Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!rpi!sci.ccny.cuny.edu!phri!cmcl2!stealth.acf.nyu.edu!brnstnd
From: brnstnd@stealth.acf.nyu.edu
Newsgroups: comp.lang.misc
Subject: Re: Pointers as 3-tuples
Message-ID: <3557:Apr1423:09:5990@stealth.acf.nyu.edu>
Date: 14 Apr 90 23:09:59 GMT
References: <19844@megaron.cs.arizona.edu> <14305@lambda.UUCP> <5.Q2H42xds13@ficc.uu.net> <1990Apr10.215213.18124@diku.dk>
Reply-To: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Distribution: usa
Organization: IR
Lines: 17
X-Original-Subject: Re: JLG's flogging of horses

In article <1990Apr10.215213.18124@diku.dk> njk@diku.dk (Niels J|rgen Kruse) writes:
> > To test your model of bounds-checking in C, what are the bounds of
> >         foo->buf
> > after
> >         struct v { int bar; char buf[1]; } *foo;
> >         foo = malloc (sizeof (struct v) + 2);

malloc() returns a char pointer bounded between the bottom and the top
of the allocated memory. foo then gets a struct v pointer with the same
bounds. buf is an end-of-structure array (hooray for this special case)
and hence is (when used as a pointer) a char pointer with lower bound
sizeof(int) + (char *) foo and upper bound the end of foo.

This works perfectly. ANSI's pointer semantics could be defined solely
in terms of (pointer,lower,upper).

---Dan