This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Bounded array type?


A recurring error in C (and to a lesser extent C++) is the lack of bounds
checking in arrays. One famous instance of this error was the Heartbleed
incident (which could also be blamed on messy code).

I propose a GCC extension of a bounded array type. A bounded array is an
array type that has a variable instead of a constant as its size parameter.
For example, a function that writes to a buffer `buf` of size `sz` might
have a prototype like this:

buf *foo(char *buf, size_t sz);

This is error-prone because even though a size parameter is given, the code
in the function has no requirement to enforce it. With a bounded array
type, the prototype looks like this:

buf *foo(char buf[sz], size_t sz);

The compiler now knows how large `buf` is, and it can put bounds checks
into the code (which may be disabled with -O3).

-James


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]