(j3.2006) Comment 2 from TS Ballot

Bill Long longb
Mon Sep 17 14:00:07 EDT 2012



On 9/13/12 3:31 AM, Malcolm Cohen wrote:
> I wrote:
>> Maybe something like
>> "If (blah), a pointer derived from the base_addr of that descriptor shall not
>> be
>> used to access memory that is not part of the object described by the
>> descriptor."
>
> ...
>> Better.  I'm still a bit concerned that "derived from" is too vague.
>
> I think it is clear in context.
>
>> How about "..., a pointer computed as an offset from the base_addr of
>> that descriptor...".   This wording corresponds more directly to what
>> the programmer would actually be writing.
>
> Unfortunately "as an offset from" sounds like you have an offset, i.e.
> difference between two addresses, not a pointer.  And now that we have a process
> being described it should probably have a demonstrative pronoun with a verb.
>
> So "..., a pointer that is computed by adding or subtracting an offset to the
> base_addr of that descriptor..." might be ok, but...

Might be.  I think, though, that we are being led off base with the 
"base_addr" part of the sentence.  The intention is that someone in the 
C function who thinks he is referencing part of the actual argument 
needs to actually do that, and not wander off into other parts of 
memory.  The pointer computation would typically involve more than just 
one member of the C descriptor.   While it is basically impossible to 
write an air-tight restriction - it is always possible to play pointer 
arithmetic games that are not covered, it might be better to have

"..., a pointer that is computed from information in that C descriptor..."

>
> "offset" is also not a defined term... any more than my use of "derived" was.
>

I liked "offset" because C actually has an offsetof( ) operator, whereas 
"derived" is used in C in discussions of types.  But it is not really 
that important what steps are used to arrive at the pointer value, but 
rather that the resulting pointer points to a valid memory location.


> And it makes the following either allowed or at least up for discussion...
>
>    p = x->base_addr + 100;
>    /* cannot write to p if it is not part of the described object */
>    p = p + 10;
>    *p = 3; /* this is ok because we did not get this by adding an offset to the
> base_addr of the descriptor */
>

Just the sort of antics that are really hard to disallow.

Cheers,
Bill


> So maybe
>    "..., a pointer that is computed from the base_addr of the descriptor by
> adding or subtracting one or more integer values ..."
> looks better.
>
> OTOH, we have made this so specific there is now a question as to whether &p[10]
> counts since the addition is not written explicitly.
>
> It might be better to stick with "derived", which is clear enough without trying
> to nail down how the programmer derived it.
>
> Cheers,
>

-- 
Bill Long                                           longb at cray.com
Fortran Technical Support    &                 voice: 651-605-9024
Bioinformatics Software Development            fax:   651-605-9142
Cray Inc./Cray Plaza, Suite 210/380 Jackson St./St. Paul, MN 55101





More information about the J3 mailing list