doubtful assumptions about pointers

bdm659 at csc.anu.oz bdm659 at csc.anu.oz
Thu Jan 11 00:05:59 AEST 1990 

This is an article about the semantics of pointers as defined by the
ANSI standard for C (henceforth pANS).  It is not necessarily about any
existing C compiler, nor about C as defined by any source other than pANS.
You probably can't contribute to it significantly unless you have a copy of
pANS. If you think that any of my claims are wrong (perfectly possible) then
the only way to demonstrate that is via precise reference to the text of pANS.

Any quotes from pANS refer to the version of Dec. 7, 1988.  Note that some
relevant wording changed a lot in the last few revisions.

I will call a pointer "valid" if it can be made by a strictly conforming
program.  There appear to be three kinds of valid pointers:
P1: pointers to objects
P2: null pointers
P3: pointers to "just past" an object (especially array objects, but any
    pointer to an object can be regarded as a pointer to an array of size
    one, then incremented once).

The following is a list of Doubtful Assumptions (DAs).  The definition of
a DA is "an assumption that a C programmer might be tempted to make, but
which I cannot prove to be justified according to pANS".  Determining
whether something follows from pANS is not always a simple matter, so some
of my DAs might turn out to be not doubtful at all.  In fact, I hope I'm
wrong about some of them.  I'd welcome proofs in either case.

DA[0]:  int *pi; char *pc;
        Suppose pi is valid, and do  pc = (char*) pi.  Then *pc overlaps *pi
        in the sense that changing the value of *pc changes the value of *pi.

DA[1]:  int *pi, *pj;  char *pc, *pd;
        Suppose pi and pj are valid,  and that  pi == pj .
        Now do  pc = (char*) pi; pd = (char*) pj .
        Then  pc == pd .
        [I bet this one generates some heat.  Don't forget to justify
         your disproof with references to pANS.]

DA[2]:  Just like DA[1], but using type void* instead of char*.

DA[3]:  long *pi, *pj;
        Suppose that pi is valid, and do  pj = (long*)(int*) pi;
        Then  pi == pj .
        [comment: there's no rule that says an int can't have a more
         strict alignment requirement that a long.]

DA[4]:  int i, *pi;
        Suppose pi is a null pointer, and do  i = (int) pi .
        Then  i == 0 .

DA[5]:  Just like DA[4], but with i of type  unsigned long .

DA[6]:  int *pi, *pj;
        Suppose pi is valid, and do  pj = (int*)(unsigned long) pi.
        Then  pi == pj .

DA[7]:  int i, *pi;
        Suppose i != 0, and do  pi = (int*) i .
        Then  pi != (int*)0 .

DA[8]:  int *pi, *pj;
        Suppose pi is a valid pointer of kind P3, and do
        pj = (int*)(char*) pi .   Then  pi == pj .
        [comment: the rule in section 3.3.4 only applies to pointers
         to objects, which pi might not be.]

DA[9]:  int *pi;
        Suppose that an external function f() is declared without prototype.
        It expects a single argument of type void*.   Assume that pi is valid.
        Then the call  f(pi)  works.
        [comment:  See my remarks on section 3.1.2.5 below.]

DA[10]: void *pv;  external void *f();
        In fact, f returns a value of type int*.
        Then   pv = f()  works.
        [comment:  See my remarks on section 3.1.2.5 below.]

References and some nit-picking.

1.6.      definitions of "object" and "alignment"
3.1.2.5.  types and type terminology
          definitions of "object type" and "incomplete type"
   nit-pick:  This section several rules of the form "types X and Y have the
              same representation and alignment requirements".  Footnote 15
              tells us that this is intended to imply interchangeability as
              function arguments, function return values, and members of
              unions.  However, this does not follow from the rule.
              Interchangeability of two types as function arguments requires,
              in addition, equality of argument-passing mechanisms.  This is
              nowhere prescribed.
3.2.2.3.  conversions amongst pointer types, null pointers
3.3.2.1.  array subscripting
3.3.3.2.  * and & operators
3.3.4.    more on conversion amongst pointer types
          conversions between integral types and pointers
   nit-pick:  The case of (obj*)0 should be excluded from these rules
              as it is specified differently in 3.2.2.3.
3.3.6.    pointer + integer, pointers just past an object
3.3.8.    relational operators
   nit-pick:  The phrase "or both are null pointers" is missing from the
              sentence in lines 8-10.  See the otherwise identical sentence
              in section 3.3.9.
3.3.9.    equality operators
3.3.16.1. simple assignment
3.5.2.1.  conversions between pointers to union members

===========================================================
Brendan McKay.  bdm at anucsd.oz.au  or  bdm659 at csc1.anu.oz.au
terrorist: n. an individual who behaves like a government  (original)

More information about the Comp.std.c mailing list