Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!usc!brutus.cs.uiuc.edu!psuvax1!rutgers!texbell!sugar!ficc!peter
From: peter@ficc.uu.net (Peter da Silva)
Newsgroups: comp.std.c
Subject: Re: a[], *p: if 0 <= p - a < sizeof(a), must p point to an element of a?
Message-ID: <CD.532xds13@ficc.uu.net>
Date: 8 Jan 90 21:27:09 GMT
References: <875@stealth.acf.nyu.edu> <1990Jan5.040710.23691@twwells.com> <1978@stealth.acf.nyu.edu>
Reply-To: peter@ficc.uu.net (Peter da Silva)
Distribution: usa
Organization: Xenix Support, FICC
Lines: 22

Here is a real-life example of a system wherein an optimising compiler
could fail to tell whether a pointer pointed into an array: the famous
intel 8086 family.

Suppose a is XXXX:AAAA through XXXX:BBBB (segment XXXX, offset AAAA through
BBBB).

Suppose p is YYYY:CCCC

Suppose AAAA < CCCC < BBBB.

Since pointer subtraction is only defined within an object, the compiler is
free to evaluate !p-a! by comparing only the offset portions of the
address. !p-a! will evaluate to !(CCCC-AAAA)/sizeof *p!, which is positive
and less than !sizeof a/sizeof *a!.

But !p! doesn't even point into the same segment as !a!. More complex,
in 8086 mode segments may overlap, so !p! may actually point into !a!
but in a different place than !a[p-a]!.

There's no way around this for a segmented architecture, except synthesising
your pointer operations. Not a good idea if you want performance.
-- 
 _--_|\  Peter da Silva. +1 713 274 5180. <peter@ficc.uu.net>.
/      \ Also <peter@ficc.lonestar.org> or <peter@sugar.lonestar.org>
\_.--._/
      v  "Have you hugged your wolf today?" `-_-'