My static C bounds checker extension merged into OpenBSD (via) / Jun 2003
After many rounds of review and helpful feedback from fellow developers, I merged my GCC static bounds checking extension into OpenBSD today!
Introduce a simple static checker for making sure that the bounds length passed to common functions such as strlcpy/strlcat match the real length of the buffer. It also checks to make sure that the bound length was not incorrectly derived from a sizeof(pointer) operation.
Functions must be marked with the new attribute bounded, and warnings are turned on by -Wbounded. Specifying -Wformat also enables bounds checking for scanf(3) bounds to '%s' format variables. -Wall now turns on -Wbounded also.
The checking is pretty limited right now to constant parameters, and the buffers must be statically declared, and not inside a record type. This simple checking still found hundreds of bugs around the ports tree though, and there have been no false positive warnings.
You can read more details in the gcc-local(1) manual page as well.
notes