https://github.com/AaronBallman commented:
Thank you for the documentation! In general, it's looking great. I did have
some specific questions or ideas on the more user-facing documentation. I've
not yet thoroughly reviewed the implementation plans docs.
One thing that's not clear from this is how bounds safety annotations interact
with variable-length arrays or variably-modified types. e.g.,
```
void func(int n, int vla[n]) {
// Within the function, is vla treated as-if it was __counted_by(n)?
}
```
or
```
void func(int n) {
int vla[n];
int *ptr = vla; // Does this calculate the correct upper bounds based on n?
}
```
We should probably have explicit mention given that VLAs are a source of
security issues related to bounds. (In fact, we might even want to add specific
bounds checks for VLAs such as "will the VLA fit comfortably within the stack
frame?" or "these VLA bounds are user-controllable which is a Very Bad Idea™".)
https://github.com/llvm/llvm-project/pull/70749
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
