This is the mail archive of the
mailing list for the GCC project.
Re: Bounds checking
- To: Tristan Gingold <tgi at netgem dot com>
- Subject: Re: Bounds checking
- From: Greg McGary <gkm at eng dot ascend dot com>
- Date: 15 Nov 1999 07:19:31 -1000
- Cc: gcc at gcc dot gnu dot org
- References: <80256825.00430EDF.email@example.com> <firstname.lastname@example.org> <19991115164037.E12709@tgi2.netgem>
Tristan Gingold <email@example.com> writes:
> > Checked and unchecked code may be mixed to the extent that checked and
> > unchecked code don't share aggregates (structs & arrays) containing
> > pointers whose size & layout change based on the size of pointers.
> Just a question (as the author of Checker): how will you manage stdio
> (for example) ?
You definitely put your finger on a problem area. stdio is tough for
a couple reasons:
1) Layout of FILE is visible in getc & putc for some implemenations of stdio.
2) Printf & scanf accept varargs having pointer type.
The only ways I know to handle this is to
1) provide hand-written thunks (not the best way)
2) explicitly qualify the stdio interfaces as having unbounded
pointers using the __unbounded cv-qualifier & attribute.
(a better way, but requires hacking header files)
3) build stdio with bounded pointers (best if you have stdio source)