From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,32cfbb718858528b
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-06-21 10:23:15 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!wn1feed!worldnet.att.net!bgtnsc04-news.ops.worldnet.att.net.POSTED!not-for-mail
From: "David Thompson" <david.thompson1@worldnet.att.net>
Newsgroups: comp.lang.ada
References: <dbc393a265e1307a9c6c5e2e9745faf1.86200@mygate.mailgate.org>
 <3D002D11.CC706952@adaworks.com> <ppIBFZ2aI1Vx@eisner.encompasserve.org>
 <4519e058.0206071148.9b87acf@posting.google.com>
 <3D0116F3.7254E263@despammed.com>
 <XIeM8.136874$ux5.183535@rwcrnsc51.ops.asp.att.net>
 <3D018106.6080004@worldnet.att.net> <3D022877.B3B5CD3A@adaworks.com>
 <slrnag4acc.3fs.randhol+abuse@kiuk0156.chembio.ntnu.no>
 <ae2a2v$bi9$1@nh.pace.co.uk> <3D053737.476B8185@san.rr.com>
 <ae4suf$6uo$1@nh.pace.co.uk> <3D076BFC.92A8F9C5@san.rr.com>
Subject: Re: Commercial C To Ada 95 compiler
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: <7iJQ8.47608$LC3.3639376@bgtnsc04-news.ops.worldnet.att.net>
Date: Fri, 21 Jun 2002 17:23:15 GMT
NNTP-Posting-Host: 12.89.150.10
X-Complaints-To: abuse@worldnet.att.net
X-Trace: bgtnsc04-news.ops.worldnet.att.net 1024680195 12.89.150.10 (Fri,
 21 Jun 2002 17:23:15 GMT)
NNTP-Posting-Date: Fri, 21 Jun 2002 17:23:15 GMT
Organization: AT&T Worldnet
Xref: archiver1.google.com comp.lang.ada:26570
Date: 2002-06-21T17:23:15+00:00
List-Id: <comp.lang.ada>

Darren New <dnew@san.rr.com> wrote :
> Marin David Condic wrote:
> >
[ about C:  int * p = array; p++; p++; etc. ]
> > Unless my intent was to figure out the address of the thing located just
> > after X - probably Y in this case.
>
> You're allowed to go one past the end in either direction. You're not
> allowed to go two past the end.
>
To be really precise, in Standard/portable C you are allowed to
compute the address (pointer) one-past-the-(right-)end, but not
dereference it.  This allows the common idiom (dating from
before standardization):
  for( p = array; p < array+n; p++ ) do_something_with(*p);
  /* and all variants/isomorphs thereof */

You cannot safely even compute array-1 or array+N+1.
In C89 in theory you cannot even use &array[N] instead of
array+N, because in the abstract semantics this actually
dereferences to form the lvalue before taking its address.
In practice all compiles actually implement &*(array+n)
as array+n and this works because of the memory layout
requirements above, and C99 adds an explicit blessing.

> > The thing is that it isn't really an
> > error until you are trying to de-reference the thing pointed to by Y.
>
> This is what I'm saying. No, that's theoretically incorrect. It *is* an
> error even if you don't try to dereference the thing pointed to by Y. Simply
> doing the arithmetic on Y is in theory erroneous.
>
Right.  As above.

> > Before
> > that its just incrementing a counter - which might be done for all sorts of
> > reasons none of which may have anything to do with the array X.
>
> Well, no, it's incrementing a pointer into the array X. If you were talking
> about using array subscripting, that would be true. But if you're talking
> about incrementing pointers rather than integers, the hardware is allowed to
> enforce (for example) segments of exactly the right size, such that a
> pointer to one chunk of memory is not allowed to point to a different chunk
> of memory via incrementing.
>
And, perhaps slightly more likely, to place an array beginning at
the base of a segment, so that the "-1" address does not exist.
But not to put an array exactly at the end of a segment, or the
end of the address space.  However, there need only be one byte
(perhaps otherwise unused) following the end, whereas supporting
-1 would require a whole array element (possibly quite large)
before the beginning; this asymmetry is often given as the rationale,
in addition to the asymmetry of the idiomatic half-open ranges.

...
> My point is that the C standard says you're *allowed* to implement range
> checking on arrays. In practice, very few do, and in my experience, those
> that do are specifically low-performance debugging type interpreters.
>
Yes.

--
- David.Thompson 1 now at worldnet.att.net