Path: csiph.com!3.us.feeder.erje.net!feeder.erje.net!news.linkpendium.com!news.linkpendium.com!news.iecc.com!.POSTED.news.iecc.com!nerds-end From: Jan Ziak <0xe2.0x9a.0x9b@gmail.com> Newsgroups: comp.compilers Subject: Re: Bounds checking, Optimization techniques and undefined behavior Date: Mon, 6 May 2019 05:39:16 -0700 (PDT) Organization: Compilers Central Lines: 37 Sender: news@iecc.com Approved: comp.compilers@iecc.com Message-ID: <19-05-038@comp.compilers> References: <19-04-021@comp.compilers> <19-04-023@comp.compilers> <19-04-037@comp.compilers> <19-04-039@comp.compilers> <19-04-042@comp.compilers> <19-04-044@comp.compilers> <19-04-047@comp.compilers> <19-05-004@comp.compilers> <19-05-006@comp.compilers> <19-05-016@comp.compilers> <19-05-020@comp.compilers> <19-05-024@comp.compilers> <19-05-025@comp.compilers> <19-05-028@comp.compilers> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970"; logging-data="37475"; mail-complaints-to="abuse@iecc.com" Keywords: C, standards, comment Posted-Date: 06 May 2019 10:50:28 EDT X-submission-address: compilers@iecc.com X-moderator-address: compilers-request@iecc.com X-FAQ-and-archives: http://compilers.iecc.com In-Reply-To: <19-05-028@comp.compilers> Xref: csiph.com comp.compilers:2273 On Sunday, May 5, 2019 at 8:01:05 PM UTC+2, Bart wrote: > But how do they get there? Take this: > > int A[10], *p; > p = &A[3]; > > You intend p to refer to the 4-element slice A[3..6], but how does the > language know that? How can it stop code from writing to p[5]? > > Or you intend to index p[-2] to get at the preceding elements. Actually > using negative indexing is quite common, but surely all array bounds in > C are presumed to start from 0? How are you suggesting to implement malloc() and free() in C if all memory accesses through pointers are bounds checked? An implementation of free(p) might need to access memory at ((size_t*)p)[-1] to read metadata of the memory block such as the block size. This memory access if outside of the bounds of the "p" passed to free(). One solution is to introduce unsafe code regions and unsafe functions like in Rust. Another solution would be to implement memory allocation functions in a non-C language. For example, older versions of the Go programming language were implementing memory management in a non-Go language (which happens to be C). (Newer versions of Go are implementing memory management in Go by using unsafe pointers and in assembly.) (I didn't read all posts in this discussion so it is possible that you already answered this question.) Sincerely Jan [There's all sorts of stuff in the C library that you can't write in standard C. How would you write a C version of longjmp()? This isn't a new issue and the approaches you suggest are the ones people use. -John]