Checked-c-convert: return type changed to _ptr but returned value not bounded

[AnnaKornfeldSimpson]

Sometimes the return type of a function is changed to _Ptr from * but the value actually returned is declared inside the function as * and has no bounds.

Example: parson.checked.c:145
Original code: parson.c:145
Error Produced: complains about cast on the returnstatement.

To use this test case:

• Clone https://github.com/AnnaKornfeldSimpson/parson
• Check out the snapshotWeUse branch
• make test to build the original code. make testchecked to build with the copies produced by checked-c-convert.
• convert.sh runs checked-c-convert on the original code and outputs to *checked* files. If you re-run it, also edit parson.checked.c to use parson.checked.h. convert.sh may need modifications to run in Windows.
• Compiler errors can be compared with compilerErrors.txt (produced on a Ubuntu system, not sure if it will perfectly match in Windows)

[AnnaKornfeldSimpson]

In this specific case the checked type of the return value should be _Nt_array_ptr since indexing is done on it at line 143, but I think the overall problem is that the return type shouldn't be changed automatically if the type of the returned value cannot be changed.

[awruef]

Probably what happens is that I don't constrain at the site of the return, or if I do, I don't constrain it across all definitions and declarations of the function (there are two). I'll check on that.

[awruef]

It was the second one. I have this fixed in a branch, going to commit the test case and fix a few more small bugs while I'm here.

[awruef]

I think this is fixed now, here's the behavior I see:

andrew@verthandi:~/code/checkedc-llvm.obj$ cat a.c
//#include <stdio_checked.h>
//#include <stdlib_checked.h>
//#include <string_checked.h>

extern void *parson_malloc(unsigned);
extern unsigned a_strlen(const char *);

static char * parson_strndup(const char *string, unsigned n);
static char * parson_strdup(const char *string);

static char * parson_strndup(const char *string, unsigned n) {
    char *output_string = (char*)parson_malloc(n + 1);
    if (!output_string) {
        return 0;
    }
    output_string[n] = '\0';
    for (unsigned i = 0; i < n; i++) {
      if (string[i] == '0')
        break;
      output_string[i] = string[i];
    }
    return output_string;
}

static char * parson_strdup(const char *string) {
    return parson_strndup(string, a_strlen(string));
}
andrew@verthandi:~/code/checkedc-llvm.obj$ ./bin/checked-c-convert ./a.c -- > a.chk.c
andrew@verthandi:~/code/checkedc-llvm.obj$ cat a.chk.c
//#include <stdio_checked.h>
//#include <stdlib_checked.h>
//#include <string_checked.h>

extern void *parson_malloc(unsigned);
extern unsigned a_strlen(const char *);

char* parson_strndup(const char *string, unsigned int n);
char* parson_strdup(const char *string : itype(_Ptr<const char> ) );

char* parson_strndup(const char *string, unsigned int n) {
    char *output_string = (char*)parson_malloc(n + 1);
    if (!output_string) {
        return 0;
    }
    output_string[n] = '\0';
    for (unsigned i = 0; i < n; i++) {
      if (string[i] == '0')
        break;
      output_string[i] = string[i];
    }
    return output_string;
}

char* parson_strdup(const char *string : itype(_Ptr<const char> ) ) {
    return parson_strndup(string, a_strlen(string));
}

[dtarditi]

The convert tool has been mostly rewritten (see PR #642). Please reopen this issue if it still exists.