FélixMay 25, 2023
[clang frontend] RFC: Enforcing Bounds Safety in C https://discourse.llvm.org/t/rfc-enforcing-bounds-safety-in-c-fbounds-safety/70854
RFC: Enforcing Bounds Safety in C (-fbounds-safety)

Summary We propose -fbounds-safety, a C extension to enforce bounds safety to prevent out-of-bounds (OOB) memory accesses, which remain a major source of security vulnerabilities in C. -fbounds-safety aims to eliminate this class of bugs by turning OOB accesses into deterministic traps. The -fbounds-safety extension offers bounds annotations that programmers can use to attach bounds to pointers. For example, programmers can add the __counted_by(N) annotation to parameter ptr, indicating that t...

LLVM Discussion Forums
Show threadDaniel GibsonMay 25, 2023

@fay59 @regehr

Is that also supposed to support C99 VLA-style function parameters (void fun(size_t n, float arr[n]) without further annotations? Would be useful, I guess?

Show threadFélixMay 25, 2023
@Doomed_Daniel @regehr it does interpret this syntax as a pointer with the counted_by annotation!
Show threadDaniel GibsonMay 25, 2023
@fay59 @regehr
Wasn't clear to me, but I only skimmed the post (and searched for "VLA"), maybe I missed it - either way, I'm glad to hear that it's supported!
Show threadBjörkus "No time_t to Die" DorkusMay 25, 2023

@Doomed_Daniel @fay59 @regehr This will be extremely useful for future standardization because I have a slew of proposals I need to write to support sized annotations for parameters using static and friends with void* pointers, so we can get byte-level safety that can be automated by -fbounds-safety :

void* memcpy( void restrict dest[static count], const void restrict src[static count], size_t count );

and similar crimes.

Show threadDaniel Gibson

@thephd @fay59 @regehr

this sound pretty neat :)

thanks for making C better!

May 25, 2023 at 2:56pmWeb