Is &a[NTHINGS] legal
Henry Spencer
henry at utzoo.uucp
Fri May 6 05:49:16 AEST 1988
> I don't see that there should be any bounds checking until the pointer
> or address is dereferenced. Doing a check is of dubious use and will
> probably break as many valid programs as it helps.
The issue is not whether checks should be inserted deliberately, but whether
the hardware will even permit out-of-range pointers to be computed (with
meaningful results). For example, if we assume a segmented architecture
in which pointer arithmetic affects only the offset part of the pointer,
with overflow simply wrapping around, the value of &a[10000] may well be
*less* than the value of &a[1]. Or the overflow might cause a trap, in
which case the value is not computable at all. Short of making pointer
arithmetic much slower, there may be NO WAY TO AVOID THIS.
This isn't imaginary. I know of at least one machine (not a common one)
in which pointer arithmetic was strictly offset arithmetic, with no carry
into the segment part; I don't remember whether overflow was trapped.
Code which computes &array[n], where array is of size m, and n < 0 or n > m
(ANSI having legitimized n == m), is not portable. Period.
--
NASA is to spaceflight as | Henry Spencer @ U of Toronto Zoology
the Post Office is to mail. | {ihnp4,decvax,uunet!mnetor}!utzoo!henry
More information about the Comp.lang.c
mailing list