Do not emit return bounds checking warnings or errors in certain contexts for bounds-safe interfaces

[secure-sw-dev-bot]

This issue was copied from checkedc/checkedc-clang#1157

---

If we have a function whose return bounds are specified via a bounds-safe interface, e.g.

int *f(int *p, int *q : count(3), int test) : count(4) {
  ...
} 

If a return statement within the body of f occurs within an unchecked scope and:

1. The return value has unchecked pointer type, or:
2. The return value has a bounds-safe interface, then:

The compiler should not emit any errors or warnings that would otherwise result from checking that the bounds of the return value imply the declared bounds of f.

For example, in the function below, return p should not result in any errors even though the bounds of p are bounds(unknown). return q should not result in any errors even though the bounds of q (bounds(q, q + 3)) are too narrow for the declared bounds of f (bounds(_Return_value, _Return_value + 4)).

int *f(int *p, int *q : count(3), int test) : count(4) _Unchecked {
  if (test > 0)
    return p;
  else
    return q;
}

However, if a return statement within the body of f occurs within an unchecked scope and the return value has checked pointer type, the compiler should emit any errors or warnings that result from checking that the bounds of the return value imply the declared bounds of f.

For example, in the function below, return r should result in an error since the bounds of r are unknown. return s should result in an error since the bounds of s (bounds(s, s + 3)) are too narrow for the declared bounds of f (bounds(_Return_value, _Return_value + 4)).

int *f(_Array_ptr<int> r : bounds(unknown), _Array_ptr<int> s : count(3), int test) : count(4) _Unchecked {
  if (test > 0)
    return r;
  else
    return s;
}