Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site umcp-cs.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!godot!harvard!seismo!umcp-cs!chris
From: chris@umcp-cs.UUCP (Chris Torek)
Newsgroups: net.lang.c,net.lang.f77
Subject: Re: Converting FORTRAN to C
Message-ID: <2211@umcp-cs.UUCP>
Date: Fri, 4-Jan-85 10:47:50 EST
Article-I.D.: umcp-cs.2211
Posted: Fri Jan  4 10:47:50 1985
Date-Received: Sun, 6-Jan-85 00:23:15 EST
References: <435@ukma.UUCP> <103@physiol.OZ> <6840@watdaisy.UUCP>
Organization: U of Maryland, Computer Science Dept., College Park, MD
Lines: 43
Xref: watmath net.lang.c:3707 net.lang.f77:206

The real trick to doing ``bounds checking'' in C is in figuring out
exactly what ``bounds'' really means.  Is ``p[-1]'' out of bounds?
Maybe, maybe not.  How about *(p - 1)?  It's the same thing.  p-1
is certainly not out of bounds.  &foo[bar] can never be (I claim).

How about this code fragment:

	f() {
		register char *p;
		char *g();

		p = g(10);
		p[-4] = 0;
	}

Is p[-4] out of bounds?  Depends on what g(10) returns!  (Ouch.)

If you really try hard, you could come up with runtime checks that
really worked, by having every library function and every compile
time array and every block of storage have an associated descriptor,
with rules for combining blocks and so forth.  Trouble is, you'd
wind up with something almost the same as this:

	if ((addr & 0x8000000) == 0) {
		if ((addr & 0x40000000) == 0) {
			if (addr < P0BR || addr > P0BR + P0LR) ...
		}
		else {
			if (addr < P1BR || addr > P1BR + P1LR) ...
		}
	}
	else {
		if (addr < SBR || addr > SBR + SLR) ...
	}

Look familiar?  Hm... you could even use ``segmentation fault'' and
``bus error'' to distinguish the two major cases.... :-)
-- 
(This line accidently left nonblank.)

In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (301) 454-7690
UUCP:	{seismo,allegra,brl-bmd}!umcp-cs!chris
CSNet:	chris@umcp-cs		ARPA:	chris@maryland