Merge pull request #72 from qbojj/array-bounds

add sized_by and counted_by annotations

Author: frogrammer9

include/stdbigos/array_sizes.h

@@ -0,0 +1,16 @@
+#ifndef _STDBIGOS_ARRAY_SIZES_H
+#define _STDBIGOS_ARRAY_SIZES_H
+
+#if __has_attribute(__counted_by__)
+	#define __counted_by(member) __attribute__((__counted_by__(member)))
+#else
+	#define __counted_by(member)
+#endif
+
+#if __has_attribute(__sized_by__)
+	#define __sized_by(member) __attribute__((__sized_by__(member)))
+#else
+	#define __sized_by(member)
+#endif
+
+#endif

include/stdbigos/buffer.h

@@ -1,11 +1,12 @@
 #ifndef _STDBIGOS_BUFFER_H
 #define _STDBIGOS_BUFFER_H
 
+#include <stdbigos/array_sizes.h>
 #include <stdbigos/types.h>
 
 typedef struct buffer_t {
-	const void* data;
 	size_t size;
+	const void* data __sized_by(size);
 } buffer_t;
 
 // Helpers to create buffers

src/kernel/memory_management/include/common_types.h

@@ -1,18 +1,18 @@
 #ifndef KERNEL_MEMORY_MANAGEMENT_COMMON_TYPES
 #define KERNEL_MEMORY_MANAGEMENT_COMMON_TYPES
 
-#include <stdbigos/address.h>
+#include <stdbigos/array_sizes.h>
 #include <stdbigos/types.h>
 
 typedef struct {
-	void* addr;
 	size_t size;
+	void* addr __sized_by(size);
 } memory_region_t;
 // memory_region_t represents a contiguous range of valid, addressable memory.
 
 typedef struct {
-	uintptr_t addr;
 	size_t size;
+	uintptr_t addr;
 } memory_area_t;
 // memory_area_t represents a range of memory, which isn't necessarily addressable.
 

src/kernel/memory_management/include/physical_memory/manager.h

@@ -9,8 +9,8 @@
 typedef __phys void* phys_addr_t;
 
 typedef struct {
-	phys_addr_t addr;
 	size_t size;
+	phys_addr_t addr __sized_by(size);
 } physical_memory_region_t;
 
 static inline memory_area_t pmr_to_area(physical_memory_region_t region) {

src/kernel/memory_management/physical_memory/manager.c

@@ -71,7 +71,7 @@ static error_t add_region_pair(memory_region_pair_t regp, memory_region_pair_t*
 
 static error_t find_free_subregion(const memory_area_t* res_regs, u32 count, physical_memory_region_t reg, u32 size,
                                    physical_memory_region_t* regOUT) {
-	*regOUT = (physical_memory_region_t){nullptr, 0};
+	*regOUT = (physical_memory_region_t){0};
 	bool found = true;
 	phys_addr_t reg_end = reg.addr + reg.size;
 	while (reg.addr < reg_end) {
@@ -111,7 +111,7 @@ error_t phys_mem_init(physical_memory_region_t prim_reg, const memory_area_t* re
 		               "permitted, but is probably a mistake!");
 	}
 #endif
-	physical_memory_region_t res_regs_alloc_region = {nullptr, 0};
+	physical_memory_region_t res_regs_alloc_region = {0};
 	error_t err = find_free_subregion(res_regs, res_regs_count, prim_reg, _4kB, &res_regs_alloc_region);
 	if (err)
 		KLOG_DO_RETURN(err, KLRF_TRACE_ERR | KLRF_END_BLOCK);
@@ -131,7 +131,7 @@ error_t phys_mem_init(physical_memory_region_t prim_reg, const memory_area_t* re
 	if (err)
 		KLOG_DO_RETURN(err, KLRF_TRACE_ERR | KLRF_END_BLOCK);
 
-	physical_memory_region_t allocation_regions = {nullptr, 0};
+	physical_memory_region_t allocation_regions = {0};
 	err = find_free_subregion(reserved_areas_array, g_reserved_regions.count, prim_reg, _4kB, &allocation_regions);
 	if (err)
 		KLOG_DO_RETURN(err, KLRF_TRACE_ERR | KLRF_END_BLOCK);
@@ -154,7 +154,7 @@ error_t phys_mem_add_region(physical_memory_region_t reg) {
 	KLOGLN_TRACE("Adding a region [%p - %p] to physical memory manager...", reg.addr, reg.addr + reg.size);
 	memory_area_t* reserved_areas_array = get_reserved_areas_array();
 	size_t header_size = pmallocator_get_header_size(pmr_to_area(reg));
-	physical_memory_region_t header_reg = {nullptr, 0};
+	physical_memory_region_t header_reg = {0};
 	KLOGLN_TRACE("Allocating header region...");
 	error_t err = find_free_subregion(reserved_areas_array, g_reserved_regions.count, reg, header_size, &header_reg);
 	if (err)