-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check casts of function names to checked function pointer types. #78
Comments
Tests of casts from function names with unchecked pointers to checked function pointer types were added as part of pull request #91. We still need to implement a check in the compiler that the source operand for the cast is actually a function name. |
From an email from David:
|
So, by staring at some dumped ASTs, we need to do the following:
We'll pick this back up when we have a centralized place for doing our bounds checking analysis, which should be in a day or two. |
We check to make sure that any time we're casting to a `_Ptr` to a function, that the thing we are casting is either: - a top-level function definition (either checked or unchecked) - a checked local variable/parameter - a null pointer Anything else would be unsound. Unfortunately, we have to look quite deeply for the thing we're casting to, because you can ref (`&`) and deref (`*`) a function pointer as many times as you want and implicit casts are inserted to make everything work. Closes #78
Wonsub Kim found some typos in the examples and non-examples for implicit casts. This change incorporates his fixes.
We added new rules to the Checked C specification that allow a function name to be cast from its unchecked function pointer type to the corresponding checked function pointer type, where the two function types are compatible
The support for casting from an unchecked function pointer type to the corresponding checked function pointer type should already be there, but we do need to add tests for that.
We need to implement a separate test that ensures that the source is actually a function name and not just a variable with an unchecked function pointer type.
The text was updated successfully, but these errors were encountered: