This repo contains a version of clang that is being modified to support Checked C. Checked C is an extension to C that lets programmers write C code that is guaranteed by the compiler to be type-safe.
Bot releases are hidden (Show)
Published by dtarditi about 2 months ago
This is a release of the Checked C clang compiler. It is based on the Checked C specification version 1.0.
November 13, 2023
We use cosign to sign the distribution files. To verify a file, download the file and the associated file.bundle, install cosign and then run:
cosign verify-blob <file> --bundle <file>.bundle --certificate-identity=david.tarditi@secure-software-development-project.org --certificate-oidc-issuer=https://accounts.google.com
You can install cosign following these directions or from the GitHub releases page for cosign.
To install:
gunzip CheckedC-Clang-12.0.2-Darwin-arm64.tar.gz
tar xf CheckedC-Clang-12.0.0-Darwin.tar
The clang compiler will be located at <your installation directory>/bin/CheckedC-Clang-12.0.0git-Darwin/clang
.
The 3c tool will be located at <your installation directory>/bin/CheckedC-Clang-12.0.0git-Darwin/3c
.
To install:
gunzip CheckedC-Clang-12.0.2-gnu-ubuntu-22.04.tar.gz
tar xf CheckedC-Clang-12.0.0-gnu-ubuntu-22.04.tar
The clang compiler will be located at <your installation directory>/bin/CheckedC-Clang-12.0.0git-Linux/clang
.
The 3c tool will be located at <your installation directory>/bin/CheckedC-Clang-12.0.0git-Linux/3c
.
To install:
...
next to the file name and choose Keep
.Published by sulekhark about 3 years ago
This is a release build of the Checked C Clang compiler for Windows 32-bit and 64-bit platforms. It is for use by developers who want to experiment with the Checked C language extensions to guarantee the type safety of their C code. It is based on the Checked C specification version 0.9, which is also one of the released artifacts.
14th September 2021 CheckedC-Clang-12.0.1-rel3
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C Clang.
See the Checked C Clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C Clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C Clang compiler binary.
Visual Studio 2019 also now directly supports Clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C Clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of Clang.
e
are the bounds (if any) for e
that are currently stored in the checking state._Ptr<T>
or _Nt_array_ptr<T>
that are stored in pointer dereferences or array subscripts.p
is an unchecked pointer with a bounds-safe interface, and p
is never assigned a checked pointer value, then the declared bounds of p
are not validated.if (*p != 0)", "if ((c = *p) == 'a')
, etc.printf
, scanf
, etc that take a format string and have a variable number of arguments. The arguments and format specifiers for these functions are checked. The checking of variadic functions in checked scope follows these rules:
-Wformat
family of flags are errors in checked scope.printf/scanf
, etc is done.printf
-like functions:
%s
is allowed only with argument type _Nt_array_ptr
or _Nt_checked
.%p
is allowed with any argument type.%n
is disallowed.scanf
-like functions:
%s
is disallowed.%p
is disallowed%n
is disallowed_Ptr
argument types are allowed.Checking return bounds
The static checking for bounds declarations has been extended to check the declared bounds for a function. The static checking validates that:
e
is returned from a function f
, the inferred bounds of e
imply the declared bounds of f
.f
are unmodified.For example, consider the following sample program involving declared function bounds:
_Array_ptr<int> f1(_Array_ptr<int> p : count(2),
_Array_ptr<int> q : count(1),
int test) : count(2) {
if (test)
// No errors or warnings.
// bounds(p, p + 2) implies bounds(_Return_value, _Return_value + 2).
return p;
// error: return value bounds do not imply declared return bounds for 'f1'
return q;
}
_Array_ptr<int> f2(int i) : count(i) {
// error: modified expression 'i' used in the declared return bounds for 'f2'
i++;
}
Support for bundled blocks
The compiler now supports the grouping of expression statements and declarations into bundled blocks. Bounds declarations are checked only at the end of bundled blocks. For more details, please refer to Sections 3.5 and 4.7 of the Checked C specification. Given below is an example that illustrates the use of bundled blocks.
#include <string.h>
struct Node {
_Nt_array_ptr<char> name;
unsigned int age;
};
struct Group {
_Array_ptr<struct Node> list : count (n);
unsigned int n;
};
// get the first name that starts with the letters 'Ar'
_Nt_array_ptr<char> get_name(_Array_ptr<struct Group> groups : count(gcnt), unsigned int gcnt)
_Checked {
unsigned int n = 0;
_Array_ptr<struct Node> group : count(n) = 0;
for (int i = 0; i < gcnt; i++) {
_Bundled {
group = groups[i].list;
n = groups[i].n;
}
for (int j = 0; j < n; j++) {
_Nt_array_ptr<char> name = group[j].name;
unsigned int m = strlen(name) _Where name : count(m);
if (m >= 2 && name[0] == 'A' && name[1] == 'r')
return name;
}
}
return "";
}
str
and &str[0]
(fixed by PR #1163).x
and x + 1
(fixed by PR #1162).See the implementation roadmap and status page. Some runtime checks and some static checking is not implemented yet.
Published by sulekhark about 3 years ago
This is a release build of the Checked C Clang compiler for Windows 32-bit and 64-bit platforms. It is for use by developers who want to experiment with the Checked C language extensions to guarantee the type safety of their C code. It is based on the Checked C specification version 0.9, which is also one of the released artifacts.
3rd August 2021 CheckedC-Clang-12.0.1-rel2
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C Clang.
See the Checked C Clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C Clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C Clang compiler binary.
Visual Studio 2019 also now directly supports Clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C Clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of Clang.
PR #1136: Upgrade to LLVM/Clang 12.
PR #1127: Invertibility for unchecked pointers. For example, in a statement p = p + 1
, the inverse of an unchecked pointer p
is p - 1
.
PR #1128: Simple normalizations for +1/-1 bounds scenarios. The bounds checker is able to validate bounds in examples such as:
void f(_Nt_array_ptr<char> p : count(len), unsigned int len) {
if (*(p + len)) {
// The inferred bounds of p are bounds(p, (p + (len - 1)) + 1).
// The bounds checker recognizes that these are equivalent to
// the declared bounds of bounds(p, p + len).
++len;
}
}
PR #1117: Handle incomplete types in BaseRange. If p1
and p2
have the same incomplete type, and c1
and c2
are constants, and p1
is equal to p2
, then bounds(p1, p1 + c1
) implies bounds(p2, p2 + c2)
if and only if c1 >= c2
.
Bounds checking for member expressions
The static checking for bounds declarations has been extended to check the bounds of pointers stored in struct members. For example, consider the following sample program involving variables:
void f(_Array_ptr<int> p : count(len), // note: (expanded) declared bounds are 'bounds(p, p + len)'
_Array_ptr<int> q : bounds(unknown),
unsigned int len) {
// warning: cannot prove declared bounds for 'p' are valid after increment
// note: (expanded) inferred bounds are 'bounds(p, p + len - 1U)'
++len;
// error: inferred bounds for 'p' are unknown after assignment
// note: assigned expression 'q' with unknown bounds to 'p'
p = q;
// no errors or warnings
// inferred bounds of p after the statement are bounds(any)
len = 1, p = 0;
}
The bounds checker exhibits similar behavior in an analogous program involving struct members:
struct S {
_Array_ptr<int> p : count(len); // note: (expanded) declared bounds are 'bounds(s.p, s.p + len)'
_Array_ptr<int> q : bounds(unknown);
unsigned int len;
};
void f(struct S s) {
// warning: cannot prove declared bounds for 's.p' are valid after increment
// note: (expanded) inferred bounds are 'bounds(s.p, s.p + s.len - 1U)'
++s.len;
// error: inferred bounds for 's.p' are unknown after assignment
// note: assigned expression 's.q' with unknown bounds to 's.p'
s.p = s.q;
// no errors or warnings
// inferred bounds of s.p are the statement are bounds(any)
s.len = 1, s.p = 0;
}
PR #1122: Support bounds widening of null-terminated arrays in presence of Where clauses.
We have added support to widen the bounds of a null-terminated array in case its bounds are redeclared using a Where clause. This enables us to widen the bounds of a null-terminated array when its length is obtained using a call to strlen
.
void foo(_Nt_array_ptr<char> p : count(n), unsigned n) {
if (*(p + n)) { // bounds of p widened to bounds(p, p + n + 1)
char x = *(p + n + 1); //valid access
}
int len = strlen(p) _Where p : bounds(p, p + len); // bounds of p redeclared to bounds(p, p + len)
if (*(p + len)) { // bounds of p widened to bounds(p, p + len + 1)
char x = *(p + len + 1); // valid access
}
}
PR #1137: Use invertibility to support bounds widening of null-terminated arrays inside loops.
We have improved support to widen the bounds of a null-terminated array when the elements of the null-terminated array are iterated in a loop.
void foo(_Nt_array_ptr<char> p : count(len), unsigned len) {
while (*(p + len)) { // bounds of p widened to bounds(p, p + len + 1)
if (*(p + len + 1)) { // bounds of p widened to bounds(p, p + len + 2)
len++; // bounds of p adjusted to bounds(p, p + len - 1 + 2)
char x = *(p + len + 1); // valid access
}
}
}
Where clauses can be used to specify program invariants and pre/post conditions. In this release we have added the support for parsing Where clauses in Checked C as part of the ongoing design and implementation of the complete support for Where clauses.
We have added support to parse Where clauses on:
Expression statements
int a;
a = foo() _Where a > 0 _And a < 10;
Variable declarations
int a = b _Where a > 0 _And a < 10;
Parameter declarations
void foo(int a _Where a > 0, int b, int c _Where c < 0);
void bar(_Nt_array_ptr<char> p _Where p: bounds(p, p + len), unsigned len);
void baz(int *p : itype(_Ptr<int>) _Where p != 0);
Null statements
void foo(_Nt_array_ptr<char> p, unsigned len) {
_Where p : bounds(p, p + len);
...
}
See the implementation roadmap and status page. Some runtime checks and some static checking is not implemented yet.
Published by sulekhark over 3 years ago
This is a release build of the Checked C Clang compiler for Windows 32-bit and 64-bit platforms. It is for use by developers who want to experiment with the Checked C language extensions to guarantee the type safety of their C code. It is based on the Checked C specification version 0.9, which is also one of the released artifacts.
7th May 2021 CheckedC-Clang-11.1.0-rel1
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C Clang.
See the Checked C Clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C Clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C Clang compiler binary.
Visual Studio 2019 also now directly supports Clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C Clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of Clang.
e1 ? e2 : e3
are the greatest lower bound of the bounds of e2
and the bounds of e3
.Free variables in bounds checking
The static checking of bounds declarations now detects errors that result from a lack of relational information between variables used in inferred and declared bounds (PR #903).
If the inferred bounds of a variable p
use the value of a variable x
, and:
x
is not equivalent to an integer constant, and:x
and any of the expressions in the declared bounds of p
Then x
is considered a free variable and the compiler will emit an error: "it is not possible to prove that the inferred bounds of 'p' imply the declared bounds of 'p'".
A similar definition applies for variables that appear in the declared bounds of a variable p
and have no relation to the expressions in the inferred bounds of p
.
void f(_Array_ptr<int> p : count(3), _Array_ptr<int> q : bounds(p, p + x), int x) {
// The inferred bounds of p after this assignment are bounds(p, p + x).
// The declared bounds of p are bounds(p, p + 3).
// x is not equivalent to an integer constant.
// There is no relational information between x and any of the expressions
// in the declared bounds of p (bounds(p, p + 3)).
// x is a free variable.
// It is not possible for the compiler to prove that bounds(p, p + x) imply bounds(p, p + 3).
p = q;
}
Implicit inclusion of checked header files
By default, the Checked C Clang compiler implicitly includes the checked counterpart of an included system header file, if one is present. Implicit inclusion can be turned off by compiling with the flag -DNO_IMPLICIT_INCLUDE_CHECKED_HDRS
. In the sample code snippet below, the default behavior is indicated by DEF:<comment> and behavior when implicit inclusion is turned off is indicated by OFF:<comment>.
#include <stdio.h> // DEF: stdio_checked.h is included; OFF: stdio.h is included.
#include <stdlib_checked.h> // DEF: stdlib_checked.h is included; OFF: stdlib_checked.h is included (explicit inclusion overrides).
#include <float.h> // DEF: float.h is included (float_checked.h is not present); OFF: float.h is included.
int main() {
return 0;
}
See the implementation roadmap and status page. Some runtime checks and some static checking is not implemented yet.
Published by kkjeer about 4 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
See the Checked C clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C clang compiler binary.
Visual Studio 2019 also now directly supports clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of clang.
nt_array_ptr
with a bounds-safe interface to a checked nt_array_ptr
is now allowed (see issue #806)._Assume_bounds_cast
to be used for function pointers. An _Assume_bounds_cast
can now be used to convert an unchecked function pointer (including NULL
) to a checked function pointer (see issue #855).The static checking of bounds declarations now makes use of properties of null-terminated arrays to widen the bounds using a dataflow analysis (PR #821). The bounds of a null-terminated array can be widened based on the number of elements read. For example:
nt_array_ptr<T> V : bounds (low, high);
if (*V) { // Ptr dereference is NOT at the current upper bound. No bounds widening.
if (*(V + high)) { // Ptr dereference is at the current upper bound. Widen bounds by 1. New bounds for V are (low, high + 1).
if (*(V + high + 1)) { // Ptr dereference is at the current upper bound. Widen bounds by 1. New bounds for V are (low, high + 2).
if (*(V + high + 2)) { // Ptr dereference is at the current upper bound. Widen bounds by 1. New bounds for V are (low, high + 3).
See the wiki for more information.
The static checking of bounds declarations now uses a bounds context to detect errors that result from updates to variables that are used in declared bounds (PR #853).
If a variable i
used in the declared bounds of variable p
is updated and the value for i
is lost, the bounds of p
are unknown.
int i;
array_ptr<int> p : count(i) = 0;
// The value of i is lost. The bounds for p are now unknown.
i = 0;
If a variable i
used in the declared bounds of variable p
is updated and the previous value v
of i
is known, then v
is substituted for i
in the bounds of p
.
unsigned int i;
array_ptr<int> p : count(i) = 0;
// The previous value of i is i - 1. The bounds for p are now bounds(p, p + i - 1).
i = i + 1;
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.
Published by kkjeer over 4 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
See the Checked C clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C clang compiler binary.
Visual Studio 2019 also now directly supports clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of clang.
We have upgraded to the sources for clang version 9.0.0.
The static checking of bounds declarations now makes use of facts from conditional statements, such as i < j
(PR #657). This results in fewer warnings during bounds declaration checking. See the wiki for more information.
Checked C now supports generic structs and existential structs (PR #683).
A generic struct can be created using an underlying representation type:
struct IntSet _For_any(T) {
T *rep;
void (*add)(T *rep, int x);
void (*rem)(T *rep, int x);
int (*find)(T *rep, int x);
}
The new builtin pack
function can be used to create a existential struct using a generic struct:
exist_type e = _Pack(expr, exist_type, subst_type);
where expr
is an instance of a generic struct.
This work is still missing support for the sizeof(T) constraints, which would allow us to do pointer arithmetic on pointers to T. See the wiki for more information.
We have added a clang static analyzer (SimpleBounds
) to check whether the memory accesses within unchecked code are following the bounds-safe interface. This experimental checker uses the Z3 theorem prover to analyze Checked C bounds expressions and verify memory accesses within unchecked code. See the wiki for more information.
_Dynamic_bounds_cast
or _Assume_bounds_cast
).See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.
Published by dtarditi about 5 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend Visual Studio 2019, which has a free Community version available. Use Visual Studio 2019's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
See the Checked C clang users manual for directions on how to use the compiler.
There are now two ways to use the Checked C clang compiler in Visual Studio. The LLVM project has created a Visual Studio extension. You can use a property page for your project to directly choose the Checked C clang compiler binary.
Visual Studio 2019 also now directly supports clang/LLVM. This blog post describes the support for CMake projects. This blog post describes support for MSBuild projects. If you installed the Checked C clang compiler and added it to your PATH variable, Visual Studio should directly pick it up. Otherwise, you can follow the directions to use a custom installation of clang.
We have upgraded to the sources for clang version 8.0.0.
We implemented the following features:
We added a bounds-safe interface for strdup.
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.
Published by dtarditi almost 6 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend using Visual Studio 2017, which has a free Community version available. Use Visual Studio 2017's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
See the Checked C clang users manual for directions on how to use the compiler.
To change the compiler to Checked C clang in a Visual Studio project, open the project Properties and set "Platform Toolset" to one of the "CheckedC-LLVM" versions in the drop-down. (If there are no CheckedC-LLVM options in the "Platform Toolset" dropdown, try reinstalling Checked C clang.)
Void pointers are a feature in C that can lead to type confusion. Any pointer type can be converted implicitly to a void pointer and a void pointer can be converted implicitly to any pointer types. We took our first steps in this release toward eliminating unsafe uses of void pointers in checked scopes.
We now support declaring existing library functions to have generic bounds-safe interfaces. This causes those functions to be treated as generic functions in checked scopes (or when type arguments are supplied in unchecked scopes). This eliminate the possibility of type confusion errors at calls to those functions.
We updated the Checked C header files to provide generic bound-safe interfaces for memcpy
, bsearch
,
calloc
, malloc
, realloc
, free
, and thrd_create
(PR #315), This means that type arguments must be supplied at calls to those functions in checked scopes.
We improved the Checked C header files. We added bounds-safe interfaces for:
inet_addr
function in arpa\inet.hWe now have two kinds of checked scopes: memory-safe checked scopes (assuming there are no memory management errors) and bounds-only checked scopes. Memory-safe checked scopes will enforce memory safety be requiring bounds-safety and disallowing some kinds of pointer casts. Bounds-only checked scope only enforce that memory accesses are bounds checked. They allow potentially unsafe pointer casts.
In memory-safe checked scopes, we no longer allow implicit conversions to or from void pointers when the non-void pointer type points to data that contains a checked pointer.
We added support for saving/restoring pragma CHECKED_SCOPE
state, using #pragma CHECKED_SCOPE push
, and #pragma CHECKED_SCOPE pop
. This is useful for placing header file declarations in checked scopes, regardless of whether the header file is included in a checked scope or an unchecked scope.
We now insert bounds checks for subscript and pointer dereference operations where the pointer-typed expression is a string or array literal or a pointer derived from a string or array literal (for example, "abcde"[index]
, where index is an integer variable) (PR #561).
Add support for parsing and representing the Return_value
expression (PR #544). We still need to extend inference of bounds and checking of bounds declarations to handle this expression.
Add support for using expression temporaries to track bounds during expression evaluation,. The specification proposes the idea of _Current_expr_value
, but that requires adjustments to recompute a value that was already computed to a temporary (PR #561).
We fixed the following bugs:
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.
Published by dtarditi about 6 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented.
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend using Visual Studio 2017, which has a free Community version available. Use Visual Studio 2017's installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
See the Checked C clang users manual for directions on how to use the compiler.
To change the compiler to Checked C clang in a Visual Studio project, open the project Properties and set "Platform Toolset" to one of the "CheckedC-LLVM" versions in the drop-down. (If there are no CheckedC-LLVM options in the "Platform Toolset" dropdown, try reinstalling Checked C clang.)
We implemented the following static checks required by the language extension:
We made improvements to the Checked C header files for the C standard library:
unistd_checked.h
.strncmp
. strncmp
has different bounds-safe interfaces for _Nt_array_ptr
and array_ptr
arguments. Use the _Nt_array_ptr
interface for strncmp
and provide an alternate inline definition strncmp_array_ptr
for the _Array_ptr
interface..We fixed the following issues:
dynamic_bounds_cast
whose expression argument required a bounds check.We made some internal changes that should not be visible externally:
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.
Published by dtarditi over 6 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented. We do not recommend using this compiler in production environments because core extension features are still under active development.
Clang expects an existing C/C++ compiler before running the installer. If installing on a fresh machine, first install the C/C++ compiler. We recommend using Visual Studio 2017, which has a free Community version available. Use Visual Studio 2017's built in feature installer to ensure a C/C++ compiler and runtime are present before installing Checked C clang.
See the Checked C clang users manual for directions on how to use the compiler.
To change the compiler to Checked C clang in a Visual Studio project, open the project Properties and set "Platform Toolset" to one of the "CheckedC-LLVM" versions in the drop-down. (If there are no CheckedC-LLVM options in the "Platform Toolset" dropdown, try reinstalling Checked C clang.)
BOUNDS_CHECKED
pragma to CHECKED_SCOPE
.See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.
Published by dtarditi over 6 years ago
This is a developer build of the Checked C clang compiler. It is for use by developers who want to try out the Checked C extension while it is being implemented. We do not recommend using this compiler in production environments because core extension features are still under active development.
See the Checked C clang users manual for directions on how to use the compiler.
See the implementation roadmap and status. Some runtime checks and a lot of the static checking is not implemented yet.