Merge pull request #479 from secure-sw-dev/3c-headers-update
This includes header files changes that Correct Computation made in porting existing C code to Checked C using their 3C tool. The 3C repo is at https://github.com/correctcomputation/checkedc. This includes a few changes to header files to fix tests that fail on Windows. I'm doing a squash merge so that we include history from several years of changes by 3C to header files as they ported code. Testing: - Built for x64 for Windows and Linux. - Passes Checked C and clang testing for x64 for Windows and Linux.
This commit is contained in:
Коммит
24a60e59df
|
@ -10,14 +10,30 @@
|
|||
set(files
|
||||
assert_checked.h
|
||||
assert.h
|
||||
crypt_checked.h
|
||||
crypt.h
|
||||
dirent_checked.h
|
||||
dirent.h
|
||||
errno_checked.h
|
||||
errno.h
|
||||
fcntl.h
|
||||
fcntl_checked.h
|
||||
fenv_checked.h
|
||||
fenv.h
|
||||
grp_checked.h
|
||||
grp.h
|
||||
inttypes_checked.h
|
||||
inttypes_checked_internal.h
|
||||
math_checked.h
|
||||
math.h
|
||||
netdb_checked.h
|
||||
netdb.h
|
||||
poll_checked.h
|
||||
poll.h
|
||||
pwd_checked.h
|
||||
pwd.h
|
||||
shadow_checked.h
|
||||
shadow.h
|
||||
signal_checked.h
|
||||
signal.h
|
||||
stdchecked.h
|
||||
|
@ -27,8 +43,12 @@ set(files
|
|||
stdlib.h
|
||||
string_checked.h
|
||||
string.h
|
||||
syslog_checked.h
|
||||
syslog.h
|
||||
threads_checked.h
|
||||
threads.h
|
||||
utime_checked.h
|
||||
utime.h
|
||||
time_checked.h
|
||||
time.h
|
||||
unistd_checked.h
|
||||
|
@ -45,8 +65,20 @@ set(posix_arpa_files
|
|||
)
|
||||
|
||||
set(posix_sys_files
|
||||
sys/mman_checked.h
|
||||
sys/mman.h
|
||||
sys/resource_checked.h
|
||||
sys/resource.h
|
||||
sys/select_checked.h
|
||||
sys/select.h
|
||||
sys/socket_checked.h
|
||||
sys/socket.h
|
||||
sys/stat_checked.h
|
||||
sys/stat.h
|
||||
sys/time_checked.h
|
||||
sys/time.h
|
||||
sys/wait_checked.h
|
||||
sys/wait.h
|
||||
)
|
||||
|
||||
# Hack - compute the CLANG version from the LLVM version. The
|
||||
|
@ -80,14 +112,14 @@ install(
|
|||
|
||||
install(
|
||||
FILES ${posix_arpa_files}
|
||||
COMPONENT clang-headers
|
||||
COMPONENT checkedc-headers
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
|
||||
DESTINATION lib${LLVM_LIBDIR_SUFFIX}/clang/${CHECKEDC_CLANG_VERSION}/include/arpa
|
||||
)
|
||||
|
||||
install(
|
||||
FILES ${posix_sys_files}
|
||||
COMPONENT clang-headers
|
||||
COMPONENT checkedc-headers
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
|
||||
DESTINATION lib${LLVM_LIBDIR_SUFFIX}/clang/${CHECKEDC_CLANG_VERSION}/include/sys
|
||||
)
|
||||
|
|
|
@ -42,7 +42,7 @@ int __builtin___sprintf_chk(char * restrict buffer : itype(restrict _Nt_array_pt
|
|||
#if __has_builtin(__builtin___snprintf_chk) || defined(__GNUC__)
|
||||
// snprintf
|
||||
extern _Unchecked
|
||||
int __snprintf_chk(char * restrict buffer : count(maxlen),
|
||||
int __snprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
|
||||
size_t maxlen,
|
||||
int flag,
|
||||
size_t obj_size,
|
||||
|
@ -51,7 +51,7 @@ int __snprintf_chk(char * restrict buffer : count(maxlen),
|
|||
...);
|
||||
|
||||
_Unchecked
|
||||
int __builtin___snprintf_chk(char * restrict buffer : count(maxlen),
|
||||
int __builtin___snprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
|
||||
size_t maxlen,
|
||||
int flag,
|
||||
size_t obj_size,
|
||||
|
@ -85,8 +85,8 @@ int __builtin___vsprintf_chk(char * restrict buffer : itype(restrict _Nt_array_p
|
|||
#if __has_builtin(__builtin___vsnprintf_chk) || defined(__GNUC__)
|
||||
// vsnprintf
|
||||
extern _Unchecked
|
||||
int __vsnprintf_chk(char * restrict buffer : count(maxlen),
|
||||
size_t maxlen,
|
||||
int __vsnprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen-1),
|
||||
size_t maxlen _Where maxlen > 0,
|
||||
int flag,
|
||||
size_t obj_size,
|
||||
const char * restrict format :
|
||||
|
@ -94,8 +94,8 @@ int __vsnprintf_chk(char * restrict buffer : count(maxlen),
|
|||
va_list);
|
||||
|
||||
_Unchecked
|
||||
int __builtin___vsnprintf_chk(char * restrict buffer : count(maxlen),
|
||||
size_t maxlen,
|
||||
int __builtin___vsnprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen-1),
|
||||
size_t maxlen _Where maxlen > 0,
|
||||
int flag,
|
||||
size_t obj_size,
|
||||
const char * restrict format :
|
||||
|
|
|
@ -5,11 +5,10 @@
|
|||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
// The Windows environment may not have arpa/inet.h
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<arpa/inet.h>)
|
||||
#if defined __has_include_next && __has_include_next(<arpa/inet.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -22,9 +21,10 @@
|
|||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#endif // has inet.h
|
||||
#endif // defined __has_include_next
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <arpa/inet_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have arpa/inet.h
|
||||
#error "cannot include 'arpa/inet.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
||||
|
|
|
@ -6,8 +6,7 @@
|
|||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have arpa/inet.h
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<arpa/inet.h>)
|
||||
#if defined __has_include_next && __has_include_next(<arpa/inet.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -28,12 +27,24 @@
|
|||
#pragma CHECKED_SCOPE on
|
||||
|
||||
extern in_addr_t inet_addr (const char *__cp : itype(_Nt_array_ptr<const char>)) __THROW;
|
||||
extern int inet_aton(const char *cp : itype(_Nt_array_ptr<const char>),
|
||||
struct in_addr *inp : itype(_Ptr<struct in_addr>));
|
||||
|
||||
extern char *inet_ntoa(struct in_addr) : itype(_Nt_array_ptr<char>);
|
||||
extern const char *inet_ntop(int af,
|
||||
const void *restrict src : byte_count(af == AF_INET ? 4 : 16),
|
||||
char *restrict dst : itype(restrict _Nt_array_ptr<char>) count(size-1),
|
||||
socklen_t size _Where size > 0)
|
||||
: itype(_Nt_array_ptr<const char>);
|
||||
extern int inet_pton(int af,
|
||||
const char *restrict src : itype(restrict _Nt_array_ptr<const char>),
|
||||
void *restrict dst : byte_count(af == AF_INET ? 4 : 16));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#endif // has inet.h
|
||||
#endif // defined __has_include_next
|
||||
#else // doesn't have arpa/inet.h
|
||||
#error "cannot include 'arpa/inet_checked.h' because this system does not have the original 'arpa/inet.h'"
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// Uses clang-specific __has_include macro to detect unistd.h
|
||||
// which is required by Posix Standard.
|
||||
// The Windows environment also may not have unistd.h
|
||||
#if defined __has_include_next && __has_include_next(<crypt.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <crypt.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <crypt_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have unistd.h
|
||||
#error "cannot include 'crypt.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in crypt.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <crypt.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __CRYPT_CHECKED_H
|
||||
#define __CRYPT_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
char * crypt(const char *phrase : itype(_Nt_array_ptr<const char>), const char *setting : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,23 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <dirent.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <dirent_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,34 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for some functions in dirent.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <dirent.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __DIRENT_CHECKED_H
|
||||
#define __DIRENT_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
DIR *opendir(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<DIR>);
|
||||
DIR *fdopendir(int fd) : itype(_Ptr<DIR>);
|
||||
int closedir(DIR *dirp : itype(_Ptr<DIR>));
|
||||
struct dirent *readdir(DIR *dirp : itype(_Ptr<DIR>)) : itype(_Ptr<struct dirent>);
|
||||
int dirfd(DIR *dirp : itype(_Ptr<DIR>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,23 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <fcntl.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <fcntl_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,31 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for some functions in fcntl.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <fcntl.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __FCNTL_CHECKED_H
|
||||
#define __FCNTL_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
_Unchecked
|
||||
int open(const char *pathname : itype(_Nt_array_ptr<const char>), int flags, ...);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// The Windows environment may not have grp.h
|
||||
#if defined __has_include_next && __has_include_next(<grp.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <grp.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <grp_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have grp.h
|
||||
#error "cannot include 'grp.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,37 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in grp.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have grp.h
|
||||
#if defined __has_include_next && __has_include_next(<grp.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <grp.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __GRP_CHECKED_H
|
||||
#define __GRP_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
int initgroups(const char *user : itype(_Nt_array_ptr<const char>), gid_t group);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#else // doesn't have grp.h
|
||||
#error "cannot include 'grp_checked.h' because this system does not have the original 'grp.h'"
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// The Windows environment may not have netdb.h
|
||||
#if defined __has_include_next && __has_include_next(<netdb.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <netdb.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <netdb_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have netdb.h
|
||||
#error "cannot include 'netdb.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,45 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in netdb.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have netdb.h
|
||||
#if defined __has_include_next && __has_include_next(<netdb.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <netdb.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __NETDB_CHECKED_H
|
||||
#define __NETDB_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
extern struct hostent *gethostbyname(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct hostent>);
|
||||
extern struct hostent *gethostbyaddr(const void *addr : byte_count(len), socklen_t len, int type) : itype(_Ptr<struct hostent>);
|
||||
|
||||
int getaddrinfo(const char *restrict node : itype(_Nt_array_ptr<const char> restrict),
|
||||
const char *restrict service : itype(_Nt_array_ptr<const char> restrict),
|
||||
const struct addrinfo *restrict hints : itype(_Ptr<const struct addrinfo> restrict),
|
||||
struct addrinfo **restrict res : itype(_Ptr<_Ptr<struct addrinfo>> restrict));
|
||||
void freeaddrinfo(struct addrinfo *res : itype(_Ptr<struct addrinfo>));
|
||||
const char *gai_strerror(int errcode) : itype(_Nt_array_ptr<const char>);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#else // doesn't have netdb.h
|
||||
#error "cannot include 'netdb_checked.h' because this system does not have the original 'netdb.h'"
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// The Windows environment may not have poll.h
|
||||
#if defined __has_include_next && __has_include_next(<poll.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <poll.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <poll_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have poll.h
|
||||
#error "cannot include 'poll.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,37 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in poll.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have poll.h
|
||||
#if defined __has_include_next && __has_include_next(<poll.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <poll.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __POLL_CHECKED_H
|
||||
#define __POLL_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
extern int poll(struct pollfd fds[] : count(nfds), nfds_t nfds, int timeout);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#else // doesn't have poll.h
|
||||
#error "cannot include 'poll_checked.h' because this system does not have the original 'poll.h'"
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// The Windows environment may not have pwd.h
|
||||
#if defined __has_include_next && __has_include_next(<pwd.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <pwd.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <pwd_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have pwd.h
|
||||
#error "cannot include 'pwd.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,47 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in pwd.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have pwd.h
|
||||
#if defined __has_include_next && __has_include_next(<pwd.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <pwd.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __PWD_CHECKED_H
|
||||
#define __PWD_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
struct passwd *getpwnam(const char *user : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct passwd>);
|
||||
int getpwnam_r(const char *user : itype(_Nt_array_ptr<const char>),
|
||||
struct passwd *pwd : itype(_Ptr<struct passwd>),
|
||||
char *buf : byte_count(bufsize),
|
||||
size_t bufsize, struct passwd **result : itype(_Ptr<_Ptr<struct passwd>>));
|
||||
|
||||
struct passwd *getpwuid(uid_t uid) : itype(_Ptr<struct passwd>);
|
||||
int getpwuid_r(uid_t uid,
|
||||
struct passwd *pwd : itype(_Ptr<struct passwd>),
|
||||
char *buf : byte_count(bufsize),
|
||||
size_t bufsize, struct passwd **result : itype(_Ptr<_Ptr<struct passwd>>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#else // doesn't have pwd.h
|
||||
#error "cannot include 'pwd_checked.h' because this system does not have the original 'pwd.h'"
|
||||
#endif
|
|
@ -0,0 +1,32 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// Uses clang-specific __has_include macro to detect unistd.h
|
||||
// which is required by Posix Standard.
|
||||
// The Windows environment also may not have unistd.h
|
||||
#if defined __has_include_next && __has_include_next(<shadow.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <shadow.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <shadow_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have unistd.h
|
||||
#error "cannot include 'shadow.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in shadow.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <shadow.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __SHADOW_CHECKED_H
|
||||
#define __SHADOW_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
struct spwd *getspnam(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct spwd>);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -28,6 +28,27 @@ void (*signal(int sig,
|
|||
) : itype(_Ptr<void (int)>) // bounds-safe interface for signal return
|
||||
)(int);
|
||||
|
||||
_Unchecked
|
||||
void (*sigset(int sig,
|
||||
void ((*func)(int)) :
|
||||
itype(_Ptr<void (int)>) // bound-safe interface for func
|
||||
) : itype(_Ptr<void (int)>) // bounds-safe interface for signal return
|
||||
)(int);
|
||||
|
||||
#ifdef _POSIX_C_SOURCE
|
||||
int sigemptyset(sigset_t *set : itype(_Ptr<sigset_t>));
|
||||
int sigfillset(sigset_t *set : itype(_Ptr<sigset_t>));
|
||||
int sigaddset(sigset_t *set : itype(_Ptr<sigset_t>), int signum);
|
||||
int sigdelset(sigset_t *set : itype(_Ptr<sigset_t>), int signum);
|
||||
int sigismember(const sigset_t *set : itype(_Ptr<const sigset_t>), int signum);
|
||||
|
||||
int sigaction(int signum, const struct sigaction *act : itype(_Ptr<const struct sigaction>),
|
||||
struct sigaction *oldact : itype(_Ptr<struct sigaction>));
|
||||
|
||||
|
||||
int sigprocmask(int how, const sigset_t *set : itype(_Ptr<const sigset_t>), sigset_t *oldset : itype(_Ptr<sigset_t>));
|
||||
#endif // _POSIX_C_SOURCE
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
|
|
|
@ -46,6 +46,7 @@ int fclose(FILE *stream : itype(_Ptr<FILE>));
|
|||
int fflush(FILE *stream : itype(_Ptr<FILE>));
|
||||
FILE *fopen(const char * restrict filename : itype(restrict _Nt_array_ptr<const char>),
|
||||
const char * restrict mode : itype(restrict _Nt_array_ptr<const char>)) : itype(_Ptr<FILE>);
|
||||
FILE *fdopen(int fd, const char *mode : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<FILE>);
|
||||
FILE *freopen(const char * restrict filename : itype(restrict _Nt_array_ptr<const char>),
|
||||
const char * restrict mode : itype(restrict _Nt_array_ptr<const char>),
|
||||
FILE * restrict stream : itype(restrict _Ptr<FILE>)) :
|
||||
|
@ -148,8 +149,9 @@ int vscanf(const char * restrict format : itype(restrict _Nt_array_ptr<const cha
|
|||
#if _FORTIFY_SOURCE == 0 || !defined(vsnprintf)
|
||||
#undef vsnprintf
|
||||
_Unchecked
|
||||
int vsnprintf(char * restrict s : count(n), size_t n,
|
||||
const char * restrict format,
|
||||
int vsnprintf(char * restrict s : itype(restrict _Nt_array_ptr<char>) count(n-1),
|
||||
size_t n _Where n > 0,
|
||||
const char * restrict format : itype(restrict _Nt_array_ptr<const char>),
|
||||
va_list arg);
|
||||
#endif
|
||||
|
||||
|
@ -202,6 +204,8 @@ int feof(FILE *stream : itype(_Ptr<FILE>));
|
|||
int ferror(FILE *stream : itype(_Ptr<FILE>));
|
||||
void perror(const char *s : itype(_Nt_array_ptr<const char>));
|
||||
|
||||
int fileno (FILE *stream : itype(_Ptr<FILE>));
|
||||
|
||||
#include "_builtin_stdio_checked.h"
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
|
|
@ -74,9 +74,14 @@ void *aligned_alloc(size_t alignment, size_t size) : byte_count(size);
|
|||
_Itype_for_any(T) void *calloc(size_t nmemb, size_t size) : itype(_Array_ptr<T>) byte_count(nmemb * size);
|
||||
_Itype_for_any(T) void free(void *pointer : itype(_Array_ptr<T>) byte_count(0));
|
||||
_Itype_for_any(T) void *malloc(size_t size) : itype(_Array_ptr<T>) byte_count(size);
|
||||
_Itype_for_any(T) void *realloc(void *pointer : itype(_Array_ptr<T>) byte_count(1), size_t size) : itype(_Array_ptr<T>) byte_count(size);
|
||||
_Itype_for_any(T) void *realloc(void *pointer : itype(_Array_ptr<T>) byte_count(0), size_t size) : itype(_Array_ptr<T>) byte_count(size);
|
||||
|
||||
char *getenv(const char *n : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
|
||||
#if defined(_WIN32) || defined(_WIN64)
|
||||
int putenv(const char *string : itype(_Nt_array_ptr<const char>));
|
||||
#else
|
||||
int putenv(char *string : itype(_Nt_array_ptr<char>));
|
||||
#endif
|
||||
|
||||
int atexit(void ((*func)(void)) : itype(_Ptr<void (void)>));
|
||||
int atquick_exit(void ((*func)(void)) : itype(_Ptr<void (void)>));
|
||||
|
@ -123,6 +128,12 @@ size_t wcstombs(char * restrict output : count(n),
|
|||
itype(restrict _Nt_array_ptr<const wchar_t>),
|
||||
size_t n);
|
||||
|
||||
// This is a Linux-specific extension to stdlib.h.
|
||||
#if defined __has_include && __has_include(<linux/limits.h>)
|
||||
#include <linux/limits.h>
|
||||
char *realpath(const char *path : itype(_Nt_array_ptr<const char>), char *resolved_path : itype(_Array_ptr<char>) count(PATH_MAX)) : itype(_Nt_array_ptr<char>);
|
||||
#endif
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
|
|
|
@ -121,6 +121,8 @@ int memcmp(const void *src1 : byte_count(n), const void *src2 : byte_count(n),
|
|||
|
||||
int strcmp(const char *src1 : itype(_Nt_array_ptr<const char>),
|
||||
const char *src2 : itype(_Nt_array_ptr<const char>));
|
||||
int strcasecmp(const char *src1 : itype(_Nt_array_ptr<const char>),
|
||||
const char *src2 : itype(_Nt_array_ptr<const char>));
|
||||
int strcoll(const char *src1 : itype(_Nt_array_ptr<const char>),
|
||||
const char *src2 : itype(_Nt_array_ptr<const char>));
|
||||
|
||||
|
@ -134,6 +136,9 @@ int strcoll(const char *src1 : itype(_Nt_array_ptr<const char>),
|
|||
int strncmp(const char *src : itype(_Nt_array_ptr<const char>),
|
||||
const char *s2 : itype(_Nt_array_ptr<const char>),
|
||||
size_t n);
|
||||
int strncasecmp(const char *src : itype(_Nt_array_ptr<const char>),
|
||||
const char *s2 : itype(_Nt_array_ptr<const char>),
|
||||
size_t n);
|
||||
|
||||
size_t strxfrm(char * restrict dest : count(n),
|
||||
const char * restrict src :
|
||||
|
@ -167,6 +172,7 @@ char *strerror(int errnum) : itype(_Nt_array_ptr<char>);
|
|||
size_t strlen(const char *s : itype(_Nt_array_ptr<const char>));
|
||||
|
||||
char *strdup(const char *s : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
|
||||
char *strndup(const char *s : itype(_Nt_array_ptr<const char>), size_t n) : itype(_Nt_array_ptr<char>);
|
||||
|
||||
#include "_builtin_string_checked.h"
|
||||
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/mman.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/mman_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,32 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in sys/mman.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/mman.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __MMAN_CHECKED_H
|
||||
#define __MMAN_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
_Itype_for_any(T) void * mmap(void *addr : itype(_Array_ptr<T>) byte_count(0), size_t length, int prot, int flags, int fd, off_t offset) : itype(_Array_ptr<T>) byte_count(length);
|
||||
_Itype_for_any(T) int munmap(void *addr : itype(_Array_ptr<T>) byte_count(length), size_t length);
|
||||
_Itype_for_any(T) int mprotect(void *addr : itype(_Array_ptr<T>) byte_count(len) , size_t len, int prot);
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,23 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/resource.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/resource_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,31 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in sys/resource.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/resource.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __RESOURCE_CHECKED_H
|
||||
#define __RESOURCE_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
int getrlimit(int resource, struct rlimit *rlim : itype(_Ptr<struct rlimit>));
|
||||
int setrlimit(int resource, const struct rlimit *rlim : itype(_Ptr<const struct rlimit>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,16 @@
|
|||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/select.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/select_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in sys/select.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/select.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __SELECT_CHECKED_H
|
||||
#define __SELECT_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
int select(int nfds, fd_set *readfds : itype(_Ptr<fd_set>), fd_set *writefds : itype(_Ptr<fd_set>), fd_set *exceptfds : itype(_Ptr<fd_set>), struct timeval *timeout : itype(_Ptr<struct timeval>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -5,11 +5,10 @@
|
|||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
// The Windows environment may not have sys/socket.h
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<sys/socket.h>)
|
||||
#if defined __has_include_next && __has_include_next(<sys/socket.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -22,9 +21,10 @@
|
|||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#endif // has socket.h
|
||||
#endif // defined __has_include_next
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/socket_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have sys/socket.h
|
||||
#error "cannot include 'sys/socket.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
||||
|
|
|
@ -5,8 +5,7 @@
|
|||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have sys/socket.h
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<sys/socket.h>)
|
||||
#if defined __has_include_next && __has_include_next(<sys/socket.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -29,8 +28,6 @@
|
|||
#ifdef __APPLE__
|
||||
// Seems not to be a thing for Mac
|
||||
#define __THROW
|
||||
#define __CONST_SOCKADDR_ARG const struct sockaddr *
|
||||
#define __SOCKADDR_ARG struct sockaddr *__restrict
|
||||
#endif
|
||||
|
||||
extern int socketpair (int __domain, int __type, int __protocol,
|
||||
|
@ -38,24 +35,24 @@ extern int socketpair (int __domain, int __type, int __protocol,
|
|||
|
||||
extern int bind (
|
||||
int __fd,
|
||||
__CONST_SOCKADDR_ARG __addr : itype(_Ptr<const struct sockaddr>),
|
||||
const struct sockaddr *__addr : itype(_Ptr<const struct sockaddr>),
|
||||
socklen_t __len)
|
||||
__THROW;
|
||||
|
||||
extern int getsockname (
|
||||
int __fd,
|
||||
__SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
socklen_t *__restrict __len : itype(_Ptr<socklen_t> __restrict)
|
||||
) __THROW;
|
||||
|
||||
extern int connect (
|
||||
int __fd,
|
||||
__CONST_SOCKADDR_ARG __addr : itype(_Ptr<const struct sockaddr>),
|
||||
const struct sockaddr *__addr : itype(_Ptr<const struct sockaddr>),
|
||||
socklen_t __len);
|
||||
|
||||
extern int getpeername (
|
||||
int __fd,
|
||||
__SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
socklen_t *__restrict __len : itype(_Ptr<socklen_t> __restrict)
|
||||
) __THROW;
|
||||
|
||||
|
@ -74,14 +71,14 @@ extern ssize_t sendto (
|
|||
const void *__buf : itype(_Array_ptr<const void>) byte_count(__n),
|
||||
size_t __n,
|
||||
int __flags,
|
||||
__CONST_SOCKADDR_ARG __addr : itype(_Ptr<const struct sockaddr>),
|
||||
const struct sockaddr *__addr : itype(_Ptr<const struct sockaddr>),
|
||||
socklen_t __addr_len);
|
||||
|
||||
extern ssize_t recvfrom (
|
||||
int __fd,
|
||||
void *__restrict __buf : itype(_Array_ptr<void> __restrict) byte_count(__n),
|
||||
size_t __n, int __flags,
|
||||
__SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
socklen_t *__restrict __addr_len : itype(_Ptr<socklen_t> __restrict));
|
||||
|
||||
extern ssize_t sendmsg (
|
||||
|
@ -124,13 +121,13 @@ extern int setsockopt (
|
|||
|
||||
extern int accept (
|
||||
int __fd,
|
||||
__SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
socklen_t *__restrict __addr_len : itype(_Ptr<socklen_t> __restrict));
|
||||
|
||||
#ifdef __USE_GNU
|
||||
extern int accept4 (
|
||||
int __fd,
|
||||
__SOCKADDR_ARG __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
struct sockaddr *__restrict __addr : itype(_Ptr<struct sockaddr> __restrict),
|
||||
socklen_t *__restrict __addr_len : itype(_Ptr<socklen_t> __restrict),
|
||||
int __flags);
|
||||
#endif
|
||||
|
@ -140,5 +137,6 @@ extern int accept4 (
|
|||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#endif // has socket.h
|
||||
#endif // defined __has_include_next
|
||||
#else // doesn't have sys/socket.h
|
||||
#error "cannot include 'sys/socket_checked.h' because this system does not have the original 'sys/socket.h'"
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have sys/stat.h
|
||||
#if defined __has_include_next && __has_include_next(<sys/stat.h>)
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/stat.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/stat_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have sys/stat.h
|
||||
#error "cannot include 'sys/stat.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,36 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in sys/stat.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/stat.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __STAT_CHECKED_H
|
||||
#define __STAT_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
extern int mkdir(const char *pathname : itype(_Nt_array_ptr<const char>), mode_t mode);
|
||||
extern int chmod(const char *pathname : itype(_Nt_array_ptr<const char>), mode_t mode);
|
||||
extern int fstat(int fd, struct stat *buf : itype(_Ptr<struct stat>));
|
||||
extern int lstat(const char *restrict file : itype(restrict _Nt_array_ptr<const char>),
|
||||
struct stat *restrict buf : itype(restrict _Ptr<struct stat>));
|
||||
extern int stat(const char *restrict file : itype(restrict _Nt_array_ptr<const char>),
|
||||
struct stat *restrict buf : itype(restrict _Ptr<struct stat>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,23 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/time.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/time_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,65 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in sys/time.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/time.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __SYS_TIME_CHECKED_H
|
||||
#define __SYS_TIME_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
#ifdef __USE_MISC
|
||||
|
||||
// The original system header has defined `struct timezone`, so we
|
||||
// should accommodate callers that pass a non-null `struct timezone *`
|
||||
// to gettimeofday. The man page shows the second parameter as `struct
|
||||
// timezone *tz`, but glibc has it as `void *`, and our redeclaration
|
||||
// must be consistent with that.
|
||||
//
|
||||
// ~ Matt 2022-01-05
|
||||
int gettimeofday(struct timeval * tv : itype(_Ptr<struct timeval>), void *tz : itype(_Array_ptr<void>) byte_count(sizeof(struct timezone)));
|
||||
|
||||
int settimeofday(const struct timeval *tv : itype(_Ptr<const struct timeval>), const struct timezone *tz : itype(_Ptr<const struct timezone>));
|
||||
|
||||
#else
|
||||
|
||||
// `struct timezone` has not been defined, so we mustn't reference it
|
||||
// from the Checked C annotations. Currently, it looks like if we
|
||||
// leave the parameter type as an unchecked pointer (which requires us
|
||||
// to declare the function as _Unchecked here), gettimeofday can still
|
||||
// be called from a checked scope with a literal null pointer as the
|
||||
// argument, though there's a risk of the compiler behavior changing
|
||||
// and breaking this in the future.
|
||||
//
|
||||
// Another reasonable approach would be to declare the parameter
|
||||
// `bounds(any)` as described in the specification, but the Checked C
|
||||
// compiler doesn't seem to be able to parse that. (TODO: File an
|
||||
// issue?) The other obvious approaches (`_Array_ptr<void> :
|
||||
// bounds(unknown)`, `_Ptr<void>`) would allow pointers with
|
||||
// insufficient bounds to be passed.
|
||||
|
||||
_Unchecked
|
||||
int gettimeofday(struct timeval * tv : itype(_Ptr<struct timeval>), void *tz);
|
||||
|
||||
// glibc doesn't declare settimeofday in this case.
|
||||
|
||||
#endif
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,23 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/wait.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <sys/wait_checked.h>
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in sys/wait.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <sys/wait.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __WAIT_CHECKED_H
|
||||
#define __WAIT_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
pid_t wait(int *wstatus : itype(_Ptr<int>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// The Windows environment may not have syslog.h
|
||||
#if defined __has_include_next && __has_include_next(<syslog.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <syslog.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <syslog_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have syslog.h
|
||||
#error "cannot include 'syslog.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,68 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in syslog.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have syslog.h
|
||||
#if defined __has_include_next && __has_include_next(<syslog.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <syslog.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __SYSLOG_CHECKED_H
|
||||
#define __SYSLOG_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
void closelog(void);
|
||||
void openlog (const char *ident : itype(_Nt_array_ptr<const char>), int option, int facility);
|
||||
|
||||
// TODO: Is this conditional right? There are two considerations:
|
||||
//
|
||||
// 1. Precedent in the Checked C system headers. I don't see any cases of
|
||||
// __foo_chk without __builtin___foo_chk, but this is my best guess of what
|
||||
// would be considered consistent.
|
||||
// 2. What's actually needed on the OSes we try to support (Linux, Windows, Mac
|
||||
// OS), though we might go with a solution that is more complex than
|
||||
// necessary if it's consistent with precedent.
|
||||
#if _FORTIFY_SOURCE == 0 || !defined(syslog)
|
||||
#undef syslog
|
||||
_Unchecked
|
||||
void syslog(int priority, const char * format : itype(_Nt_array_ptr<const char>), ...);
|
||||
#else
|
||||
_Unchecked
|
||||
void __syslog_chk(int priority, int flag, const char * format : itype(_Nt_array_ptr<const char>), ...);
|
||||
#endif
|
||||
|
||||
// TODO: Can we assume that va_list has been included via the `#include_next
|
||||
// <syslog.h>`, analogous to the situation in stdio_checked.h?
|
||||
//
|
||||
// TODO: The same questions about the conditional as for `syslog`.
|
||||
#if _FORTIFY_SOURCE == 0 || !defined(vsyslog)
|
||||
#undef vsyslog
|
||||
_Unchecked
|
||||
void vsyslog(int priority, const char * format : itype(_Nt_array_ptr<const char>), va_list ap);
|
||||
#else
|
||||
_Unchecked
|
||||
void __vsyslog_chk(int priority, int flag, const char * format : itype(_Nt_array_ptr<const char>), va_list ap);
|
||||
#endif
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#else // doesn't have syslog.h
|
||||
#error "cannot include 'syslog_checked.h' because this system does not have the original 'syslog.h'"
|
||||
#endif
|
|
@ -5,12 +5,11 @@
|
|||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
// C implementations may not support the C11 threads package or even the
|
||||
// macro that says C11 threads are not supported.
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<threads.h>)
|
||||
#if defined __has_include_next && __has_include_next(<threads.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -23,9 +22,10 @@
|
|||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#endif // has threads.h
|
||||
#endif // defined __has_include_next
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <threads_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have threads.h
|
||||
#error "cannot include 'threads.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
||||
|
|
|
@ -23,8 +23,7 @@ typedef void (tss_dtor_t)(void *);
|
|||
struct timespec;
|
||||
#else
|
||||
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<threads.h>)
|
||||
#if defined __has_include_next && __has_include_next(<threads.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -37,8 +36,9 @@ struct timespec;
|
|||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#endif // has threads.h
|
||||
#endif // defined __has_include_next
|
||||
#else // doesn't have threads.h
|
||||
#error "cannot include 'threads_checked.h' because this system does not have the original 'threads.h'"
|
||||
#endif // threads.h
|
||||
#endif // _CHECKEDC_MOCKUP_THREADS
|
||||
|
||||
|
||||
|
@ -57,7 +57,7 @@ void call_once(once_flag *flag : itype(_Ptr<once_flag>),
|
|||
|
||||
int cnd_broadcast(cnd_t *condition : itype(_Ptr<cnd_t>));
|
||||
void cnd_destroy(cnd_t *condition : itype(_Ptr<cnd_t>));
|
||||
void cnd_init(cnd_t *condition : itype(_Ptr<cnd_t>));
|
||||
int cnd_init(cnd_t *condition : itype(_Ptr<cnd_t>));
|
||||
int cnd_signal(cnd_t *condition : itype(_Ptr<cnd_t>));
|
||||
int cnd_timedwait(cnd_t *restrict cond : itype(restrict _Ptr<cnd_t>),
|
||||
mtx_t *restrict mutex: itype(restrict _Ptr<mtx_t>),
|
||||
|
|
|
@ -41,12 +41,14 @@ struct tm *gmtime(const time_t *timer : itype(_Ptr<const time_t>)) :
|
|||
struct tm *localtime(const time_t *timer : itype(_Ptr<const time_t>)) :
|
||||
itype(_Ptr<struct tm>);
|
||||
|
||||
size_t strftime(char * restrict output : count(maxsize),
|
||||
size_t maxsize,
|
||||
size_t strftime(char * restrict output : itype(restrict _Nt_array_ptr<char>) count(maxsize-1),
|
||||
size_t maxsize _Where maxsize > 0,
|
||||
const char * restrict format : itype(restrict _Nt_array_ptr<const char>),
|
||||
const struct tm * restrict timeptr :
|
||||
itype(restrict _Ptr<const struct tm>));
|
||||
|
||||
int nanosleep(const struct timespec *req : itype(_Ptr<const struct timespec>), struct timespec *rem : itype(_Ptr<struct timespec>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
|
|
|
@ -5,13 +5,12 @@
|
|||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
// Uses clang-specific __has_include macro to detect unistd.h
|
||||
// which is required by Posix Standard.
|
||||
// The Windows environment also may not have unistd.h
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<unistd.h>)
|
||||
#if defined __has_include_next && __has_include_next(<unistd.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -24,9 +23,10 @@
|
|||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#endif // has unistd.h
|
||||
#endif // defined __has_include_next
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <unistd_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have unistd.h
|
||||
#error "cannot include 'unistd.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
||||
|
|
|
@ -9,8 +9,7 @@
|
|||
// Uses clang-specific __has_include macro to detect unistd.h
|
||||
// which is required by Posix Standard.
|
||||
// The Windows environment also may not have unistd.h
|
||||
#if defined __has_include_next
|
||||
#if __has_include_next(<unistd.h>)
|
||||
#if defined __has_include_next && __has_include_next(<unistd.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
|
@ -32,8 +31,22 @@
|
|||
|
||||
#if _POSIX_VERSION >= 200112L
|
||||
|
||||
char *getpass(const char *prompt : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
|
||||
char *crypt(const char *phrase : itype(_Nt_array_ptr<const char>), const char *setting : itype(_Nt_array_ptr<const char>)) : itype(_Nt_array_ptr<char>);
|
||||
|
||||
extern char ** environ : itype(_Nt_array_ptr<_Nt_array_ptr<char>>);
|
||||
|
||||
extern char *getcwd(char *buf : itype(_Nt_array_ptr<char>) count(size-1),
|
||||
size_t size _Where size > 0) : itype(_Nt_array_ptr<char>);
|
||||
extern int rmdir(const char *pathname : itype(_Nt_array_ptr<const char>));
|
||||
extern int chdir(const char *p_dirname : itype(_Nt_array_ptr<const char>));
|
||||
// Caution: Does not null-terminate `buf`.
|
||||
extern ssize_t readlink (const char *restrict path : itype(restrict _Nt_array_ptr<const char>),
|
||||
char *restrict buf : count(len), size_t len);
|
||||
extern int chroot(const char *dirname : itype(_Nt_array_ptr<const char>));
|
||||
int unlink(const char *pathname : itype(_Nt_array_ptr<const char>));
|
||||
int mkstemp(char *template : itype(_Nt_array_ptr<char>));
|
||||
|
||||
#ifdef __APPLE__
|
||||
|
||||
extern int access (const char *__name : itype(_Nt_array_ptr<const char>), int __type);
|
||||
|
@ -47,6 +60,16 @@ extern ssize_t read (int __fd, void *__buf : byte_count(__nbytes), size_t __nbyt
|
|||
extern ssize_t write (int __fd, const void *__buf : byte_count(__n), size_t __n) __wur;
|
||||
|
||||
#endif
|
||||
|
||||
extern int execve(const char *pathname : itype(_Nt_array_ptr<const char>),
|
||||
char * const *argv : itype(_Nt_array_ptr<const _Nt_array_ptr<char>>),
|
||||
char * const *envp : itype(_Nt_array_ptr<const _Nt_array_ptr<char>>));
|
||||
|
||||
// Caution: Does not null-terminate `name` on overflow.
|
||||
int gethostname(char *name : count(len), size_t len);
|
||||
|
||||
extern char *getusershell(void) : itype(_Nt_array_ptr<char>);
|
||||
|
||||
#endif
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
@ -54,5 +77,6 @@ extern ssize_t write (int __fd, const void *__buf : byte_count(__n), size_t __n)
|
|||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#endif // has unistd.h
|
||||
#endif // defined __has_include_next
|
||||
#else // doesn't have unistd.h
|
||||
#error "cannot include 'unistd_checked.h' because this system does not have the original 'unistd.h'"
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Wrapper header file that excludes Checked-C-specific declarations //
|
||||
// if the compilation is not for Checked C, or if is for Checked C //
|
||||
// but the implicit inclusion of checked header files is disabled. //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
// The Windows environment may not have utime.h
|
||||
#if defined __has_include_next && __has_include_next(<utime.h>)
|
||||
|
||||
#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <utime.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#else // checkedc && implicit include enabled
|
||||
#include <utime_checked.h>
|
||||
#endif
|
||||
|
||||
#else // doesn't have utime.h
|
||||
#error "cannot include 'utime.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
|
||||
#endif
|
|
@ -0,0 +1,38 @@
|
|||
//---------------------------------------------------------------------//
|
||||
// Bounds-safe interfaces for functions in utime.h that //
|
||||
// take pointer arguments. //
|
||||
// //
|
||||
/////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The Windows environment may not have utime.h
|
||||
#if defined __has_include_next && __has_include_next(<utime.h>)
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE off
|
||||
#endif
|
||||
|
||||
#include_next <utime.h>
|
||||
|
||||
#ifdef __checkedc
|
||||
#pragma CHECKED_SCOPE pop
|
||||
#endif
|
||||
|
||||
#ifdef __checkedc
|
||||
#ifndef __UTIME_CHECKED_H
|
||||
#define __UTIME_CHECKED_H
|
||||
|
||||
#pragma CHECKED_SCOPE push
|
||||
#pragma CHECKED_SCOPE on
|
||||
|
||||
extern int utime (const char *file : itype(_Nt_array_ptr<const char>),
|
||||
const struct utimbuf *file_times : itype(_Ptr<const struct utimbuf>));
|
||||
|
||||
#pragma CHECKED_SCOPE pop
|
||||
|
||||
#endif // guard
|
||||
#endif // Checked C
|
||||
|
||||
#else // doesn't have utime.h
|
||||
#error "cannot include 'utime_checked.h' because this system does not have the original 'utime.h'"
|
||||
#endif
|
|
@ -92,29 +92,22 @@
|
|||
// CHECK_DISABLED: string_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#define _CHECKEDC_MOCKUP_THREADS 1
|
||||
#include <threads_checked.h>
|
||||
// CHECK_ENABLED: threads_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: threads_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <time_checked.h>
|
||||
// CHECK_ENABLED: time_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: time_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
// Headers that are not in the C standard but are still present on Windows
|
||||
|
||||
#include <fcntl_checked.h>
|
||||
// CHECK_ENABLED: fcntl_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: fcntl_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <checkedc_extensions.h>
|
||||
// CHECK_ENABLED: checkedc_extensions.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: checkedc_extensions.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
|
||||
|
||||
// Posix Headers
|
||||
// These header files may or may not be present in all environments.
|
||||
#include <unistd_checked.h>
|
||||
#include <sys/socket_checked.h>
|
||||
#include <arpa/inet_checked.h>
|
||||
|
|
|
@ -20,6 +20,12 @@
|
|||
#pragma CHECKED_SCOPE on
|
||||
#endif
|
||||
|
||||
// C11 headers, supported on Linux but not Windows
|
||||
#include <threads_checked.h>
|
||||
// CHECK_ENABLED: threads_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: threads_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
// Posix Headers
|
||||
// These header files are not present in the Windows compilation environment.
|
||||
|
@ -35,8 +41,51 @@
|
|||
// CHECK_DISABLED: socket_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <sys/stat_checked.h>
|
||||
// CHECK_ENABLED: stat_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: stat_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <arpa/inet_checked.h>
|
||||
// CHECK_ENABLED: inet_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: inet_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <grp_checked.h>
|
||||
// CHECK_ENABLED: grp_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: grp_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <netdb_checked.h>
|
||||
// CHECK_ENABLED: netdb_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: netdb_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <poll_checked.h>
|
||||
// CHECK_ENABLED: poll_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: poll_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <pwd_checked.h>
|
||||
// CHECK_ENABLED: pwd_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: pwd_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <syslog_checked.h>
|
||||
// CHECK_ENABLED: syslog_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: syslog_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <utime_checked.h>
|
||||
// CHECK_ENABLED: utime_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED: utime_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
|
|
|
@ -91,23 +91,16 @@
|
|||
// CHECK_DISABLED-NOT: string_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#define _CHECKEDC_MOCKUP_THREADS 1
|
||||
#include <threads.h>
|
||||
// CHECK_ENABLED: threads_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: threads_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <time.h>
|
||||
// CHECK_ENABLED: time_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: time_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
// Headers that are not in the C standard but are still present on Windows
|
||||
|
||||
|
||||
// Posix Headers
|
||||
// These header files may or may not be present in all environments.
|
||||
#include <unistd.h>
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <fcntl.h>
|
||||
// CHECK_ENABLED: fcntl_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: fcntl_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
|
|
@ -14,6 +14,13 @@
|
|||
// Checked headers are disabled because implicit inclusion is disabled.
|
||||
// RUN: %clang -DNO_IMPLICIT_INCLUDE_CHECKED_HDRS -E %s | FileCheck %s --check-prefix CHECK_DISABLED
|
||||
|
||||
// C11 headers supported on Linux, but not on Windows
|
||||
#define _CHECKEDC_MOCKUP_THREADS 1
|
||||
#include <threads.h>
|
||||
// CHECK_ENABLED: threads_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: threads_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
// Posix Headers
|
||||
// These header files are not present in the Windows compilation environment.
|
||||
|
@ -29,8 +36,50 @@
|
|||
// CHECK_DISABLED-NOT: socket_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <sys/stat.h>
|
||||
// CHECK_ENABLED: stat_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: stat_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <arpa/inet.h>
|
||||
// CHECK_ENABLED: inet_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: inet_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <grp.h>
|
||||
// CHECK_ENABLED: grp_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: grp_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <netdb.h>
|
||||
// CHECK_ENABLED: netdb_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: netdb_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <poll.h>
|
||||
// CHECK_ENABLED: poll_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: poll_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <pwd.h>
|
||||
// CHECK_ENABLED: pwd_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: pwd_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <syslog.h>
|
||||
// CHECK_ENABLED: syslog_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: syslog_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <utime.h>
|
||||
// CHECK_ENABLED: utime_checked.h
|
||||
// CHECK_ENABLED: #pragma CHECKED_SCOPE on
|
||||
// CHECK_DISABLED-NOT: utime_checked.h
|
||||
// CHECK_DISABLED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
|
|
@ -56,22 +56,16 @@
|
|||
// CHECK_MIXED: string_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
#define _CHECKEDC_MOCKUP_THREADS 1
|
||||
#include <threads.h>
|
||||
// CHECK_MIXED-NOT: threads_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <time_checked.h>
|
||||
// CHECK_MIXED: time_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
// Headers that are not in the C standard but are still present on Windows
|
||||
|
||||
#include <fcntl.h>
|
||||
// CHECK_MIXED-NOT: fcntl_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <checkedc_extensions.h>
|
||||
// CHECK_MIXED: checkedc_extensions.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
|
||||
// Posix Headers
|
||||
// These header files may or may not be present in all environments.
|
||||
#include <unistd_checked.h>
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet_checked.h>
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
// foo_checked.h is included for a system header file foo.h.
|
||||
// RUN: %clang -DNO_IMPLICIT_INCLUDE_CHECKED_HDRS -E %s | FileCheck %s --check-prefix CHECK_MIXED
|
||||
|
||||
// C11 headers, supported on Linux but not Windows
|
||||
#include <threads.h>
|
||||
// CHECK_MIXED-NOT: threads_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
// Posix Headers
|
||||
// These header files are not present in the Windows compilation environment.
|
||||
|
@ -28,6 +32,34 @@
|
|||
// CHECK_MIXED-NOT: socket_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <sys/stat_checked.h>
|
||||
// CHECK_MIXED: stat_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <arpa/inet_checked.h>
|
||||
// CHECK_MIXED: inet_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <grp.h>
|
||||
// CHECK_MIXED-NOT: grp_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <netdb_checked.h>
|
||||
// CHECK_MIXED: netdb_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <poll.h>
|
||||
// CHECK_MIXED-NOT: poll_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <pwd_checked.h>
|
||||
// CHECK_MIXED: pwd_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <syslog.h>
|
||||
// CHECK_MIXED-NOT: syslog_checked.h
|
||||
// CHECK_MIXED-NOT: #pragma CHECKED_SCOPE on
|
||||
|
||||
#include <utime_checked.h>
|
||||
// CHECK_MIXED: utime_checked.h
|
||||
// CHECK_MIXED: #pragma CHECKED_SCOPE on
|
||||
|
|
Загрузка…
Ссылка в новой задаче