@dtarditi dtarditi released this Jun 8, 2018 · 44 commits to master since this release

Assets 3

This is a minor update to the Checked C specification that brings it into agreement with the compiler implementation.

  • Rename BOUNDS_CHECKED TO CHECKED_SCOPE.
  • Update the syntax for bounds_cast expressions. Remove the old syntax where the kind of bounds expression was inferred based on the number of arguments. Now the target bounds expression is an additional argument.
  • Allow an interop type and a bounds expressions as part of a bounds-safe interface.
  • Make it clear that bounds-safe interfaces can be applied to unchecked arrays too.

@dtarditi dtarditi released this Feb 15, 2018 · 66 commits to master since this release

Assets 3

The main improvement in Version 0.7 is adding support for checked strings and checked pointers to null-terminated arrays.

The improvements and changes include:

  • Add types for checked null-terminated arrays (nt_checked) and checked pointers to null-terminated arrays (nt_array_ptr)
  • Extend typing rules to allow string and array literals to be used where expressions with checked pointer types are expected.
  • Require initializers for variables with checked pointer types or struct or array types that contain checked pointers.
  • Describe handling of initializer expressions involving checked pointers.
  • Revise rules for implicit conversions between checked pointer types. Allow conversions to/from void pointers for now.
  • Change syntax for bounds cast operators.
  • Remove span type.
  • Rename bounds(none) to bounds(unknown).
  • Describe static checking rules for return statements.
  • Disallow array_ptrs of function types.
  • Various wording clean ups.

Caveats:
A non-null value at the upper bound an nt_array_ptr allows the bounds of the nt_array_ptr to be widened. The flow analysis for widening bounds still needs to be described in detail.

@dtarditi dtarditi released this Jan 5, 2017 · 173 commits to master since this release

Assets 3

The improvements in Version 0.6 include:

  • Better interoperation support. Bounds-safe interface types have been added to support nested levels of pointers at interoperation boundaries.
  • Function pointer types with bounds information are now supported.
  • Keywords are now backwards-compatible with existing C programs.
  • The restriction on lexical hiding of variables have been removed.
  • Restrictions on the use of functions without prototypes with checked code have been added.
  • Definitions of type compatibility have been added.

Chapter 3 (bounds for variables) has been revised to be easier to follow. Sections have been reordered to follow more logically and advanced material that can be skipped has been moved to the end of the chapter.