This is the mail archive of the
mailing list for the GCC project.
Bounded array type?
- From: James Nelson <retrobanana dot jn at gmail dot com>
- To: gcc at gcc dot gnu dot org
- Date: Tue, 2 Sep 2014 15:22:03 -0600
- Subject: Bounded array type?
- Authentication-results: sourceware.org; auth=none
A recurring error in C (and to a lesser extent C++) is the lack of bounds
checking in arrays. One famous instance of this error was the Heartbleed
incident (which could also be blamed on messy code).
I propose a GCC extension of a bounded array type. A bounded array is an
array type that has a variable instead of a constant as its size parameter.
For example, a function that writes to a buffer `buf` of size `sz` might
have a prototype like this:
buf *foo(char *buf, size_t sz);
This is error-prone because even though a size parameter is given, the code
in the function has no requirement to enforce it. With a bounded array
type, the prototype looks like this:
buf *foo(char buf[sz], size_t sz);
The compiler now knows how large `buf` is, and it can put bounds checks
into the code (which may be disabled with -O3).