Apple has made some changes to the header files for malloc and
related functions to use variables with the name ptr. This conflicts
with the macro in stdcheckedc.h defining ptr as _Ptr. Remove the
uses of stdcheckedc.h in files that fail on MacOS.
Microsoft transferred ownership of the Checked C repo to the Checked C GitHub organization this week. Merge our fork of Checked C back into the original Checked C repo.
To support the repo transfer, we moved our fork to https://github.com/checkedc/checkedc-fork. This brings in all the changes in from that repo.
The Checked C specification does not match the compiler implementation. This is the first part of bringing the specification into alignment with the compiler implementation. It addresses
- Move planned features to a new section in the specification.
- Remove speculative features from the specification.
- Move the description of static checking of bounds declarations to the end of the specification.
It also moves the related work section and the reject design to appendices. They don't need to be in the specification and typically would be considered auxiliary material for any programming languages standard document.
This change updates the Checked C tests so that they run properly on Apple ARM64 hardware running a recent version of MacOS. The changes consist of:
- Using SIGTRAP signal handlers catch runtime checking failures instead of SIGILL.
- Only run Linux-specific header file tests on Linux.
- Add a bounds-safe interface specific to MacOS so that errno work properly in a checked scope.
Testing:
check-checkedc passes on Windows x86 and MacOS 13.4.1
The Checked C compiler now supports an alternate syntax and macros for backward compatibility. The technical details of the syntax and macros are documented at https://github.com/secure-sw-dev/checkedc/wiki/Proposed-extension-changes-to-improve-backward-compatibility.
This change modifies some of the tests in existing files to use the new syntax. It only modifies a small fraction of the tests because of the syntactic nature of the changes. This avoids duplicating test files, making it easier to modify tests later.
This includes header files changes that Correct Computation made in porting existing C code to Checked C using their 3C tool. The 3C repo is at https://github.com/correctcomputation/checkedc. This includes a few changes to header files to fix tests that fail on Windows.
I'm doing a squash merge so that we include history from several years of changes by 3C to header files as they ported code.
Testing:
- Built for x64 for Windows and Linux.
- Passes Checked C and clang testing for x64 for Windows and Linux.
* Use a temporary variable and an additional dynamic bounds cast to establish the bounds of s1->f so they don't depend on s1->len before assigning to s1->len
* Move declarations of temporary variables
* Use dynamic bounds casts to set the observed bounds of s1->f to count(0) instead of using a temporary variable
* Use count(1) and count(2) for the observed bounds of s1->f when s1->len is set to 1 and 2 respectively
* Test cases for bundled block support.
* Added more tests and comments and also fixed some formatting.
* Removed an unused parameter.
* Modified the error messages to account for the recent fixes on master.
* Updated the spec to clarify the approach to bounds checking for
assignment expressions and function calls that mix checked and
unchecked pointer types.
* Incorporated review comments.
* Incorporated review comments - improved clarity.
* Fixed a typo.
https://github.com/microsoft/checkedc-clang/pull/1174 added support to call
variadic functions like printf/scanf, etc within checked scope. As a result,
tests that check for errors if such functions are invoked in checked scope
started failing. We fix one such test in this PR.
* Add expected return value bounds unknown errors that were previously marked with TODOs (6 total added expected errors)
* Add expected return value bounds unknown errors that were not previously marked by TODOs (2 total added expected errors)
* Add 5 expected errors resulting from free variables in return bounds
* Remove expected return bounds error from r31f function with a bounds-safe interface in unchecked scope
* Add tests for the types of address-of dereference and array subscript expressions
* Remove expected error for _Nt_array_ptr<int> = _Nt_array_ptr<int> assignment in bounds_decl_checking.c
* Add more tests for typechecking address-of operators
- Remove some _Unchecked that were there for no apparent reason.
- Add some `restrict` qualifiers to match POSIX. These should be
checked later for the rest of the functions we added.
David Tarditi
arun
David Tarditi
Arunkumar Bhattar
David Tarditi
David Tarditi
microsoft-github-policy-service[bot]
Matt McCutchen (Correct Computation)
John Kastner
Sulekha Kulkarni
Katherine Kjeer
Mandeep Singh Grang
Jie Zhou