Add bounds information for returns to function types. #82
Milestone
Comments
dtarditi
added a commit
that referenced
this issue
Dec 9, 2016
Function types incorporate bounds information in Checked C. This change extends the clang IR to represent bounds information for parameters and returns of function types. This addresses Github issues #81 and #82. - The change adds another dynamically-sized array to the FunctionProtoType data structure that holds bounds for parameters. If a parameter has no bounds, a null pointer is stored for the corresponding entry in the array. The array is not allocated if there are no bounds expressions for any of the parameters. - It adds a member to FunctionType to hold the return bounds expression. We could save space for FunctionType objects that do not have return bounds by storing the return bounds as part of the dynamically-allocated array for parameter bounds. We do not do that for now. There's no pressing need to save space and it would make the implementation a little more complicated. - In the Checked C specification, function type compatibility involves renaming parameters so that corresponding parameters have the same name. This is awkward to do in a compiler, so instead we chose another representation for parameters in bounds expressions that occur in function types. We represent parameters using their position in the argument list. We create an expression PositionalParameterExpr that represents this abstraction of parameters. To check if two parameters are the same, we just compare the positional parameter expressions by value (using the index and type). We update AST dumping and AST serialization to handle the new information. We also change the code for memoizing function types (implemented by functions named "Profile") to take into account the new information. We use the clang meta-template approach to abstract bounds expressions for parameters of function types. It only ends up being about 40 lines of code. - Update the Checked C implementation documentation to describe the IR choices and explain why we chose to use PositionalParameterExpr instead of taking another approach. While we add the information, we don't do much with it yet. This change does not update type compatibility testing or the checking of redeclarations. The memory management surrounding construction of function types is a little tricky and deserves some explanation. The class ExtProtoInfo holds additional information about a function type being constructed. We add the bounds information for parameters there. It includes pointers to arrays that are allocated during function type construction and deallocated after function type construction. The FunctionType class is allocated with extra space at the end for a number of variably-sized arrays (side note: this could be a lot cleaner and safer when Checked C is extended to handle variable-sized array members). The array contents are copied into the extra space. The bounds expressions themselves are allocated in a memory region associated with the AST context. They live as long as the entire AST. Later on, we'll need to be careful to not allocate bounds expressions to live forever. However, for the purposes of constructing the IR, this is fine. Testing: - Add new tests to AST dumping that test function types with bounds expressions, making sure that parameters have been abstracted properly. - Passes existing Checked C regression tests. - Passes clang regression tests.
|
Work is complete. |
dopelsunce
pushed a commit
to dopelsunce/checkedc-clang
that referenced
this issue
Sep 28, 2020
…rosoft#82) This change corresponds to an update to the Checked C clang implementation to do better checking of bounds declarations and bounds-safe inferface type annotations for function pointer types. This change fixes errors in existing tests found by the improved checking: - Fix an error in parsing\return_bounds.c where there is a count bounds expression used with a function return type of `int`. - Fix errors in typechecking\interop_type_annotations.c where lack of parentheses led interface types being declared for the wrong return types. For example, the annotation type declared here: int (*g80)(int *, int *) : itype(ptr<int(int *, int *)>)` is the interface type for the return value of `g80`, which has type `int', not the interface type for g80 as intended. Add parentheses to fix this issue: int ((*g80)(int *, int *)) : itype(ptr<int(int *, int *)>); The change also updates the existing error messages involving bounds declarations and return types because those error messages have changed. It adds the following tests: - More tests of function pointer parameters and returns with bounds declarations and bounds-safe interfaces. - Tests for unnamed parameters with bounds declarations. - Tests that bounds-safe interface types are not allowed for local variables.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: