Conversions from nt_array_ptr to const array_ptr

[dtarditi]

Currently, when an nt_array_ptr<T> is converted to const array_ptr<T>, the bounds remain unchanged. We could allow the bounds to be widened by 1, which would avoid some off-by-one problems involving functions that take array_ptr. We can widen the bounds by 1 to include the nul-terminator, which in theory the code shouldn't write to because it could declared the value to be const.

Consider, for example, memcpy of a string to another buffer.

void *memcpy(void * restrict dest : byte_count(n),
             const void * restrict src : byte_count(n),
             size_t n) : bounds(dest, (_Array_ptr<char>) dest + n);

If we want to copy a string s to an array_ptr buffer large enough to hold the string and the null character, we'll find with the current rules that we can copy everything but the null character.

An issue is that programmers have been known to cast away const-ness and compilers only warn about that . For checked code, we'd have to make casting away const-ness for an error.

[mwhicks1]

Seems reasonable to me. I have seen a few cases where const is cast away in vsftpd but I think we could fix those.