[clang] [BoundsSafety] Initial documentation for -fbounds-safety (PR #70749)
Aaron Ballman via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 29 06:49:43 PST 2023
https://github.com/AaronBallman commented:
Thank you for the documentation! In general, it's looking great. I did have some specific questions or ideas on the more user-facing documentation. I've not yet thoroughly reviewed the implementation plans docs.
One thing that's not clear from this is how bounds safety annotations interact with variable-length arrays or variably-modified types. e.g.,
```
void func(int n, int vla[n]) {
// Within the function, is vla treated as-if it was __counted_by(n)?
}
```
or
```
void func(int n) {
int vla[n];
int *ptr = vla; // Does this calculate the correct upper bounds based on n?
}
```
We should probably have explicit mention given that VLAs are a source of security issues related to bounds. (In fact, we might even want to add specific bounds checks for VLAs such as "will the VLA fit comfortably within the stack frame?" or "these VLA bounds are user-controllable which is a Very Bad Idea™".)
https://github.com/llvm/llvm-project/pull/70749
More information about the cfe-commits
mailing list