String literals with checked types and improved support for array literals. #396
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Make string literals have checked array type in checked scopes. - If an array literal occurs as the RHS of an expression and the LHS is checked pointer type, change array-to-pointer decay to produce a checked pointer. - Incomplete checked array types with initializers should produce checked types. The array kind was not being passed in when constructing the complete type. The argument default to unchecked array kind. Testing: - Added new Checked C repo tests for array literals.
In checked scopes, only allow checked types to be used for compound literals. Allow parenthesized string literals to appear in ocntext where a a checked type are expected.
… scopes. We recently improved the diagnostics for declarations in checked scopes that use types that are not allowed. This improves the diagnostics for the types used by casts and array literals. We centralize the checking of types used in checked scopes.
This was referenced Oct 17, 2017
lenary
reviewed
Oct 17, 2017
| QualType StrTy = Context.getConstantArrayType(CharTyConst, | ||
| llvm::APInt(32, Literal.GetNumStringChars()+1), | ||
| ArrayType::Normal, 0); | ||
| llvm::APInt(32, Literal.GetNumStringChars() + 1), |
There was a problem hiding this comment.
Is this constant 32 correct? Surely it should be the same as the width of size_t which you can get from… somewhere?
Edit: I'm wrong, looking on the left and they also use 32. I think this is fine.
lenary
approved these changes
Oct 17, 2017
This was referenced Oct 17, 2017
dopelsunce
pushed a commit
to dopelsunce/checkedc-clang
that referenced
this pull request
Sep 28, 2020
Remove annotations that aren't supported by Apple headers.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds compiler support for using string literals in checked scopes. In C, a string literal has the type "array of character", where there are several possible character types. In Checked C, that corresponds to an "unchecked array of character". To be able to use string in checked scopes, we need a way that they can be typed as a "checked null-terminated array of characters."
We support this in two ways. First we alter the type of string literals that appears in checked scopes to have null-terminated array types. Array-to-pointer conversion converts this to having an nt_array_ptr test, and at assignments nt_array_ptr can converted array_ptr..
Second, we allow array literals (of which strings are a special case) to be converted implicitly to a checked pointer type when a checked pointer type is expected. The checked pointer type should have the same pointer kind as the expected pointer type. The implicit conversions can happen at assignments, function calls, and within initializers. The language rules haven't been added to the Checked C specification yet. The proposed rule is describedhere.
Array literals specified using initializers or compound literal expressions already worked for the most part. The C language rules use the type of the variable being initialized or the type of the compound literal expression as guides for filling in the type. The clang machinery for filling in arrays worked for checked arrays too.
This commit adds one important missing case: incomplete array types. We were not propagating the checked enum when the complete array type was formed after the number of array elements had been determined. It also checks in a checked scope that the compound literal type is a checked type. This closes off one more route by which an unchecked type could appear in a checked scope.
This commit adds a new method for checking types that appear syntactically in expressions in checked scopes (for example, in cast operators and compound literal expressions). This produces error message with similar detail to those produced for declarations, calling out the problematic unchecked type within a constructed type if necessary. The existing error message for cast operations are switched to use this method, so we get better error message for cast expressions too.
Testing: