From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_00,MSGID_RANDY,
	PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII
X-Google-Thread: f849b,b8d52151b7b306d2
X-Google-Attributes: gidf849b,public
X-Google-Thread: 103376,a00006d3c4735d70
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-12-29 13:13:37 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.media.kyoto-u.ac.jp!Q.T.Honey!news.join.ad.jp!newsfeed.mathworks.com!nntp.TheWorld.com!alexc
From: Alex Colvin <alexc@std.com>
Newsgroups: comp.arch.embedded,comp.lang.ada
Subject: Re: Certified C compilers for safety-critical embedded systems
Date: Mon, 29 Dec 2003 21:13:34 +0000 (UTC)
Organization: The World : www.TheWorld.com : Since 1989
Message-ID: <bsq5du$oit$1@pcls4.std.com>
References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com>
 <$km9afA3DB7$EAYO@phaedsys.demon.co.uk>
 <bcEFNEK9esyI@eisner.encompasserve.org>
 <p$OIcVFWHL7$EA6t@phaedsys.demon.co.uk>
 <wccekur4151.fsf@shell01.TheWorld.com>
 <Xns945DE49836882jimmaureenrogers@204.127.36.1>
 <3ff0686d.528369824@News.CIS.DFN.DE>
NNTP-Posting-Host: pip1-7.std.com
X-Trace: pcls4.std.com 1072732414 25181 192.74.137.187 (29 Dec 2003 21:13:34
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Mon, 29 Dec 2003 21:13:34 +0000 (UTC)
User-Agent: nn/6.6.5
Xref: archiver1.google.com comp.arch.embedded:6306 comp.lang.ada:3936
Date: 2003-12-29T21:13:34+00:00
List-Id: <comp.lang.ada>

>[...]
>>The C standard explicitly permits accessing one element beyond the end

not exactly. it permits addressing one beyond the end, but not accessing
so 
	int a[10], *after = &a[10];
is OK, but
	a[10]++
isn't

The rule lets you do bounds checks on pointers, even with empty ranges.


-- 
	mac the na�f