[clang] [BoundsSafety] Initial documentation for -fbounds-safety (PR #70749)

Yeoul Na via cfe-commits cfe-commits at lists.llvm.org
Wed Nov 29 23:22:15 PST 2023


================
@@ -485,20 +499,83 @@ Pointer types in a ``typedef`` can still have explicit annotations, e.g.,
 ``typedef int *__single``, in which case the bounds annotation ``__single`` will
 apply to every use of the ``typedef``.
 
-Array to pointer promotion
---------------------------
-
-In C, when an array is referenced, it is automatically promoted (or “decayed”)
-to a pointer to its first element (e.g., ``&arr[0]``). Similarly, in
-``-fbounds-safety``, arrays are also promoted to pointers, but with the addition
-of an implicit bounds annotation. Arrays on function parameters are promoted to
-corresponding ``__counted_by`` pointers. Consequently, incomplete arrays (or
-arrays without size) will cause a compiler error unless it has ``__counted_by``
-annotation in its bracket. All other arrays are promoted to ``__bidi_indexable``
-pointers, with the equivalent of ``&arr[0]`` serving as the lower bound and
-``&arr[array_size]`` (or one past the last element) serving as the upper bound.
-This way, all array accesses are subject to bounds checking, just as their
-corresponding pointers are.
+Array to pointer promotion to secure arrays (including VLAs)
----------------
rapidsna wrote:

@AaronBallman I extended this section to explicitly mention VLAs and added some examples to describe the semantics.

https://github.com/llvm/llvm-project/pull/70749


More information about the cfe-commits mailing list