Out-of-bounds pointers

Richard O'Keefe ok at cs.mu.oz.au
Sat Oct 7 19:56:35 AEST 1989 

In article <868 at crdos1.crd.ge.COM> davidsen at crdos1.UUCP (bill davidsen) writes:
>|  Doug Gwyn:
>|  > It's not even "legal" to compute an invalid address, whether or not
>|  > it is dereferenced.
>  While this is obviously true, I have never understood the rationale of
>this decision. Given that (a) there are existing programs which do this,
>for reasons other than sloppy programming, (b) most implementations
>happily allow this, and (c) if you are allowed to declare an auto
>pointer at all then obviously the hardware supports uninitialized
>pointers, I fail to see what benefit is gained.

(b) The implementations which allowed it don't have to stop allowing it.
(c) Not so; the compiler might quietly initialise every pointer variable
    to a valid address.  (Auto variables might be allocated by pushing
    the current value of the SP on the stack, for example.)

In article <217 at bbxsda.UUCP>, scott at bbxsda.UUCP (Scott Amspoker) writes:
> We just got through an *extremely* long thread in comp.lang.c regarding
> this issue (it eventually just fizzled out).  ... For example, the
> 286/386 CPUs will trap if you load just any 'ol garbage into a segment
> register.  Since handling a pointer variable might cause such a load
> operation you could get a trap even though you did not de-reference the
> pointer.

I participated in that thread.  Basically it fizzled out because it was
quite clear that the restriction isn't going to go away, so there wasn't
any point in talking further.  But it also became clear that the 80286
and 80386 are *NOT* examples of the problem; you wouldn't do pointer
comparisons or pointer arithmetic in a segment register on an 80286
because you _can't_.

> Don't worry - all is not lost.  No one was able to come up with a real
> world example of something like this.

There is a practical case where this _is_ likely to come up.
C interpreters.  There are already C interpreters which do things like
checking that a pointer doesn't point to anywhere wild and that pointer
comparisons involve pointers into the same array.  It would not be
surprising if ANSI C interpreters make this check too.

You can, if necessary, make your array one element longer than you need.

More information about the Comp.std.c mailing list