Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!cme!libes
From: libes@cme.nist.gov (Don Libes)
Newsgroups: comp.lang.c
Subject: Re: Array bounds checking with C????
Message-ID: <6055@muffin.cme.nist.gov>
Date: 27 Aug 90 00:17:26 GMT
References: <7611@ucdavis.ucdavis.edu> <26196@mimsy.umd.edu>
Reply-To: libes@cme.nist.gov (Don Libes)
Organization: National Institute of Standards and Technology
Lines: 26

In article <26196@mimsy.umd.edu> chris@mimsy.umd.edu (Chris Torek) writes:
>In article <7611@ucdavis.ucdavis.edu> kuan@iris.ucdavis.edu
>(Frank [Who me?] Kuan) writes:
>>Why is it that most C compilers don't seem to [check array bounds]?
>
>Mostly because it is hard.  Given `int *p', is `p[-1] = 3' valid?
>That depends on the value of p....
>
>There is a company called Saber that produces a product called
>Saber-C that does this and more.  It works quite well, although last
>I had heard it still objected to `&arr[sizeof arr/sizeof *arr]',
>which is Officially Legal.  (Fortunately you can turn off each
>individual objection.)

Saber objects to a lot of things that are legal, but then, so does
lint.  And in most cases, it makes sense to use one of their
directives to explicitly disable the objection.

Saber complains about some things that I think it shouldn't to begin
with, but again so does lint.

I highly recommend Saber.  I don't use it all the time - we have a
limited number of licenses here - but when lint and the debugger fail
me, I pull out Saber.  It's pretty damn useful.

Don Libes          libes@cme.nist.gov      ...!uunet!cme-durer!libes