Fix typos and spacing in spec and samples. (#406)

samples/string-helpers.c

@@ -136,7 +136,7 @@ checked int my_strlen(nt_array_ptr<char> p) {
 }
 
 // Delete all c from p (adapted from p. 47, K&R 2nd Edition)
-// p implicltly has count(0).
+// p implicitly has count(0).
 checked void squeeze(nt_array_ptr<char> p, char c) {
   int i = 0, j = 0;
   // Create a temporary whose count of elements can

spec/bounds_safety/core-extensions.tex

@@ -1036,7 +1036,7 @@ pointer arithmetic.
 
 To support this expansion, integer arithmetic operators are extended
 with the operators \plusovf, \minusovf, and \mulovf. The
-operators interpet pointers as unsigned integers in some range 0 to
+operators interpret pointers as unsigned integers in some range 0 to
 \code{UINTPTR_MAX}. An operator produces a runtime error if the value
 of its result cannot be represented by the result type:
 
@@ -1044,7 +1044,7 @@ of its result cannot be represented by the result type:
 \item
   \plusovf\ takes an unsigned integer \var{i} and an
   integer \var{j} and produces an unsigned integer in the range 0 to
-  \code{UINTPTR_MAX}. Its result is the mathemetical value \var{i} + \var{j}.
+  \code{UINTPTR_MAX}. Its result is the mathematical value \var{i} + \var{j}.
 \item
   For subtraction, there are two forms:
 
@@ -1057,7 +1057,7 @@ of its result cannot be represented by the result type:
   \item
     \lstinline|-|\textsubscript{ovf\_diff } takes two unsigned integers \var{i}
     and \var{j} and computes \var{i} - \var{j}, producing a signed integer of type
-    \code{ptrdiff_t}. Its result is the mathemetical value \var{i} - \var{j}.
+    \code{ptrdiff_t}. Its result is the mathematical value \var{i} - \var{j}.
   \end{itemize}
 \item
   \mulovf\ takes two integers \var{i} and \var{j} (both either
@@ -1281,7 +1281,7 @@ example of a function prone to misuse is
 \lstinline+strcpy(char *dst, const char *src)+.
 It copies all bytes in \lstinline+src+ to \lstinline+dst+ until
 it hits a null byte. If \lstinline+src+ is missing the null byte or
-\lstinline+dst+ is too small, this causes a buffer overrunn. The new
+\lstinline+dst+ is too small, this causes a buffer overrun. The new
 function \lstinline+strcpy_s+ takes an additional size parameter for
 \lstinline+dst+ and has the signature
 \lstinline+errno_t strcpy_s(char *dst, size_t dest_len, const char *src)+.
@@ -1493,7 +1493,7 @@ signed integer overflow:
 \begin{itemize}
 \item
   Unchecked pointers shall be treated as addresses of locations in memory,
-  just as checked pointers are treated as addressses. The addresses shall
+  just as checked pointers are treated as addresses. The addresses shall
   be unsigned integers with a defined range of 0 to
   \code{UINTPTR_MAX}:
 

spec/bounds_safety/introduction.tex

@@ -236,7 +236,7 @@ declarations that used signed integers.
 We revised the design to
 address these issues.  In particular, we paid close attention to
 tracking bounds through pointer casts.  We also made sure that the
-contraints on signed integer expressions used in bounds expressions
+constraints on signed integer expressions used in bounds expressions
 were understood and could be written down in the language of
 simple invariants.
 

spec/bounds_safety/variable-bounds.tex

@@ -573,7 +573,7 @@ must be the identifier \code{any} or the identifier \code{unknown}.
 The semantics of C expressions is subtle.  The expression
 \lstinline|*|\var{e1} does not dereference memory.  It
 produces an lvalue that can be used to access memory. If the expression
-occurs on the left-hand side of an assigment, the memory pointed to
+occurs on the left-hand side of an assignment, the memory pointed to
 by the lvalue is updated with the value of the right-hand side of
 the assignment.
 For example, given \lstinline|*|\var{e1} \lstinline|=| \var{e2},