Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
This is a minor update to the Checked C specification that brings it into agreement with the compiler implementation.
- Rename BOUNDS_CHECKED TO CHECKED_SCOPE.
- Update the syntax for
bounds_castexpressions. Remove the old syntax where the kind of bounds expression was inferred based on the number of arguments. Now the target bounds expression is an additional argument.
- Allow an interop type and a bounds expressions as part of a bounds-safe interface.
- Make it clear that bounds-safe interfaces can be applied to unchecked arrays too.
The main improvement in Version 0.7 is adding support for checked strings and checked pointers to null-terminated arrays.
The improvements and changes include:
- Add types for checked null-terminated arrays (
nt_checked) and checked pointers to null-terminated arrays (
- Extend typing rules to allow string and array literals to be used where expressions with checked pointer types are expected.
- Require initializers for variables with checked pointer types or struct or array types that contain checked pointers.
- Describe handling of initializer expressions involving checked pointers.
- Revise rules for implicit conversions between checked pointer types. Allow conversions to/from void pointers for now.
- Change syntax for bounds cast operators.
- Remove span type.
- Describe static checking rules for return statements.
array_ptrsof function types.
- Various wording clean ups.
A non-null value at the upper bound an
nt_array_ptr allows the bounds of the
nt_array_ptr to be widened. The flow analysis for widening bounds still needs to be described in detail.
The improvements in Version 0.6 include:
- Better interoperation support. Bounds-safe interface types have been added to support nested levels of pointers at interoperation boundaries.
- Function pointer types with bounds information are now supported.
- Keywords are now backwards-compatible with existing C programs.
- The restriction on lexical hiding of variables have been removed.
- Restrictions on the use of functions without prototypes with checked code have been added.
- Definitions of type compatibility have been added.
Chapter 3 (bounds for variables) has been revised to be easier to follow. Sections have been reordered to follow more logically and advanced material that can be skipped has been moved to the end of the chapter.