Re: Commercial C To Ada 95 compiler

["David Thompson" <david.thompson1@worldnet.att.net>]

Darren New <dnew@san.rr.com> wrote :
> Marin David Condic wrote:
> >
[ about C:  int * p = array; p++; p++; etc. ]
> > Unless my intent was to figure out the address of the thing located just
> > after X - probably Y in this case.
>
> You're allowed to go one past the end in either direction. You're not
> allowed to go two past the end.
>
To be really precise, in Standard/portable C you are allowed to
compute the address (pointer) one-past-the-(right-)end, but not
dereference it.  This allows the common idiom (dating from
before standardization):
  for( p = array; p < array+n; p++ ) do_something_with(*p);
  /* and all variants/isomorphs thereof */

You cannot safely even compute array-1 or array+N+1.
In C89 in theory you cannot even use &array[N] instead of
array+N, because in the abstract semantics this actually
dereferences to form the lvalue before taking its address.
In practice all compiles actually implement &*(array+n)
as array+n and this works because of the memory layout
requirements above, and C99 adds an explicit blessing.

> > The thing is that it isn't really an
> > error until you are trying to de-reference the thing pointed to by Y.
>
> This is what I'm saying. No, that's theoretically incorrect. It *is* an
> error even if you don't try to dereference the thing pointed to by Y. Simply
> doing the arithmetic on Y is in theory erroneous.
>
Right.  As above.

> > Before
> > that its just incrementing a counter - which might be done for all sorts of
> > reasons none of which may have anything to do with the array X.
>
> Well, no, it's incrementing a pointer into the array X. If you were talking
> about using array subscripting, that would be true. But if you're talking
> about incrementing pointers rather than integers, the hardware is allowed to
> enforce (for example) segments of exactly the right size, such that a
> pointer to one chunk of memory is not allowed to point to a different chunk
> of memory via incrementing.
>
And, perhaps slightly more likely, to place an array beginning at
the base of a segment, so that the "-1" address does not exist.
But not to put an array exactly at the end of a segment, or the
end of the address space.  However, there need only be one byte
(perhaps otherwise unused) following the end, whereas supporting
-1 would require a whole array element (possibly quite large)
before the beginning; this asymmetry is often given as the rationale,
in addition to the asymmetry of the idiomatic half-open ranges.

...
> My point is that the C standard says you're *allowed* to implement range
> checking on arrays. In practice, very few do, and in my experience, those
> that do are specifically low-performance debugging type interpreters.
>
Yes.

--
- David.Thompson 1 now at worldnet.att.net