Newsgroups: comp.lang.c
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Is &a[NTHINGS] legal
Message-ID: <1988May5.194916.1971@utzoo.uucp>
Organization: U of Toronto Zoology
References: <12074@tut.cis.ohio-state.edu>, <10716@steinmetz.ge.com>
Date: Thu, 5 May 88 19:49:16 GMT

> I don't see that there should be any bounds checking until the pointer
> or address is dereferenced. Doing a check is of dubious use and will
> probably break as many valid programs as it helps.

The issue is not whether checks should be inserted deliberately, but whether
the hardware will even permit out-of-range pointers to be computed (with
meaningful results).  For example, if we assume a segmented architecture
in which pointer arithmetic affects only the offset part of the pointer,
with overflow simply wrapping around, the value of &a[10000] may well be
*less* than the value of &a[1].  Or the overflow might cause a trap, in
which case the value is not computable at all.  Short of making pointer
arithmetic much slower, there may be NO WAY TO AVOID THIS.

This isn't imaginary.  I know of at least one machine (not a common one)
in which pointer arithmetic was strictly offset arithmetic, with no carry
into the segment part; I don't remember whether overflow was trapped.

Code which computes &array[n], where array is of size m, and n < 0 or n > m
(ANSI having legitimized n == m), is not portable.  Period.
-- 
NASA is to spaceflight as            |  Henry Spencer @ U of Toronto Zoology
the Post Office is to mail.          | {ihnp4,decvax,uunet!mnetor}!utzoo!henry