Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!usc!jarthur!nntp-server.caltech.edu!laguna.ccsf.caltech.edu!daveg
From: daveg@near.cs.caltech.edu (Dave Gillespie)
Newsgroups: comp.lang.c
Subject: Re: Array bounds checking with C????
Message-ID: <DAVEG.90Aug31224630@near.cs.caltech.edu>
Date: 1 Sep 90 05:46:30 GMT
References: <7611@ucdavis.ucdavis.edu> <26196@mimsy.umd.edu>
	<988@christopher-robin.cs.bham.ac.uk>
	<MEISSNER.90Aug31102636@osf.osf.org>
Sender: news@laguna.ccsf.caltech.edu
Organization: California Institute of Technology
Lines: 36
In-Reply-To: meissner@osf.org's message of 31 Aug 90 14:26:36 GMT

>>>>> On 31 Aug 90 14:26:36 GMT, meissner@osf.org (Michael Meissner) said:
> In article <988@christopher-robin.cs.bham.ac.uk> cjr@cs.bham.ac.uk
> (Chris Ridd <RiddCJ>) writes:
> |   Why is this?  I never could figure out why accessing the first
> | element *past* the end of an array should be legal.

> So that you can do something like:
>       ...
> 	for (p = &array[0]; p < &array[ARRAY_SIZE]; p++)
> 		*p = '\0';

Also, a pointer to the place just past the end of an array must legally
be allowed to exist, for even more innocuous code like:

	p = array;   /* same as "&array[0]" */
	for (i = 0; i < ARRAY_SIZE; i++)
		*p++ = '\0';

Notice that at the end of this loop, "p" points to an address which
would be illegal to access.  But ANSI requires that such a pointer must
work properly, even though saying "*p" or "p++" at this point is
allowed to delete all your files, launch a nuclear strike, or any
other kind of undefined result.  (Whether I would actually buy a
compiler that did this is another story...)

Since I can produce this legal pointer by saying "p++", it stands to
reason I should also be able to say "p = array + ARRAY_SIZE"; and we
all know this is equivalent in C to "p = &array[ARRAY_SIZE]".  It
would be a shame to let these equivalences break just in this one
special case.

								-- Dave
--
Dave Gillespie
  256-80 Caltech Pasadena CA USA 91125
  daveg@csvax.cs.caltech.edu, ...!cit-vax!daveg