From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: f849b,b8d52151b7b306d2
X-Google-Attributes: gidf849b,public
X-Google-Thread: 103376,a00006d3c4735d70
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-12-30 09:10:15 PST
Path: 
 archiver1.google.com!news2.google.com!newsfeed2.dallas1.level3.net!news.level3.com!priapus.visi.com!orange.octanews.net!news.octanews.net!zeus.visi.com!news-out.visi.com!petbe.visi.com!eusc.inter.net!newsfeed01.sul.t-online.de!newsmm00.sul.t-online.com!t-online.de!news.t-online.com!not-for-mail
From: Martin Krischik <krischik@users.sourceforge.net>
Newsgroups: comp.arch.embedded,comp.lang.ada
Subject: Re: Certified C compilers for safety-critical embedded systems
Followup-To: comp.arch.embedded,comp.lang.ada
Date: Tue, 30 Dec 2003 17:15:23 +0100
Organization: AdaCL
Message-ID: <1185052.YUFk6T42u7@linux1.krischik.com>
References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com>
 <$km9afA3DB7$EAYO@phaedsys.demon.co.uk>
 <bcEFNEK9esyI@eisner.encompasserve.org>
 <p$OIcVFWHL7$EA6t@phaedsys.demon.co.uk>
 <wccekur4151.fsf@shell01.TheWorld.com>
 <Xns945DE49836882jimmaureenrogers@204.127.36.1>
 <3ff0686d.528369824@News.CIS.DFN.DE> <bsq5du$oit$1@pcls4.std.com>
Reply-To: krischik@users.sourceforge.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7Bit
X-Trace: news.t-online.com 1072804190 01 7494 1YGvG6rlRGUGSoVx 031230 17:09:50
X-Complaints-To: usenet-abuse@t-online.de
X-ID: TFO2MEZbgevdveXvhN4n5+cDcTTqVvB9aGrIo4IdHc9v62Yi5K2Ekd
User-Agent: KNode/0.7.2
Xref: archiver1.google.com comp.arch.embedded:6362 comp.lang.ada:3953
Date: 2003-12-30T17:15:23+01:00
List-Id: <comp.lang.ada>

Alex Colvin wrote:

>>[...]
>>>The C standard explicitly permits accessing one element beyond the end
> 
> not exactly. it permits addressing one beyond the end, but not accessing
> so
> int a[10], *after = &a[10];
> is OK, but
> a[10]++
> isn't

But the compiler won't isue an exception when you actualy do. First C does
not have exception handling (Ada has) and then it just not allowed but
almost no compiler will stop you doing it Especialy when a function call is
in between declaration and use.

> 
> The rule lets you do bounds checks on pointers, even with empty ranges.


With Regards


Martin

-- 
mailto://krischik@users.sourceforge.net
http://www.ada.krischik.com