Lower Bounds Inference

[john-h-kastner]

This pull requests extends array bounds inference to support inferring lower bounds for array pointers and inserting using Checked C range bounds.

For example:

char simple_lower_bound(int *a, int l) {
  int *b = a;
  while (b - a < l && *b != 42)
    b++;
  return b - a < l;
}

3C can now infer bounds for b even though a standard count bound would be invalidated by the increment b++.

char simple_lower_bound(_Array_ptr<int> a : count(l), int l) {
  _Array_ptr<int> b : bounds(a, a + l) = a;
  while (b - a < l && *b != 42)
    b++;
  return b - a < l;
}

These bounds are supported even when there is no existing pointer that can be used the as lower bound.

For example:

char introduce_lower_bound(int *a, int l) {
  while (*a != 42) {
    a++;
  }
  return *a == 42;
}

3C will generate a fresh lower bound pointer for a, so that it can use the heuristically inferred length.

char introduce_lower_bound(_Array_ptr<int> __3c_tmp_a : count(l), int l) {
_Array_ptr<int> a : bounds(__3c_tmp_a, __3c_tmp_a + l) = __3c_tmp_a;

  while (*a != 42) {
    a++;
  }
  return *a == 42;
}

---

Actions Run

The failures on libarchive, libtiff, and lua are expected. The lua failure should be fixed; libarchive is a compiler bug; libtiff needs investigation. (libarchive is actually passing on the run, but previous tests have encountered an intermittent core dump caused by uninitialized memory somewhere in the Checked C bounds widening code).

[john-h-kastner]

A couple of tests had significant changes. For example, realloc.c had a count change from 4 to 2.

I've added realloc to the allocater heuristics. This gives better bounds in the realloc.c and realloc_complex.c tests, but drops a bound in basic.c. The bound is dropped because treating using realloc as a heuristic to seed bounds caused a conflict with the prior bound inferred from a malloc. Based on this conflict the array bound inference code decides not to infer any bound.

77905e6