← Back to context

Comment by 1718627440

3 months ago

In C I am responsible to tell the compiler where my arrays end. How is it supposed to know how many arrays there are in an allocation? Why should the compiler trust one expression about the size, but not the other? If I would want to limit memcpy by the size of the destination, I could write memcpy(dest, src, MAX(dest_size, ...)) instead, but I don't want that most of the time.

1 comment

1718627440

Reply
rurban  3 months ago

The compiler knows about the sizes by either statically allocated sizes (_FORTIFY_SOURCE=2, __builtin_object_size) or malloc'ed sizes (_FORTIFY_SOURCE=3, __builtin_dynamic_object_size). See e.g. https://developers.redhat.com/articles/2022/09/17/gccs-new-f...

Since the user is mostly wrong with memory bounds, the compiler checks it also. And with clang even allows user-defined warnings.

We all known that C programmers know it better, and hate bounds-checks, that's why there are so many out-of-bounds errors still.