Path: utzoo!yunexus!geac!daveb From: daveb@geac.UUCP (David Collier-Brown) Newsgroups: comp.lang.c Subject: Re: data validation (really a sidebar on implementation) Message-ID: <3116@geac.UUCP> Date: 2 Aug 88 12:50:44 GMT Article-I.D.: geac.3116 References: <24593@think.UUCP> Organization: GEAC Computers, Toronto, CANADA Lines: 49 > In article <3084@geac.UUCP> daveb@geac.UUCP (David Collier-Brown) writes: >> This is for a machine [Multics] which happily passes descriptors of arrays >>around, and manages to bounds-check array references in parallell >>with the fetch. From article <24593@think.UUCP>, by barmar@think.COM (Barry Margolin): > Sorry, but this is not true. None of the hardware architectures that > Multics was implemented on had parallel array-bounds checking. There > was an option to the PL/I compiler that caused it to include > bounds-checking code before all array references. Well, it may not appear to check, but it sure did in practice! We lost a (large, scientific-applications) sale because we couldn't get a benchmark to run due to its addressing a large array out of its bounds, and therefore could not run the benchmark "as written". In fact, it was explained that the array in question was extremely large and had to be defined as a segment... > Perhaps David is thinking of segment bounds checking. [...] it is > possible to set the maximum length of a segment to the length of the > array it contains. This will cause an error if the application > attempts to reference too far into the segment. Using this feature > requires explicit use of segments. Most applications simply allocate > arrays from the heap using the PL/I "allocate" statement ... for the FORTRAN program in use. FORTRAN only used a subset of the standard parameter-passing mechanism, and caused screams of "but it **can't** be checking the array bounds, FORTRAN doesn't know how to find that part of the parameter list", which slowed down the identification of the problem a lot. Sufficient that they didn't come up with a work-around in time. You can do this on GCOS now, by the way, by "shrinking" a descriptor around an existing, normally allocated, array. But that's a different story entirely... None of the 'buns will address-check non-array variables without lots of special incantations, which sounded like what I was saying. 'Taint so! And I'm sorry if I made it sound like it was. --dave -- David Collier-Brown. {mnetor yunexus utgpu}!geac!daveb Geac Computers Ltd., | Computer science loses its 350 Steelcase Road, | memory, if not its mind, Markham, Ontario. | every six months.