microsoft
/
checkedc
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix typos and spacing in spec and samples. (#406)

This commit is contained in:
Yahui Sun 2020-06-30 14:46:22 -05:00 коммит произвёл GitHub
Родитель 9df9af5a5f
Коммит caff1bb5ad
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
4 изменённых файлов: 205 добавлений и 205 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
samples/string-helpers.c
Просмотреть файл

@ -136,7 +136,7 @@ checked int my_strlen(nt_array_ptr<char> p) {
} }
// Delete all c from p (adapted from p. 47, K&R 2nd Edition) // Delete all c from p (adapted from p. 47, K&R 2nd Edition)
// p implicltly has count(0). // p implicitly has count(0).
checked void squeeze(nt_array_ptr<char> p, char c) { checked void squeeze(nt_array_ptr<char> p, char c) {
int i = 0, j = 0; int i = 0, j = 0;
// Create a temporary whose count of elements can // Create a temporary whose count of elements can

14
spec/bounds_safety/core-extensions.tex
Просмотреть файл

@ -635,7 +635,7 @@ referred to as K\&R-style function declarations because this is the only way
functions were declared in the first edition of the C Programming Language book functions were declared in the first edition of the C Programming Language book
by Brian Kernigan and Dennis Ritchie. The second edition incorporated changes from the by Brian Kernigan and Dennis Ritchie. The second edition incorporated changes from the
C ANSI Standard and introduced function prototypes.}, where the types C ANSI Standard and introduced function prototypes.}, where the types
of the arguments to functions are not specified . These of the arguments to functions are not specified. These
functions are dangerous to use because there can be mismatches functions are dangerous to use because there can be mismatches
between argument types and parameter types at function between argument types and parameter types at function
calls. This can corrupt data or the call stack. In checked scopes, calls. This can corrupt data or the call stack. In checked scopes,
@ -656,7 +656,7 @@ It consists of a parenthesized type name followed by list of initializers in bra
A compound literal has static storage if it is at the top level of a file and automatic A compound literal has static storage if it is at the top level of a file and automatic
storage if it occurs within a block. Here are examples of compound literals: storage if it occurs within a block. Here are examples of compound literals:
\begin{lstlisting} \begin{lstlisting}
int *arr = (int []) { 0, 1, 2}; int *arr = (int []) { 0, 1, 2 };
struct Point { struct Point {
int x; int x;
int y; int y;
@ -1036,7 +1036,7 @@ pointer arithmetic.
To support this expansion, integer arithmetic operators are extended To support this expansion, integer arithmetic operators are extended
with the operators \plusovf, \minusovf, and \mulovf. The with the operators \plusovf, \minusovf, and \mulovf. The
operators interpet pointers as unsigned integers in some range 0 to operators interpret pointers as unsigned integers in some range 0 to
\code{UINTPTR_MAX}. An operator produces a runtime error if the value \code{UINTPTR_MAX}. An operator produces a runtime error if the value
of its result cannot be represented by the result type: of its result cannot be represented by the result type:
@ -1044,7 +1044,7 @@ of its result cannot be represented by the result type:
\item \item
\plusovf\ takes an unsigned integer \var{i} and an \plusovf\ takes an unsigned integer \var{i} and an
integer \var{j} and produces an unsigned integer in the range 0 to integer \var{j} and produces an unsigned integer in the range 0 to
\code{UINTPTR_MAX}. Its result is the mathemetical value \var{i} + \var{j}. \code{UINTPTR_MAX}. Its result is the mathematical value \var{i} + \var{j}.
\item \item
For subtraction, there are two forms: For subtraction, there are two forms:
@ -1057,7 +1057,7 @@ of its result cannot be represented by the result type:
\item \item
\lstinline|-|\textsubscript{ovf\_diff } takes two unsigned integers \var{i} \lstinline|-|\textsubscript{ovf\_diff } takes two unsigned integers \var{i}
and \var{j} and computes \var{i} - \var{j}, producing a signed integer of type and \var{j} and computes \var{i} - \var{j}, producing a signed integer of type
\code{ptrdiff_t}. Its result is the mathemetical value \var{i} - \var{j}. \code{ptrdiff_t}. Its result is the mathematical value \var{i} - \var{j}.
\end{itemize} \end{itemize}
\item \item
\mulovf\ takes two integers \var{i} and \var{j} (both either \mulovf\ takes two integers \var{i} and \var{j} (both either
@ -1281,7 +1281,7 @@ example of a function prone to misuse is
\lstinline+strcpy(char *dst, const char *src)+. \lstinline+strcpy(char *dst, const char *src)+.
It copies all bytes in \lstinline+src+ to \lstinline+dst+ until It copies all bytes in \lstinline+src+ to \lstinline+dst+ until
it hits a null byte. If \lstinline+src+ is missing the null byte or it hits a null byte. If \lstinline+src+ is missing the null byte or
\lstinline+dst+ is too small, this causes a buffer overrunn. The new \lstinline+dst+ is too small, this causes a buffer overrun. The new
function \lstinline+strcpy_s+ takes an additional size parameter for function \lstinline+strcpy_s+ takes an additional size parameter for
\lstinline+dst+ and has the signature \lstinline+dst+ and has the signature
\lstinline+errno_t strcpy_s(char *dst, size_t dest_len, const char *src)+. \lstinline+errno_t strcpy_s(char *dst, size_t dest_len, const char *src)+.
@ -1493,7 +1493,7 @@ signed integer overflow:
\begin{itemize} \begin{itemize}
\item \item
Unchecked pointers shall be treated as addresses of locations in memory, Unchecked pointers shall be treated as addresses of locations in memory,
just as checked pointers are treated as addressses. The addresses shall just as checked pointers are treated as addresses. The addresses shall
be unsigned integers with a defined range of 0 to be unsigned integers with a defined range of 0 to
\code{UINTPTR_MAX}: \code{UINTPTR_MAX}:

2
spec/bounds_safety/introduction.tex
Просмотреть файл

@ -236,7 +236,7 @@ declarations that used signed integers.
We revised the design to We revised the design to
address these issues. In particular, we paid close attention to address these issues. In particular, we paid close attention to
tracking bounds through pointer casts. We also made sure that the tracking bounds through pointer casts. We also made sure that the
contraints on signed integer expressions used in bounds expressions constraints on signed integer expressions used in bounds expressions
were understood and could be written down in the language of were understood and could be written down in the language of
simple invariants. simple invariants.

2
spec/bounds_safety/variable-bounds.tex
Просмотреть файл

@ -573,7 +573,7 @@ must be the identifier \code{any} or the identifier \code{unknown}.
The semantics of C expressions is subtle. The expression The semantics of C expressions is subtle. The expression
\lstinline|*|\var{e1} does not dereference memory. It \lstinline|*|\var{e1} does not dereference memory. It
produces an lvalue that can be used to access memory. If the expression produces an lvalue that can be used to access memory. If the expression
occurs on the left-hand side of an assigment, the memory pointed to occurs on the left-hand side of an assignment, the memory pointed to
by the lvalue is updated with the value of the right-hand side of by the lvalue is updated with the value of the right-hand side of
the assignment. the assignment.
For example, given \lstinline|*|\var{e1} \lstinline|=| \var{e2}, For example, given \lstinline|*|\var{e1} \lstinline|=| \var{e2},