Batch of checked header changes from CCI 2021-05

include/CMakeLists.txt

@@ -12,12 +12,22 @@ set(files
   assert.h
   errno_checked.h
   errno.h
+  fcntl.h
+  fcntl_checked.h
   fenv_checked.h
   fenv.h
+  grp_checked.h
+  grp.h
   inttypes_checked.h
   inttypes_checked_internal.h
   math_checked.h
   math.h
+  netdb_checked.h
+  netdb.h
+  poll_checked.h
+  poll.h
+  pwd_checked.h
+  pwd.h
   signal_checked.h
   signal.h
   stdchecked.h
@@ -27,8 +37,12 @@ set(files
   stdlib.h
   string_checked.h
   string.h
+  syslog_checked.h
+  syslog.h
   threads_checked.h
   threads.h
+  utime_checked.h
+  utime.h
   time_checked.h
   time.h
   unistd_checked.h
@@ -47,6 +61,8 @@ set(posix_arpa_files
 set(posix_sys_files
   sys/socket_checked.h
   sys/socket.h
+  sys/stat_checked.h
+  sys/stat.h
 )
 
 # Hack - compute the CLANG version from the LLVM version.  The

include/_builtin_stdio_checked.h

@@ -42,7 +42,7 @@ int __builtin___sprintf_chk(char * restrict buffer : itype(restrict _Nt_array_pt
 #if __has_builtin(__builtin___snprintf_chk) || defined(__GNUC__)
 // snprintf
 extern _Unchecked
-int __snprintf_chk(char * restrict buffer : count(maxlen),
+int __snprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
                    size_t maxlen,
                    int flag,
                    size_t obj_size,
@@ -51,7 +51,7 @@ int __snprintf_chk(char * restrict buffer : count(maxlen),
                    ...);
 
 _Unchecked
-int __builtin___snprintf_chk(char * restrict buffer : count(maxlen),
+int __builtin___snprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
                              size_t maxlen,
                              int flag,
                              size_t obj_size,
@@ -85,7 +85,7 @@ int __builtin___vsprintf_chk(char * restrict buffer : itype(restrict _Nt_array_p
 #if __has_builtin(__builtin___vsnprintf_chk) || defined(__GNUC__)
 // vsnprintf
 extern _Unchecked
-int __vsnprintf_chk(char * restrict buffer : count(maxlen),
+int __vsnprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
                     size_t maxlen,
                     int flag,
                     size_t obj_size,
@@ -94,7 +94,7 @@ int __vsnprintf_chk(char * restrict buffer : count(maxlen),
                     va_list);
 
 _Unchecked
-int __builtin___vsnprintf_chk(char * restrict buffer : count(maxlen),
+int __builtin___vsnprintf_chk(char * restrict buffer : itype(restrict _Nt_array_ptr<char>) count(maxlen == 0 ? 0 : maxlen-1),
                               size_t maxlen,
                               int flag,
                               size_t obj_size,

include/arpa/inet.h

@@ -5,11 +5,10 @@
 /////////////////////////////////////////////////////////////////////////
 
 
-#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
-
 // The Windows environment may not have arpa/inet.h
-#if defined __has_include_next
-#if __has_include_next(<arpa/inet.h>)
+#if defined __has_include_next && __has_include_next(<arpa/inet.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
 
 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@@ -22,9 +21,10 @@
 #pragma CHECKED_SCOPE pop
 #endif
 
-#endif // has inet.h
-#endif // defined __has_include_next
-
 #else // checkedc && implicit include enabled
 #include <arpa/inet_checked.h>
 #endif
+
+#else // doesn't have arpa/inet.h
+#error "cannot include 'arpa/inet.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif

include/arpa/inet_checked.h

@@ -6,8 +6,7 @@
 /////////////////////////////////////////////////////////////////////////
 
 // The Windows environment may not have arpa/inet.h
-#if defined __has_include_next
-#if __has_include_next(<arpa/inet.h>)
+#if defined __has_include_next && __has_include_next(<arpa/inet.h>)
 
 #ifdef __checkedc
 #pragma CHECKED_SCOPE push
@@ -28,12 +27,24 @@
 #pragma CHECKED_SCOPE on
 
 extern in_addr_t inet_addr (const char *__cp : itype(_Nt_array_ptr<const char>)) __THROW;
-
+extern int inet_aton(const char *cp : itype(_Nt_array_ptr<const char>),
+                     struct in_addr *inp : itype(_Ptr<struct in_addr>));
+
+extern char *inet_ntoa(struct in_addr) : itype(_Nt_array_ptr<char>);
+_Unchecked
+extern const char *inet_ntop(int af, const void *restrict src,
+                             char *restrict : itype(restrict _Array_ptr<char>) byte_count(size),
+                             socklen_t size) : itype(_Nt_array_ptr<const char>);
+_Unchecked
+extern int inet_pton(int af,
+                     const char *restrict src : itype(restrict _Nt_array_ptr<const char>),
+                     void *restrict dst);
 
 #pragma CHECKED_SCOPE pop
 
 #endif // guard
 #endif // Checked C
 
-#endif // has inet.h
-#endif // defined __has_include_next
+#else // doesn't have arpa/inet.h
+#error "cannot include 'arpa/inet_checked.h' because this system does not have the original 'arpa/inet.h'"
+#endif

include/fcntl.h

@@ -0,0 +1,23 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <fcntl.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <fcntl_checked.h>
+#endif

include/fcntl_checked.h

@@ -0,0 +1,31 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for some functions in fcntl.h that           //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <fcntl.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __FCNTL_CHECKED_H
+#define __FCNTL_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+_Unchecked
+int open(const char *pathname : itype(_Nt_array_ptr<const char>), int flags, ...);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C

include/grp.h

@@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have grp.h
+#if defined __has_include_next && __has_include_next(<grp.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <grp.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <grp_checked.h>
+#endif
+
+#else // doesn't have grp.h
+#error "cannot include 'grp.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif

include/grp_checked.h

@@ -0,0 +1,37 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in grp.h that                  //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have grp.h
+#if defined __has_include_next && __has_include_next(<grp.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <grp.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __GRP_CHECKED_H
+#define __GRP_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+int initgroups(const char *user : itype(_Nt_array_ptr<const char>), gid_t group);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have grp.h
+#error "cannot include 'grp_checked.h' because this system does not have the original 'grp.h'"
+#endif

include/netdb.h

@@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have netdb.h
+#if defined __has_include_next && __has_include_next(<netdb.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <netdb.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <netdb_checked.h>
+#endif
+
+#else // doesn't have netdb.h
+#error "cannot include 'netdb.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif

include/netdb_checked.h

@@ -0,0 +1,45 @@
+//---------------------------------------------------------------------//
+// Bounds-safe interfaces for functions in netdb.h that                //
+// take pointer arguments.                                             //
+//                                                                     //
+/////////////////////////////////////////////////////////////////////////
+
+// The Windows environment may not have netdb.h
+#if defined __has_include_next && __has_include_next(<netdb.h>)
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <netdb.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#ifdef __checkedc
+#ifndef __NETDB_CHECKED_H
+#define __NETDB_CHECKED_H
+
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE on
+
+extern struct hostent *gethostbyname(const char *name : itype(_Nt_array_ptr<const char>)) : itype(_Ptr<struct hostent>);
+_Unchecked
+extern struct hostent *gethostbyaddr(const void *addr : byte_count(len), socklen_t len, int type);
+
+int getaddrinfo(const char *node : itype(_Nt_array_ptr<const char>) , const char *service : itype(_Nt_array_ptr<const char>),
+                const struct addrinfo *hints : itype(_Ptr<const struct addrinfo>),
+                struct addrinfo **res : itype(_Nt_array_ptr<_Ptr<struct addrinfo>>));
+void freeaddrinfo(struct addrinfo *res : itype(_Ptr<struct addrinfo>));
+const char *gai_strerror(int errcode) : itype(_Nt_array_ptr<const char>);
+
+#pragma CHECKED_SCOPE pop
+
+#endif // guard
+#endif // Checked C
+
+#else // doesn't have netdb.h
+#error "cannot include 'netdb_checked.h' because this system does not have the original 'netdb.h'"
+#endif

include/poll.h

@@ -0,0 +1,30 @@
+//---------------------------------------------------------------------//
+// Wrapper header file that excludes Checked-C-specific declarations   //
+// if the compilation is not for Checked C, or if is for Checked C     //
+// but the implicit inclusion of checked header files is disabled.     //
+/////////////////////////////////////////////////////////////////////////
+
+
+// The Windows environment may not have poll.h
+#if defined __has_include_next && __has_include_next(<poll.h>)
+
+#if !defined __checkedc || defined NO_IMPLICIT_INCLUDE_CHECKED_HDRS
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE push
+#pragma CHECKED_SCOPE off
+#endif
+
+#include_next <poll.h>
+
+#ifdef __checkedc
+#pragma CHECKED_SCOPE pop
+#endif
+
+#else // checkedc && implicit include enabled
+#include <poll_checked.h>
+#endif
+
+#else // doesn't have poll.h
+#error "cannot include 'poll.h' because this system does not have the original header, even though Checked C provides a wrapper for it"
+#endif