Re: Idea: Array Boundary Checks on Write Access Only

[Stephen Leake <Stephen.Leake@gsfc.nasa.gov>]

Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk> writes:

> Here is a suggestion for Ada compiler developers:
> 
> Add a compiler configuration option that suppresses array index
> boundary checks only for *read* access to array elements.
> 
> Array boundary checks in Ada are a major advantage over C/C++
> and add a lot to the safety and debugability of the language.
> However the checks are also a significant performance loss
> unless they are deactivated. A useful compromise would be an
> option that causes the compiler to add boundary checks only
> when an array element is written, but not when it is read.
> Out-of-boundary array write accesses are dangerous because they can
> destroy other data structures and can cause failure inside completely
> unrelated objects. Therefore, in security critical applications,
> it is very desireable to deactivate for performance reasons
> only the checks for the less dangerous read accesses that if
> they go wrong should not cause malfunction within other objects.

A bug is a bug. If you write your code with properly typed indices, a
good compiler can optimize away all array index checks, at least for
statically sized constrained arrays. If you are using true dynamically
sized or unconstrained arrays, you either need to have the compiler do
all the checks, or do them all yourself somewhere. In the later case,
you can turn off the compiler checks.

I don't see why a "read bug" is ever ok!

> 
> Are there already Ada compilers around that do this?

I hope not :).

> 
> Markus
> 

-- Stephe