checkedc-clang 0,0

This repo contains a version of clang that is being modified to support Checked C. Checked C is an extension to C that adds checking to detect or prevent common programming errors such as out-of-bounds memory accesses.

2 years after

The Checked C clang repo

This repo contains a version of clang that is being modified to support Checked C. Checked C is an extension to C that adds checking to detect or prevent common programming errors such as out-of-bounds memory accesses. The Checked C specification is available at the Checked C repo.

The code for the Checked C version of LLVM/clang lives in two repos: the Checked C clang repo and the Checked C LLVM repo. Each repo is licensed under the University of Illinois/NCSA license. The tests for Checked C live in the Checked C repo. These are language conformance tests, so they are placed with the specification, not the compiler. The test code is licensed under the MIT license. See the file LICENSE.TXT in each repo for complete details of licensing.

Status

The compiler code is being shared early in the process of extending LLVM/clang to support the Checked C extension. We have

  • Extended LLVM/clang with a feature flag -fcheckedc-extension. This flag is valid only for C programs. It cannot be used with C++, Objective C, or OpenCL.
  • Implemented parsing and typechecking for the new _Ptr, _Array_ptr, and _Checked array types, including implicit conversions described in Section 5.1.4 of the Checked C specification. The new types are converted to unchecked types during compilation, so they do not have any bounds checking yet.
  • Extended the clang IR to represent bounds expressions and to attach bounds expressions to variable declarations, function declarations, and struct/union members.
  • Implemented parsing of in-line bounds declarations for variables, function parameters and return values, and struct/union members. This includes resolving the variables referred to by bounds expressions and resolving the members referred to by structure member bounds expressions.

We are now implementing static semantics checking for programs that use _Ptr pointers and _Array_ptr pointers to constant-sized data. This includes

  • Checking the correctness of bounds declarations for constant-sized data.
  • Checking that casts to _Ptr types from _Array_ptr types are bounds-safe.
  • Interoperation support for _Ptr.

Compiler development

The compiler is not far enough along for programmers to "kick the tires" on Checked C. We do not have a installable version clang available yet. If you are really interested, you can build your own copy of the compiler:

  • Setup and Build describes the organization of the code, how to set up a development machine to build clang, and how to build clang.
  • The Implementation Notes describe the implementation of Checked C in LLVM\clang.

Contributing

We welcome contributions to the Checked C project. To get involved in the project, see Contributing to Checked C. We have a wish list of possible projects there.

For code contributions, we follow the standard Github workflow. See Contributing to Checked C for more detail. You will need to sign a contributor license agreement before contributing code.

Code of conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.