_next && __has_include_next(<syslog.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <syslog.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __SYSLOG_CHECKED_H
+#define __SYSLOG_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+void closelog(void);
+void openlog (const char *ident : itype(_Nt_array_ptr<const char>), int option, int facility);
+
+// TODO: Is this conditional right? There are two considerations:
+//
+// 1. Precedent in the Checked C system headers. I don't see any cases of
+//    __foo_chk without __builtin___foo_chk, but this is my best guess of what
+//    would be considered consistent.
+// 2. What's actually needed on the OSes we try to support (Linux, Windows, Mac
+//    OS), though we might go with a solution that is more complex than
+//    necessary if it's consistent with precedent.
+#if _FORTIFY_SOURCE == 0 || !defined(syslog)
+#undef syslog
+_Unchecked
+void syslog(int priority, const char * format : itype(_Nt_array_ptr<const char>), ...);
+#else
+_Unchecked
+void __syslog_chk(int priority, int flag, const char * format : itype(_Nt_array_ptr<const char>), ...);
+#endif
+
+// TODO: Can we assume that va_list has been included via the `#include_next
+// <syslog.h>`, analogous to the situation in stdio_checked.h?
+//
+// TODO: The same questions about the conditional as for `syslog`.
+#if _FORTIFY_SOURCE == 0 || !defined(vsyslog)
+#undef vsyslog
+_Unchecked
+void vsyslog(int priority, const char * format : itype(_Nt_array_ptr<const char>), va_list ap);
+#else
+_Unchecked
+void __vsyslog_chk(int priority, int flag, const char * format : itype(_Nt_array_ptr<const char>), va_list ap);
+#endif
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have syslog.h
+#error "cannot include 'syslog_checked.h' because this system does not have the original 'syslog.h'"
+#endif
--- a/include/threads.h
+++ b/include/threads.h
@ -5,12 +5,11 @@
 /////////////////////////////////////////////////////////////////////////


-#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
-
 // C implementations may not support the C11 threads package or even the
 // macro that says C11 threads are not supported.
-#if defined __has_include_next
-#if __has_include_next(<threads.h>)
+#if defined __has_include_next && __has_include_next(<threads.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -23,9 +22,10 @@
 #pragma CHECKED_SCOPE pop
 #endif

-#endif // has threads.h
-#endif // defined __has_include_next
-
 #else // checkedc && implicit include enabled
 #include <threads_checked.h>
 #endif
+
+#else // doesn't have threads.h
+#error "cannot include 'threads.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/threads_checked.h
+++ b/include/threads_checked.h
@ -23,8 +23,7 @@ typedef void (tss_dtor_t)(void *);
 struct timespec;
 #else

-#if defined __has_include_next
-#if __has_include_next(<threads.h>)
+#if defined __has_include_next && __has_include_next(<threads.h>)

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -37,8 +36,9 @@ struct timespec;
 #pragma CHECKED_SCOPE pop
 #endif

-#endif // has threads.h
-#endif // defined __has_include_next
+#else // doesn't have threads.h
+#error "cannot include 'threads_checked.h' because this system does not have the original 'threads.h'"
+#endif // threads.h
 #endif // _CHECKEDC_MOCKUP_THREADS


@ -57,7 +57,7 @@ void call_once(once_flag *flag : itype(_Ptr<once_flag>),

 int cnd_broadcast(cnd_t *condition : itype(_Ptr<cnd_t>));
 void cnd_destroy(cnd_t *condition : itype(_Ptr<cnd_t>));
-void cnd_init(cnd_t *condition : itype(_Ptr<cnd_t>));
+int cnd_init(cnd_t *condition : itype(_Ptr<cnd_t>));
 int cnd_signal(cnd_t *condition : itype(_Ptr<cnd_t>));
 int cnd_timedwait(cnd_t *restrict cond : itype(restrict _Ptr<cnd_t>),
                  mtx_t *restrict mutex: itype(restrict _Ptr<mtx_t>),
--- a/include/time_checked.h
+++ b/include/time_checked.h
@ -41,12 +41,14 @@ struct tm *gmtime(const time_t *timer : itype(_Ptr<const time_t>)) :
 struct tm *localtime(const time_t *timer : itype(_Ptr<const time_t>)) :
  itype(_Ptr<struct tm>);

-size_t strftime(char * restrict output : count(maxsize),
-                size_t maxsize,
+size_t strftime(char * restrict output : itype(restrict _Nt_array_ptr<char>) count(maxsize-1),
+                size_t maxsize _Where maxsize > 0,
                const char * restrict format : itype(restrict _Nt_array_ptr<const char>),
                const struct tm * restrict timeptr :
                   itype(restrict _Ptr<const struct tm>));

+int nanosleep(const struct timespec *req : itype(_Ptr<const struct timespec>), struct timespec *rem : itype(_Ptr<struct timespec>));
+
 #pragma CHECKED_SCOPE pop

 #endif // guard
--- a/include/unistd.h
+++ b/include/unistd.h
@ -5,13 +5,12 @@
 /////////////////////////////////////////////////////////////////////////


-#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
-
 // Uses clang-specific __has_include macro to detect unistd.h
 // which is required by Posix Standard.
 // The Windows environment also may not have unistd.h
-#if defined __has_include_next
-#if __has_include_next(<unistd.h>)
+#if defined __has_include_next && __has_include_next(<unistd.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -24,9 +23,10 @@
 #pragma CHECKED_SCOPE pop
 #endif

-#endif // has unistd.h
-#endif // defined __has_include_next
-
 #else // checkedc && implicit include enabled
 #include <unistd_checked.h>
 #endif
+
+#else // doesn't have unistd.h
+#error "cannot include 'unistd.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/unistd_checked.h
+++ b/include/unistd_checked.h
@ -9,8 +9,7 @@
 // Uses clang-specific __has_include macro to detect unistd.h
 // which is required by Posix Standard.
 // The Windows environment also may not have unistd.h
-#if defined __has_include_next
-#if __has_include_next(<unistd.h>)
+#if defined __has_include_next && __has_include_next(<unistd.h>)

 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@ -32,8 +31,22 @@

 #if _POSIX_VERSION >= 200112L

+char *getpass(const char *prompt : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
+char *crypt(const char *phrase : itype(_Nt_array_ptr<const char>), const char *setting : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
+
 extern char ** environ : itype(_Nt_array_ptr<_Nt_array_ptr<char>>);

+extern char *getcwd(char *buf : itype(_Nt_array_ptr<char>) count(size-1),
+                    size_t size _Where size > 0) : itype(_Nt_array_ptr<char>);
+extern int rmdir(const char *pathname : itype(_Nt_array_ptr<const char>));
+extern int chdir(const char *p_dirname : itype(_Nt_array_ptr<const char>));
+// Caution: Does not null-terminate `buf`.
+extern ssize_t readlink (const char *restrict path : itype(restrict _Nt_array_ptr<const char>),
+                         char *restrict buf : count(len), size_t len);
+extern int chroot(const char *dirname : itype(_Nt_array_ptr<const char>));
+int unlink(const char *pathname : itype(_Nt_array_ptr<const char>));
+int mkstemp(char *template : itype(_Nt_array_ptr<char>));
+
 #ifdef __APPLE__

 extern int access (const char *__name : itype(_Nt_array_ptr<const char>), int __type);
@ -47,6 +60,16 @@ extern ssize_t read (int __fd, void *__buf : byte_count(__nbytes), size_t __nbyt
 extern ssize_t write (int __fd, const void *__buf : byte_count(__n), size_t __n) __wur;

 #endif
+
+extern int execve(const char *pathname : itype(_Nt_array_ptr<const char>),
+                  char * const *argv : itype(_Nt_array_ptr<const _Nt_array_ptr<char>>),
+                  char * const *envp : itype(_Nt_array_ptr<const _Nt_array_ptr<char>>));
+
+// Caution: Does not null-terminate `name` on overflow.
+int gethostname(char *name : count(len), size_t len);
+
+extern char *getusershell(void) : itype(_Nt_array_ptr<char>);
+
 #endif

 #pragma CHECKED_SCOPE pop
@ -54,5 +77,6 @@ extern ssize_t write (int __fd, const void *__buf : byte_count(__n), size_t __n)
 #endif // guard
 #endif // Checked C

-#endif // has unistd.h
-#endif // defined __has_include_next
+#else // doesn't have unistd.h
+#error "cannot include 'unistd_checked.h' because this system does not have the original 'unistd.h'"
+#endif
--- a/include/utime.h
+++ b/include/utime.h
@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have utime.h
+#if defined __has_include_next && __has_include_next(<utime.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <utime.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <utime_checked.h>
+#endif
+
+#else // doesn't have utime.h
+#error "cannot include 'utime.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif
--- a/include/utime_checked.h
+++ b/include/utime_checked.h
@ -0,0 +1,38 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in utime.h that                //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have utime.h
+#if defined __has_include_next && __has_include_next(<utime.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <utime.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __UTIME_CHECKED_H
+#define __UTIME_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+extern int utime (const char *file : itype(_Nt_array_ptr<const char>),
+                  const struct utimbuf *file_times : itype(_Ptr<const struct utimbuf>));
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have utime.h
+#error "cannot include 'utime_checked.h' because this system does not have the original 'utime.h'"
+#endif
--- a/tests/checked_headers/redeclare_libs_explicit.c
+++ b/tests/checked_headers/redeclare_libs_explicit.c
@ -92,29 +92,22 @@
 // CHECK_DISABLED: string_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

-#define _CHECKEDC_MOCKUP_THREADS 1
-#include <threads_checked.h>
-// CHECK_ENABLED: threads_checked.h
-// CHECK_ENABLED: #pragma CHECKED_SCOPE on
-// CHECK_DISABLED: threads_checked.h
-// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
-
 #include <time_checked.h>
 // CHECK_ENABLED: time_checked.h
 // CHECK_ENABLED: #pragma CHECKED_SCOPE on
 // CHECK_DISABLED: time_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

+// Headers that are not in the C standard but are still present on Windows
+
+#include <fcntl_checked.h>
+// CHECK_ENABLED: fcntl_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: fcntl_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
 #include <checkedc_extensions.h>
 // CHECK_ENABLED: checkedc_extensions.h
 // CHECK_ENABLED: #pragma CHECKED_SCOPE on
 // CHECK_DISABLED: checkedc_extensions.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
-
-
-
-// Posix Headers
-// These header files may or may not be present in all environments.
-#include <unistd_checked.h>
-#include <sys/socket_checked.h>
-#include <arpa/inet_checked.h>
--- a/tests/checked_headers/redeclare_libs_explicit_linux.c
+++ b/tests/checked_headers/redeclare_libs_explicit_linux.c
@ -20,6 +20,12 @@
 #pragma CHECKED_SCOPE on
 #endif

+// C11 headers, supported on Linux but not Windows
+#include <threads_checked.h>
+// CHECK_ENABLED: threads_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: threads_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

 // Posix Headers
 // These header files are not present in the Windows compilation environment.
@ -35,8 +41,51 @@
 // CHECK_DISABLED: socket_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

+#include <sys/stat_checked.h>
+// CHECK_ENABLED: stat_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: stat_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
 #include <arpa/inet_checked.h>
 // CHECK_ENABLED: inet_checked.h
 // CHECK_ENABLED: #pragma CHECKED_SCOPE on
 // CHECK_DISABLED: inet_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <grp_checked.h>
+// CHECK_ENABLED: grp_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: grp_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <netdb_checked.h>
+// CHECK_ENABLED: netdb_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: netdb_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <poll_checked.h>
+// CHECK_ENABLED: poll_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: poll_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <pwd_checked.h>
+// CHECK_ENABLED: pwd_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: pwd_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <syslog_checked.h>
+// CHECK_ENABLED: syslog_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: syslog_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <utime_checked.h>
+// CHECK_ENABLED: utime_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED: utime_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
--- a/tests/checked_headers/redeclare_libs_implicit.c
+++ b/tests/checked_headers/redeclare_libs_implicit.c
@ -91,23 +91,16 @@
 // CHECK_DISABLED-NOT: string_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

-#define _CHECKEDC_MOCKUP_THREADS 1
-#include <threads.h>
-// CHECK_ENABLED: threads_checked.h
-// CHECK_ENABLED: #pragma CHECKED_SCOPE on
-// CHECK_DISABLED-NOT: threads_checked.h
-// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
-
 #include <time.h>
 // CHECK_ENABLED: time_checked.h
 // CHECK_ENABLED: #pragma CHECKED_SCOPE on
 // CHECK_DISABLED-NOT: time_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

+// Headers that are not in the C standard but are still present on Windows

-
-// Posix Headers
-// These header files may or may not be present in all environments.
-#include <unistd.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
+#include <fcntl.h>
+// CHECK_ENABLED: fcntl_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: fcntl_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
--- a/tests/checked_headers/redeclare_libs_implicit_linux.c
+++ b/tests/checked_headers/redeclare_libs_implicit_linux.c
@ -14,6 +14,13 @@
 // Checked headers are disabled because implicit inclusion is disabled.
 // RUN: %clang -DNO_IMPLICIT_INCLUDE_CHECKED_HDRS -E %s | FileCheck %s --check-prefix CHECK_DISABLED

+// C11 headers supported on Linux, but not on Windows
+#define _CHECKEDC_MOCKUP_THREADS 1
+#include <threads.h>
+// CHECK_ENABLED: threads_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: threads_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

 // Posix Headers
 // These header files are not present in the Windows compilation environment.
@ -29,8 +36,50 @@
 // CHECK_DISABLED-NOT: socket_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on

+#include <sys/stat.h>
+// CHECK_ENABLED: stat_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: stat_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
 #include <arpa/inet.h>
 // CHECK_ENABLED: inet_checked.h
 // CHECK_ENABLED: #pragma CHECKED_SCOPE on
 // CHECK_DISABLED-NOT: inet_checked.h
 // CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <grp.h>
+// CHECK_ENABLED: grp_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: grp_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <netdb.h>
+// CHECK_ENABLED: netdb_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: netdb_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <poll.h>
+// CHECK_ENABLED: poll_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: poll_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <pwd.h>
+// CHECK_ENABLED: pwd_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: pwd_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <syslog.h>
+// CHECK_ENABLED: syslog_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: syslog_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
+
+#include <utime.h>
+// CHECK_ENABLED: utime_checked.h
+// CHECK_ENABLED: #pragma CHECKED_SCOPE on
+// CHECK_DISABLED-NOT: utime_checked.h
+// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
--- a/tests/checked_headers/redeclare_libs_mixed.c
+++ b/tests/checked_headers/redeclare_libs_mixed.c
@ -56,22 +56,16 @@
 // CHECK_MIXED: string_checked.h
 // CHECK_MIXED: #pragma CHECKED_SCOPE on

-#define _CHECKEDC_MOCKUP_THREADS 1
-#include <threads.h>
-// CHECK_MIXED-NOT: threads_checked.h
-// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
-
 #include <time_checked.h>
 // CHECK_MIXED: time_checked.h
 // CHECK_MIXED: #pragma CHECKED_SCOPE on

+// Headers that are not in the C standard but are still present on Windows
+
+#include <fcntl.h>
+// CHECK_MIXED-NOT: fcntl_checked.h
+// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
+
 #include <checkedc_extensions.h>
 // CHECK_MIXED: checkedc_extensions.h
 // CHECK_MIXED: #pragma CHECKED_SCOPE on
-
-
-// Posix Headers
-// These header files may or may not be present in all environments.
-#include <unistd_checked.h>
-#include <sys/socket.h>
-#include <arpa/inet_checked.h>
--- a/tests/checked_headers/redeclare_libs_mixed_linux.c
+++ b/tests/checked_headers/redeclare_libs_mixed_linux.c
@ -17,6 +17,10 @@
 // foo_checked.h is included for a system header file foo.h.
 // RUN: %clang -DNO_IMPLICIT_INCLUDE_CHECKED_HDRS -E %s | FileCheck %s --check-prefix CHECK_MIXED

+// C11 headers, supported on Linux but not Windows
+#include <threads.h>
+// CHECK_MIXED-NOT: threads_checked.h
+// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on

 // Posix Headers
 // These header files are not present in the Windows compilation environment.
@ -28,6 +32,34 @@
 // CHECK_MIXED-NOT: socket_checked.h
 // CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on

+#include <sys/stat_checked.h>
+// CHECK_MIXED: stat_checked.h
+// CHECK_MIXED: #pragma CHECKED_SCOPE on
+
 #include <arpa/inet_checked.h>
 // CHECK_MIXED: inet_checked.h
 // CHECK_MIXED: #pragma CHECKED_SCOPE on
+
+#include <grp.h>
+// CHECK_MIXED-NOT: grp_checked.h
+// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
+
+#include <netdb_checked.h>
+// CHECK_MIXED: netdb_checked.h
+// CHECK_MIXED: #pragma CHECKED_SCOPE on
+
+#include <poll.h>
+// CHECK_MIXED-NOT: poll_checked.h
+// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
+
+#include <pwd_checked.h>
+// CHECK_MIXED: pwd_checked.h
+// CHECK_MIXED: #pragma CHECKED_SCOPE on
+
+#include <syslog.h>
+// CHECK_MIXED-NOT: syslog_checked.h
+// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
+
+#include <utime_checked.h>
+// CHECK_MIXED: utime_checked.h
+// CHECK_MIXED: #pragma CHECKED_SCOPE on