Array bounds checking with C????
Niels J|rgen Kruse
njk at diku.dk
Thu Aug 30 23:45:37 AEST 1990
steve at taumet.com (Stephen Clamage) writes:
>There is nothing to prevent the C compiler from carrying around enough
>information with arrays and pointers to detect those problems at runtime
>which cannot be found at compile time. (...)
>if possible, at run time otherwise. This approach is in fact implemented
>in some compilers.
>--
Oh. Which ones?
Assume the following code:
char *a,*c; double *b,d[17/sizeof(double)];
if (a = malloc (17)) {
b = (double *)a;
c = (char *)b;
/* A */
}
At location A, a[16] is of course legal and a + 17 is
computable but not dereferenceable. Also, it is obvious that
b[17/sizeof(double) - 1] is legal and b + 17/sizeof(double) is
computable but not dereferenceable. But what about c?
Is c[16] legal? Note that c[16] does not constitute part of
any double within bounds of b (unless sizeof(double) == 17 or 1).
What kind of object is b pointing to? How does it differ from
the object pointed to by (d+0)?
What does your bounds-checking C compiler have to say?
What does the standard say?
--
Niels J|rgen Kruse DIKU Graduate njk at diku.dk
More information about the Comp.lang.c
mailing list