Re: Bounds checked arrays

From: Dan Pop (Dan.Pop_at_cern.ch)
Date: 02/16/04

• Next message: Marcia Hon: "Losing a variable"
• Previous message: *** T. Winter: "Re: Requirements of floating point comparisons"
• In reply to: jacob navia: "Bounds checked arrays"
• Next in thread: Keith Thompson: "Re: Bounds checked arrays"
• Reply: Keith Thompson: "Re: Bounds checked arrays"
• Reply: Rob Thorpe: "Re: Bounds checked arrays"
• Reply: Dave Thompson: "Re: Bounds checked arrays"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 16 Feb 2004 14:38:33 GMT

In <c0m3sa$96g$1@news-reader5.wanadoo.fr> "jacob navia" <jacob@jacob.remcomp.fr> writes:

>As everybody knows, the C language lacks
>a way of specifying bounds checked arrays.

And there is a fundamental reason for that: the C's ability to alias
everything with character pointers renders the problem practically
insolvable.

Consider the trivial example:

    char a[5][3], *p = (char *)a + 10;

What should be the limits of p and why? Things get even cloudier when
dealing with pointers that alias arrays embedded into structures:

    struct foo {
        int i;
        char a[10];
        double x;
    } bar;

    char *p = (char *)&bar + offsetof(struct foo, a) + 5;

Is p bounded by the array a or by the struct foo? If the compiler doesn't
read the programmer's mind properly, it will either generate an undesired
alert or quietly allow an out of bounds access.

Or how about unions:

    union foo {
        char a[10];
        int i[10];
        float x[10];
    } bar;

    char *p = (char *)&bar + 5;

Bound checking is well defined on most languages which either don't
support pointers at all (Fortran <= F77) or have a very restricted notion
of pointers (Fortran >= F90 and Pascal).

In C, limiting the bound checking to expressions containing the array
identifier itself is far from providing any kind of safety (think buffer
overflows a la gets) and going beyond this is incredibly difficult for
reasons partly described above.

There is also the library issue: each implementation would have to come
with two versions of the libraries: with bound checking and without.
Otherwise, inserting checks only in the user code is not enough (again,
think gets).

Sorry, but C isn't the language for people needing bound checking.
Unfortunately, far too many such people do program in C... And even if
bound checking is eventually introduced, most of those people would
be the last ones to enable it in their code ;-)

But feel free to experiment with it in your compiler and see what
happens.

Dan

-- 
Dan Pop
DESY Zeuthen, RZ group
Email: Dan.Pop@ifh.de

---

• Next message: Marcia Hon: "Losing a variable"
• Previous message: *** T. Winter: "Re: Requirements of floating point comparisons"
• In reply to: jacob navia: "Bounds checked arrays"
• Next in thread: Keith Thompson: "Re: Bounds checked arrays"
• Reply: Keith Thompson: "Re: Bounds checked arrays"
• Reply: Rob Thorpe: "Re: Bounds checked arrays"
• Reply: Dave Thompson: "Re: Bounds checked arrays"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)