Out of range pointers

Richard Harter g-rh at XAIT.XEROX.COM
Wed Sep 21 03:54:17 AEST 1988 

In article <1988Sep19.213023.13181 at utzoo.uucp> henry at utzoo.uucp (Henry Spencer) writes:
>In article <33432 at cca.CCA.COM> g-rh at XAIT.Xerox.COM (Richard Harter) writes:
>>In C a pointer is a fairly anonymous object.  What you are saying is
>>that it is a potential error to add or subtract an integer from a
>>pointer if the result is out of range.  Very well, but what is that
>>range?

>The members of the array that the pointer points into, plus the special
>case of just above the end of the array.

	The question was rhetorical, in that I pointing out that there is
no way to determine from the pointer itself what its range was.  I expect
it is a good thing to repeat the legal answer, since it is does seem to be
a complete mystery to some people :-).

>>Suppose a pointer is passed through a calling sequence.  In
>>the function I have no way of knowing whether &x[n] will break for any
>>n other than 0.  For that matter I have no way of knowing whether 
>>x is a legal pointer!

>That's correct.  It is the caller's responsibility to supply a pointer
>that is adequate for the function's purposes, and the function writer's
>responsibility to document those purposes well enough that the caller
>knows what his responsibilities are.  There is no way to check this at
>runtime in conventional C implementations.  That's C for you.

Such as it is :-).  In theory this means that there is an entire class
of error checking that one can't do.  For the most part this doesn't matter.
However it would be very nice if there were a library routine that would
tell you whether a pointer was legal or not.  I am not much a fan of the
"if all the spec's and the interface definitions and the code are all correct
then you don't need error checking" school of programming.  I rather like
the "be a skeptic and check and report the errors when you find them"
school of thought.  

As a side note, one argument for making x[-1] legal is that it permits
you to use sentinels in both directions.  I don't see that this is a
problem, regardless of architecture.  All that is required is that nothing
be allocated on a segment boundary.  However, as the man says, they way
it is is the way it is.  There never was a machine, a language, or an
operating system without arcane restrictions.  [Except lisp :-)]
-- 

In the fields of Hell where the grass grows high
Are the graves of dreams allowed to die.
	Richard Harter, SMDS  Inc.

More information about the Comp.lang.c mailing list