[BoundsSafety] Add build settings to control the bounds check mode for -fbounds-safety
#825
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…r `-fbounds-safety` This patch introduces two new build settings The first is `CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS`. This setting can be used to control which new bounds checks are enabled. It takes two special values: 1. `none` - This disables all the new bounds checks. This corresponds to `-fno-bounds-safety-bringup-missing-checks`. 2. `default` - This will use the compiler default (i.e. the build system won't pass the `-fbounds-safety-bringup-missing-checks=` flag). If the build setting value is not any of the special values it is passed directly as an argument to `-fbounds-safety-bringup-missing-checks=`. This allows enabling a specific set of checks. E.g.: ``` CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS=access_size,return_size ``` would pass `-fbounds-safety-bringup-missing-checks=access_size,return-size`. The second build setting is `CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS_OPT_OUTS`. This setting is intended to complement the previous build setting by providing a way to opt out of specific bounds checks. E.g.: ``` CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS=batch_0 CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS_OPT_OUTS=access_size ``` This is equivalent to ``` -fbound-safety-bringup-missing-checks=batch_0 -fno-bounds-safety-bringup-missing-checks=access_size ``` This opts the compilation unit into all checks in the `batch_0` group except the `access_size` bounds check. These new build settings only apply when all of the following are true: * `CLANG_ENABLE_BOUNDS_SAFETY` or `CLANG_ENABLE_BOUNDS_ATTRIBUTES` is enabled. * For C source files The existing `boundsSafetyCLanguageExtension` test case has been modified to test the behavior of these new flags. rdar://161599307
delcypher
requested review from
aciidgh,
jakepetroules,
mhrawdon,
neonichu and
owenv
as code owners
owenv
approved these changes
Sep 29, 2025
|
@swift-ci test |
|
There are some CI failures. I'm not sure they are related to my PR This is for the Test / macOS (Xcode 26.0 - sequoia - ARM64) configuration. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch introduces two new build settings
The first is
CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS. This setting can be used to control which new bounds checks are enabled. It takes two special values:none- This disables all the new bounds checks. This corresponds to-fno-bounds-safety-bringup-missing-checks.default- This will use the compiler default (i.e. the build system won't pass the-fbounds-safety-bringup-missing-checks=flag).If the build setting value is not any of the special values it is passed directly as an argument to
-fbounds-safety-bringup-missing-checks=. This allows enabling a specific set of checks. E.g.:would pass
-fbounds-safety-bringup-missing-checks=access_size,return-size.The second build setting is
CLANG_BOUNDS_SAFETY_BRINGUP_MISSING_CHECKS_OPT_OUTS. This setting is intended to complement the previous build setting by providing a way to opt out of specific bounds checks. E.g.:This is equivalent to
This opts the compilation unit into all checks in the
batch_0group except theaccess_sizebounds check.These new build settings only apply when all of the following are true:
CLANG_ENABLE_BOUNDS_SAFETYorCLANG_ENABLE_BOUNDS_ATTRIBUTESis enabled.The existing
boundsSafetyCLanguageExtensiontest case has been modified to test the behavior of these new flags.rdar://161599307