Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test restrictions on taking addresses of members and variables. #284

Merged
merged 4 commits into from
May 21, 2018
Merged

Test restrictions on taking addresses of members and variables. #284

merged 4 commits into from
May 21, 2018

Conversation

dtarditi
Copy link
Member

Checked C restricts taking the addresses of:

  1. Members with member bounds declarations.
  2. Members used in member bounds declarations.
  3. Variables with bounds declarations.
  4. Variables/variable members used in bounds declarations.

This add tests of restrictions 1-3, as part of implementing checkedc/checkedc-clang#213 and checkedc/checkedc-clang#212:

  • Taking the address of non-array members with or used in bounds declarations is now an error.
  • Taking the address of non-array members with or used in bounds-safe interfaces is allowed in unchecked scopes. It is an error in checked scopes.
  • Taking the address of non-array variables with bounds declaration is now an error.

It is OK to take the address of an array variable or member because you can't use the resulting pointer to modify the pointer that the array converts to.

The trickier cases to test involve nested members. Given

struct NestedLen {
   int len; 
};

struct S {
   struct NestedLen n;
   _Array_ptr<int> p : count(n.len);
}

we don't allow the addresses of n or n.len to be taken. However, if NestedLen is not embedded in S, we allow the address of a struct of type NestedLen to be taken.

The matching compiler change is at checkedc/checkedc-clang#490.

@dtarditi
Test taking the address of members used in member bounds.
7232817 
The specification does not allow taking the address of members used
in member bounds.  Add tests of this.   There are actually 3 cases
to handle:
1. Taking the address of a member used in a bounds declaration. This
   is an error.
2. Taking the address of a member used in a bounds-safe interface:
- In an unchecked scope, this is OK.  We don't want to alter compilation
  of existing code that has had bounds-safe interfaces added to it.
- In a checked scope, this is an error.
@dtarditi
Disable test that takes address of variable.
62a1968
@dtarditi
Test restrictions on taking address of members with bounds.
c2876aa
@dtarditi
Add tests of nested members and variables.
5c0b986 
- Test taking addresses of nested members used in bounds.
- Test taking addresses of variables with bounds.
@dtarditi dtarditi requested a review from awruef May 19, 2018 00:44
awruef
awruef approved these changes May 21, 2018
View reviewed changes
Copy link
Collaborator

@awruef awruef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@dtarditi dtarditi merged commit 95aa444 into master May 21, 2018
@dtarditi dtarditi deleted the clang-issue213 branch June 8, 2018 15:41
@secure-sw-dev-bot secure-sw-dev-bot mentioned this pull request Jan 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@awruef awruef awruef approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dtarditi @awruef