Summary
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Installation Notes
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend using Visual Studio 2017, which has a free Community version available. Use Visual Studio 2017's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
- The binaries are installers for 32-bit and 64-bit Windows versions of the compiler
- The compiler will be installed in a separate directory from your existing clang install. If you are also using the production version of clang, do not add the Checked C version to your path.
Using the compiler
See the Checked C clang users manual for directions on how to use the compiler.
To change the compiler to Checked C clang in a Visual Studio project, open the project Properties and set "Platform Toolset" to one of the "CheckedC-LLVM" versions in the drop-down. (If there are no CheckedC-LLVM options in the "Platform Toolset" dropdown, try reinstalling Checked C clang.)
Change notes
We implemented the following static checks required by the language extension:
- Validate that initializers for _Nt_checked arrays are null-terminated (issue #397)
- Check that local variables with array types or struct/union types that contain checked pointers have initializers (issue #445).
- Implement restrictions on taking address of members and variables with bounds (issue #490).
We made improvements to the Checked C header files for the C standard library:
- Add
unistd_checked.h. - Add guards to the header files (issue #293): only parse the header declarations once and don't add the checked declarations if included in a C++ file.
- Improve bounds-safe interface for
strncmp.strncmphas different bounds-safe interfaces for_Nt_array_ptrandarray_ptrarguments. Use the_Nt_array_ptrinterface forstrncmpand provide an alternate inline definitionstrncmp_array_ptrfor the_Array_ptrinterface..
We fixed the following issues:
- Build release compilers of clang for Windows installers (issue #495). The prior installers were using debug versions of the compiler.
- Fix compiler assert about bounds expression already existing (issue #537). The compiler would crash with an assert when checking a
dynamic_bounds_castwhose expression argument required a bounds check. - Fix compiler crash reported by user (issue #488). The compiler could crash after checking a bounds declaration for a function call where an argument was implicitly widened.
We made some internal changes that should not be visible externally:
- Traverse expressions during bounds declaration checking using a control-flow graph (in preparation to incorporating dataflow information during bounds declaration checking).
Extension features implemented
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.