An object that is accessed through a restrict-qualified pointer has a special association with that pointer. This association requires that all accesses to that object use, directly or indirectly, the value of that particular pointer. The intended use of the restrict qualifier is to promote optimization, and deleting all instances of the qualifier from a program does not change its meaning (that is, observable behavior). In the absence of this qualifier, other pointers can alias this object. Cacheing Caching the value in an object designated through a  restricta restrict-qualified pointer is safe at the beginning of the block in which the pointer is declared, because no pre-existing aliases may also be used to reference that object. The cached value must be restored to the object by the end of the block, where pre-existing aliases again become available. New aliases may be formed within the block, but these must all depend on the value of the restrict-qualified pointer, so that they can be identified and adjusted to refer to the cached value. For a  restricta restrict-qualified pointer at file scope, the block is the body of each function in the file [Douglas Walls 2006]. Developers should be aware that the C++ does not support the the restrict qualifier, however, some C++ compiler vendor support vendors support a equivalent qualifier. 

Overlapping Objects

The restrict qualifier requires that the pointers do not reference overlapping objects. If the objects referenced by arguments to functions overlap (meaning the objects share some common memory addresses), the behavior is undefined.

...

int * a;
int * b;

extern int c[];
 
int main(void) {
  c[0] = 17; 
  c[1] = 18;
  a = &c[0]; 
  b = &c[1];
  a = b; /* valid defined behavior */

  ...
}

...

restrict-qualified pointers Function Parameters

 When When calling functions that have restrict qualified function parameters important that pointers do not reference overlapping objects If one or more of the objects modify memory. Thus it is important to understand the semantics of the function being called.

...

In this noncompliant code example, the function f() accepts three parameters.   The function copies copies n integers from the int arrray array referenced by the restrict-qualified pointer p to the int array referenced by the restrict-qualified pointer q.    Because Because the object is modified during each execution of the function (for which n is nonzero), if an object is accessed through one of the pointer parameters it cannot also be accessed through the other.  Declaring  Declaring these function parameters as restrict-qualified pointers allows aggressive optimization by the compiler but can also result in undefined behavior if these pointers refer to overlapping objects.

void f(size_t n, int * restrict p, int * restrict q) {
  while (n-- > 0)
    *p++ = *q++;
}
 
void g(void) {
  extern int d[100];

  /* ... */
  f(50, d + 1, d); /* undefined behavior */
}

The function g() declares an array d consisting of 100 int values and then invokes f() to copy memory from one area of the array to another. This call has undefined behavior because each of d[1] through d[49]  is accessed through both p  and q .

...

In this compliant solution, the function f() is unchanged but the programmer has ensured that none of the calls to f() result in undefined behavior.  The  The call of f() in g() is valid because the storage is allocated to d is effectively divided into two disjoint objects.

...

In this noncompliant code example, the function function h() adds the integer array referenced by the the restrict-qualified pointers pointers q to the integer array referenced by the the restrict-qualified pointer r and pointer r and stores the result in the restrict-qualified pointer referenced by p.   The the call The call h(100, a, a, a) has undefined behavior because the object modifed by modified by p is accessed by by q and r. 

void h(size_t n, int * restrict p, int * restrict q, int * restrict r) {
  for (size_t i = 0; i < n; i++)
    p[i] = q[i] + r[i];
}
 
void j(void) {

  int a[100]; 
  h(100, a, a, a); /* undefined behavior */
}

...

In this compliant solution, an unmodified object is aliased through two restricted pointers. Because a  and Because a and b are disjoint arrays, a call of the form h(100, a, b, b)  has has defined behavior, because array array b is not modified within function h function h.

void h(size_t n, int * restrict p, int * restrict q, int * restrict r) {
  for (size_t i = 0; i < n; i++)
    p[i] = q[i] + r[i];
}
 
void j(void) {
   int a[100]; 
   int b[100];
   h(100, a, b, b); /* valid defined behavior  */
}

Invoking Library Functions with restrict-qualified Pointers

Ensure that restrict-qualified source and destination pointers do not reference overlapping objects when invoking library functions. The standard library functions shown below copy memory from a source object referenced by a restrict-qualified pointer to a destination object that is also referenced by a restrict-qualified pointer: 

void *memcpy(
  void * restrict s1,
  const void * restrict s2,
  size_t n
);
 
char *strcpy(
  char * restrict s1,
  const char * restrict s2
);
 
char *strncpy(
  char * restrict s1,
  const char * restrict s2,
  size_t n
);

char *strcat(
  char * restrict s1,
  const char * restrict s2
);
 
char *strncat(
  char * restrict s1,
  const char * restrict s2, 
  size_t n
);

The Annex K Bounds-checking interfaces functions shown below also copy memory from a source object referenced by a restrict-qualified pointer to a destination object that is also referenced by a restrict-qualified pointer:

errno_t memcpy_s(
  void * restrict s1, 
  rsize_t s1max,
  const void * restrict s2, 
  rsize_t n
);
 
errno_t strcpy_s(
  char * restrict s1,
  rsize_t s1max,
  const char * restrict s2 
);
 
errno_t strncpy_s(
  char * restrict s1,
  rsize_t s1max,
  const char * restrict s2,
  rsize_t n
);

errno_t strcat_s(
  char * restrict s1,
  rsize_t s1max,
  const char * restrict s2
);
 
errno_t strncat_s(
  char * restrict s1,
  rsize_t s1max,
  const char * restrict s2,
  rsize_t n
);
 
char *strtok_s(
  char * restrict s1,
  rsize_t * restrict s1max,
  const char * restrict s2,
  char ** restrict ptr
);

...

Similar solutions using memmove() can replace the string functions as long as care is taken regarding the byte size of the characters and proper null-termination of the copied string.

Calling Functions with restrict-qualified Pointer to a const-qualified Type 

Ensure that functions that accept a restrict-qualified pointer to a const-qualified type do not modify the object referenced by that pointer. Formatted input and output standard library functions frequently fit this descriptoindescription. The following is a list of the common functions where the format argument is a restrict-qualified pointer to a const-qualified type:

...

For formatted output functions such as printf(), it is unlikely that a programmer would modify the format string.  However, an attacker may attempt this if a program violates FIO30-C. Exclude user input from format strings and passes tainted values as part of the format string. 

...

In this noncompliant code example, the programmer is attempting to overwrite the format string with a string value read in from stdin such as "%d%f 1 3.3"  , and use the resulting modified string of "%s%d%f" to input the subsequent values of 1 and 3.3: 

#include <stdio.h>
/* ...  */
char format[100] = "%s";
int i; 
float x;
int n = scanf(format, format + 2, &i, &x); /* undefined behavior */

...

#include <stdio.h>
/* ... */
int i; 
float x;
int n = scanf("%d%f", &i, &x); /* valid defined behavior  */ 

Outer to-inner assignments between restricted pointers

...

 {
  int * restrict p1;
  int * restrict q1;

  int * restrict p2 = p1; /* undefined behavior */ 
  int * restrict q2 = q1; /* undefined behavior */ 
 }

...

Compliant Solution 

The same results can be achieved using a inner nested block as shown in this compliant solution.

...