@@ -281,7 +281,7 @@ \subsection{Implicit conversions involving safe pointers}
281281\label {section:implicit-conversions }
282282
283283C allows implicit conversions at assignments, function call arguments,
284- conditional expressions, and comparisons . The purpose of
284+ and conditional expressions. The purpose of
285285implicit conversions is to make programs shorter and easier to
286286read. This section defines implicit conversions that are
287287allowed for safe pointer types.
@@ -297,10 +297,10 @@ \subsubsection{From unsafe pointers to safe pointers}
297297unsafe pointer and the safe pointer are compatible.
298298
299299This can be done for the right-hand side of an assignment, a call argument,
300- an arm of a conditional expression, and an operand of a comparison .
301- The type of the left-hand side of the assignment, the parameter, the other
302- arm of the conditional expression, or the other operand of the comparison
303- must be the safe pointer type that is the target of the implicit conversion.
300+ or an arm of a conditional expression.
301+ The type of the left-hand side of the assignment, the parameter, or the other
302+ arm of the conditional expression must be the safe pointer type that is the
303+ target of the implicit conversion.
304304
305305For now, compatibility is defined as the following:
306306\begin {itemize }
@@ -331,9 +331,9 @@ \subsubsection{From safe pointers to safe pointers}
331331An expression with a safe pointer type can be converted implicitly to the same kind
332332of safe pointer type with a \texttt {void } referent type.
333333This can be done for the right-hand side of an assignment, a call argument,
334- an arm of a conditional expression, and an operand of a comparison .
335- The type of the left-hand side of the assignment, the parameter, the other
336- arm of the conditional expression, or the other operand of the comparison
334+ and an arm of a conditional expression.
335+ The type of the left-hand side of the assignment, the parameter, or the other
336+ arm of the conditional expression
337337must be the safe \void \ pointer type that is the target of the implicit
338338conversion. For example, implicit conversions from
339339\ptrinst {\var {T}} to \ptrvoid \ and from \arrayptrinst {\var {T}} to \arrayptrvoid \ are allowed
@@ -343,22 +343,19 @@ \subsubsection{From safe pointers to safe pointers}
343343The philosophy behind this is the same one that is used in C++: places where type-safety
344344can be compromised by a cast should be explicit in the code.
345345
346- For comparisons, if one operand has type \ptrinst {\var {T}} and the other
347- operand has type \arrayptrinst {\var {T}}, the operand with type \ptrinst {\var {T}}
348- can be converted implicitly to \arrayptrinst {\var {T}}.
349-
350346\subsubsection {Between safe pointers and integers }
351347
352348The null pointer (0) can be converted implicitly to any safe pointer type.
353349A safe pointer can be converted implicitly to the \texttt {\_ Bool
354350
355- \subsubsection {Illegal implicit conversions }
351+ Some C compilers extend C by allowing implicit conversions between pointers
352+ and integers or between pointers to incompatible types. Implicit conversions
353+ from integers to safe pointers are typically not useful in Checked C because
354+ the checking of bounds declarations fails or the resulting pointer cannot
355+ be used to access memory. The rules for checking bounds declarations only
356+ allow the target type to be \arrayptr \ type and the bounds of the expression to be
357+ \boundsnone .
356358
357- All other implicit conversions involving safe pointer types are not allowed.
358- A compiler must treat a program containing those conversions as erroneous.
359- Many C compilers allow implicit conversions between pointers and integers or
360- between pointers to incompatible types. They issue warning messages for
361- those conversions. These extensions are not permitted for safe pointers.
362359
363360\subsubsection {Examples }
364361
0 commit comments