tl;dr
We have local-constant size buffers with constant index accesses working for one-dimensional arrays. We’re taking a slight detour to implement multi-dimensional arrays.
Details
Xr0 can now detect out-of-bounds accesses for the case of one-dimensional arrays and pointers. Some examples of this:
Out-of-bounds access on a pointer to a variable on the stack.
Xr0 rightly rejects p[1] = 1; since p is pointing at the memory location of
i. The code does not allocate memory beyond i, and accessing p[1].
void
foo()
{
int i; int *p;
p = &i;
p[1] = 1;
}
foo.x:8:10: undefined indirection: out of bounds (foo)
Out-of-bounds access to a heap-allocated region.
Xr0 rightly rejects the assignment p[2] = 3;. The heap location pointed to by
p has a size of 2, so the access p[2] is out of bounds.
#include <stdlib.h>
void
bar()
{
int *p;
p = malloc(2);
p[0] = 5;
p[1] = 4;
p[2] = 3;
}
bar.x:10:10: undefined indirection: out of bounds (bar)
Out-of-bounds access to a stack-allocated array.
Xr0 rightly rejects the assignment arr[3] = 5; to the stack allocated array.
The array arr has a size 3, so the access arr[3] is out of bounds.
void
baz()
{
char arr[3];
arr[2] = 7;
arr[3] = 5;
}
bar.x:6:10: undefined indirection: out of bounds (baz)
Next up
As mentioned, we’re taking a slight detour from the buffer out-of-bounds problem to implement multi-dimensional arrays ([#61]). The idea is that this will help us write more interesting tests for the bounds checking down the line. Our goal is to finish this by the 22nd.