Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!dkuug!freja.diku.dk!njk From: njk@diku.dk (Niels J|rgen Kruse) Newsgroups: comp.lang.misc Subject: Re: Pointers as 3-tuples (Re: JLG's flogging of horses (was Re: Relationship between C and C++)) Message-ID: <1990Apr10.215213.18124@diku.dk> Date: 10 Apr 90 21:52:13 GMT References: <19844@megaron.cs.arizona.edu> <14305@lambda.UUCP> <5.Q2H42xds13@ficc.uu.net> Organization: Department Of Computer Science, University Of Copenhagen Lines: 58 peter@ficc.uu.net (Peter da Silva) writes: ->Using the syntax #A as the address of A (since &a now refers to a 3-tuple ->(#a, #a, #a)... ->> t A [N] [M]; /* 2d array of type t */ ->A looks like a tuple (#A[0][0], #A[0][0], #A[N][0]) of type (t (*)[M]). Agreed. ->> t *pA; ->> ... ->> pA = A; ->pA is the same tuple, but now looks like (#(t*)A[0], #(t*)A[0], #(t*)A[M*N]) ->and has the type (t *). ------------------------------------------------------------------------^^^^^ Should be N, otherwise agreed. ->> Now, what bounds are associated with pA under your scheme? N clearly ->> doesn't make sense. But should the bound be M or N*M? Whichever you ->> pick, I'll (sooner or later) want it to be the other. ->It's N*M. If you want it to be M, then you would have said: -> pA = A[0]; ->Since that's a tuple (#A[0][0], #A[0][0], #A[0][M]) with type (t[]). I disagree. It is my impression (i may be wrong), that the bounds of a pointer to a subobject derive from the enclosing object, not from the subobject itself. To test your model of bounds-checking in C, what are the bounds of foo->buf after struct v { int bar; char buf[1]; } *foo; foo = malloc (sizeof (struct v) + 2); ? (ignoring possible allocation failure) Is foo->buf[2] within bounds according to your model? For your convenience, i quote the relevant passage of a summary of X3J11's first meeting in the interpretations phase, which Doug Gwyn was so considerate to post to comp.std.c. (various disclaimers in all caps (not official etc.) deleted) + There are no technical problems with using malloc()ed objects I.e. my dirent implementation is portable: bounds checking is NOT allowed in cases like the common struct record_header {...buffer[1]; /*more than 1 actually allocated*/} technique where the right size is allocated for the buffer in the object via malloc() (as per Karl Heuer's argument). Considering the disclaimers, you might choose to ignore this. ->-- -> _--_|\ `-_-' Peter da Silva. +1 713 274 5180. . ->/ \ 'U` ->\_.--._/ -> v BTW, why to you have a map of Australia in your .sig? (Just curious). -- Niels J|rgen Kruse DIKU Graduate njk@diku.dk