checkedc icon indicating copy to clipboard operation
checkedc copied to clipboard
verified publisher icon microsoft

Handling of empty and invalid ranges

Open saeednj opened this issue 6 years ago • 0 comments

Invalid range is a range with upperBound < lowerBound and an empty range is a range with upperBound == lowerBound.

Declaration of both empty and invalid ranges is allowed in Checked-C, although the compiler will give a warning if it sees such declarations. The reason for allowing these declarations is that empty ranges can be used to represent an empty buffer, and invalid ranges show up in cases when a range and an array are passed to a function to process the array. In cases that the range is invalid, usually the function is expected to silently does nothing.

This means that declaration is fine, but access to memory through these ranges is clearly a memory access violation. Therefore any statically known memory access through pointers with empty or invalid ranges, should generate a compile error.

Related:

  • issue on checkedc-clang with an example
  • Related pull-request on checkedc-clang, implementing this logic.
  • Related pull-request on checkedc, updating the tests accordingly.

saeednj avatar Oct 30 '19 21:10 saeednj