FélixMay 25, 2023
[clang frontend] RFC: Enforcing Bounds Safety in C https://discourse.llvm.org/t/rfc-enforcing-bounds-safety-in-c-fbounds-safety/70854
RFC: Enforcing Bounds Safety in C (-fbounds-safety)

Summary We propose -fbounds-safety, a C extension to enforce bounds safety to prevent out-of-bounds (OOB) memory accesses, which remain a major source of security vulnerabilities in C. -fbounds-safety aims to eliminate this class of bugs by turning OOB accesses into deterministic traps. The -fbounds-safety extension offers bounds annotations that programmers can use to attach bounds to pointers. For example, programmers can add the __counted_by(N) annotation to parameter ptr, indicating that t...

LLVM Discussion Forums
Show threadDaniel GibsonMay 25, 2023

@fay59 @regehr

Is that also supposed to support C99 VLA-style function parameters (void fun(size_t n, float arr[n]) without further annotations? Would be useful, I guess?

Show threadFélixMay 25, 2023
@Doomed_Daniel @regehr it does interpret this syntax as a pointer with the counted_by annotation!
Show threadDaniel GibsonMay 25, 2023
@fay59 @regehr
Wasn't clear to me, but I only skimmed the post (and searched for "VLA"), maybe I missed it - either way, I'm glad to hear that it's supported!
Show threadBjörkus "No time_t to Die" DorkusMay 25, 2023

@Doomed_Daniel @fay59 @regehr This will be extremely useful for future standardization because I have a slew of proposals I need to write to support sized annotations for parameters using static and friends with void* pointers, so we can get byte-level safety that can be automated by -fbounds-safety :

void* memcpy( void restrict dest[static count], const void restrict src[static count], size_t count );

and similar crimes.

Show threadmirabilosMay 25, 2023
@thephd @regehr @fay59 @Doomed_Daniel we have Anil Madhavapeddy’s bounds checker for GCC 3 which can do precisely that. for example
z-archive-cvs/string.h,v at a0f4b088e8b05b263f9714e6a8784bab03014c54 · MirBSD/z-archive-cvs

Arctic archival of /var/anoncvs/cvs/ (current repository) - z-archive-cvs/string.h,v at a0f4b088e8b05b263f9714e6a8784bab03014c54 · MirBSD/z-archive-cvs

GitHub
Show threadDaniel Gibson
@mirabilos @thephd @regehr @fay59
makes you wonder why that hasn't been mainlined in GCC back then
May 25, 2023 at 4:47pmWeb
Show threadmirabilosMay 25, 2023
@regehr @Doomed_Daniel @fay59 @thephd probably FSF politics, though they did integrate the other large patch (ProPolice) somewhat.