(j3.2006) Comment 2 from TS Ballot
Bill Long
longb
Mon Sep 17 14:00:07 EDT 2012
On 9/13/12 3:31 AM, Malcolm Cohen wrote:
> I wrote:
>> Maybe something like
>> "If (blah), a pointer derived from the base_addr of that descriptor shall not
>> be
>> used to access memory that is not part of the object described by the
>> descriptor."
>
> ...
>> Better. I'm still a bit concerned that "derived from" is too vague.
>
> I think it is clear in context.
>
>> How about "..., a pointer computed as an offset from the base_addr of
>> that descriptor...". This wording corresponds more directly to what
>> the programmer would actually be writing.
>
> Unfortunately "as an offset from" sounds like you have an offset, i.e.
> difference between two addresses, not a pointer. And now that we have a process
> being described it should probably have a demonstrative pronoun with a verb.
>
> So "..., a pointer that is computed by adding or subtracting an offset to the
> base_addr of that descriptor..." might be ok, but...
Might be. I think, though, that we are being led off base with the
"base_addr" part of the sentence. The intention is that someone in the
C function who thinks he is referencing part of the actual argument
needs to actually do that, and not wander off into other parts of
memory. The pointer computation would typically involve more than just
one member of the C descriptor. While it is basically impossible to
write an air-tight restriction - it is always possible to play pointer
arithmetic games that are not covered, it might be better to have
"..., a pointer that is computed from information in that C descriptor..."
>
> "offset" is also not a defined term... any more than my use of "derived" was.
>
I liked "offset" because C actually has an offsetof( ) operator, whereas
"derived" is used in C in discussions of types. But it is not really
that important what steps are used to arrive at the pointer value, but
rather that the resulting pointer points to a valid memory location.
> And it makes the following either allowed or at least up for discussion...
>
> p = x->base_addr + 100;
> /* cannot write to p if it is not part of the described object */
> p = p + 10;
> *p = 3; /* this is ok because we did not get this by adding an offset to the
> base_addr of the descriptor */
>
Just the sort of antics that are really hard to disallow.
Cheers,
Bill
> So maybe
> "..., a pointer that is computed from the base_addr of the descriptor by
> adding or subtracting one or more integer values ..."
> looks better.
>
> OTOH, we have made this so specific there is now a question as to whether &p[10]
> counts since the addition is not written explicitly.
>
> It might be better to stick with "derived", which is clear enough without trying
> to nail down how the programmer derived it.
>
> Cheers,
>
--
Bill Long longb at cray.com
Fortran Technical Support & voice: 651-605-9024
Bioinformatics Software Development fax: 651-605-9142
Cray Inc./Cray Plaza, Suite 210/380 Jackson St./St. Paul, MN 55101
More information about the J3
mailing list