checked-c-convert: Emit bounds-safe interfaces

[nmeum]

This is rather a feature request than a bug report but you seem to be interested in those as well, so I hope you don't mind that I open an issue for this. If you would rather like to discuss these sort of things on the ML let me know.

We are using Checked C only with bounds-safe interfaces to retain interoperability with existing Legacy C code. We still want to convert functions to checked program scope though, we only want them to provide a Legacy C compatible API.

This however, doesn't seem to be possible when using checked-c-convert to automatically convert Legacy C code to Checked C. I would therefore propose adding an additional command line flag to checked-c-convert to make it emit Checked C code with bounds-safe interfaces.

[dtarditi]

Thanks - I've assigned this to @awruef, who owns the Checked C conversion tool. I know he is thinking about bounds-safe interfaces.

[dtarditi]

The convert tool has been mostly rewritten (see PR #642). It now generates bounds-safe interfaces for _Ptr types. Work on inferring bounds expressions is on-going.

[nmeum]

Hey, I am just revisiting Checked C after almost two years. First of all thanks for your continued work on the project! Regarding, checked-c-convert it does seem to generate in bounds-safe interfaces now. However, I would like it to always generate bounds-safe interface for my use case, maybe through a command line flags such as --always-use-bounds-safe?