Summary
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Installation Notes
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
- The binaries are installers for 32-bit and 64-bit Windows versions of the compiler
- The compiler will be installed in a separate directory from your existing clang install. If you are also using the production version of clang, do not add the Checked C version to your path.
Using the compiler
See the Checked C clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C clang compiler binary.
Visual Studio 2019 also now directly supports clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of clang.
Change notes
We have upgraded to the sources for clang version 8.0.0.
We implemented the following features:
- Disallow explicit casts from ptr, array_ptr, or unchecked pointers to nt_array_ptr in checked scopes.
- The compiler now infers bounds for call subexpressions that return pointers with bounds. This was a representational issue in the compiler. the compiler needed to introduce temporaries to hold the values of call subexpressions.
- With that inference in place, the generated code now does dynamic bounds checking for call subexpressions that are immediately subscripted or dereferenced.
- This also makes the checking of bounds declarations more strict. At assignments to variables with declared bounds and initalizers for such variables, the compiler needs to check that the right-hand side of tje assignment or initializer implies the declared bounds. The compiler was not doing checking when the right-hand side was a call expression. Now it does.
We added a bounds-safe interface for strdup.
Extension features implemented
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.