Re: Bounds checked arrays

From: Phil Tregoning (Philip.Tregoning_at_esa.notthisbit.int)
Date: 02/16/04 

Date: 16 Feb 2004 11:27:52 GMT

Martin Dickopp <expires-2004-03-31@zero-based.org> wrote in
news:cunn07l5jjs.fsf@zero-based.org:

> "jacob navia" <jacob@jacob.remcomp.fr> writes:
>
>> As everybody knows, the C language lacks a way of specifying bounds
>> checked arrays.
>
> Yes, but I don't think anything in the C standard /forbits/ an
> implementation to check array bounds. From the point of view of the
> standard, accessing an out of bounds array element causes undefined
> behavior, so the implementation is free to (e.g.) terminate the program.
>
> <OT>
> FWIW, there is or was an attempt to implement bounds checking in the
> GNU C compiler. I don't know what the current state is.
> </OT>

FWIW, the VMS C compiler offers bounds checking as a compiler
option. It only works on real arrays (not pointers). There is
a description of usage and limitations here:

http://h71000.www7.hp.com/commercial/c/docs/5492p002.html#bounds_check_sec

They can be summed up as:

o Only works on real arrays.
o Allows address one-past-the-end to be taken.
o Disables checks on arrays in a struct of size one (to allow the
  "struct hack").
o Each separate subscript is checked in multidimensional arrays
  (so "int a[10][10]; a[0][12] = 0;" counts as out-of-bounds).

If an out-of-bounds access is discovered during compilation the
compiler emits a warning and continues.

If an out-of-bounds access is discovered during run-time the
program exits with a "SYSTEM-F-SUBRNG, arithmetic trap, subscript
out of range at PC..." error (which counts as a SIGFPE signal and
can be trapped).

Because it doesn't work on pointers, I don't find it very useful.

Phil T