when I define
int R[99];
and then later access it with
x=R[r];C[x]=7;
....
but x happens to be <0 or >99 , then the program's behavious
becomes unpredictable.
Is there a way to prevent this ?
Is there a program or debugger or compiler which
checks the array indices before executing the command and
eventually issues an error-warning when the index is out of range ?
Nov 14 '05
26 1856
>you should probably use a run-time check: if ( r<0 || r>98 ) ...
but there can be hundreds of array-accesses
in the program, even nested, so I prefer
a program to do this checking automatically,
like I'm used it to be in BASIC.
Giorgos Keramidas wrote: "Ricardo Gibert" <no**********@c ox.net> writes:
"Keith Thompson" <ks***@mib.or g> wrote in message news:ln****** ******@nuthaus. mib.org...
No, there is no negative value of type int that yields a value less than 99 when converted to unsigned int. (There might be exotic representati ons where this isn't the case.)
The idea that, "There might be some exotic implementation where this isn't the case," hadn't occurred to me. I can't imagine what it would be like. Hmmm.
An architecture on which the least significant bit it used as the sign of a value combined with a C compiler which coerces int values to unsigned by clearing the sign bit or even by shifting it to one of the value bits.
Then -3 would be represented as 00000111 and would be coerced to unsigned as 00000110 which would be +3 but still less than 99.
If this happens, the language is not C. Period.
The result of converting -3 to `unsigned int' is
`UINT_MAX - 2'. Always. And since `UINT_MAX' is at
least 65535, the result will be at least 65533 and
most definitely greater than 99.
-- Er*********@sun .com
Eric Sosman <Er*********@su n.com> writes: Giorgos Keramidas wrote: "Ricardo Gibert" <no**********@c ox.net> writes:
"Keith Thompson" <ks***@mib.or g> wrote in message news:ln****** ******@nuthaus. mib.org...
No, there is no negative value of type int that yields a value less than 99 when converted to unsigned int. (There might be exotic representati ons where this isn't the case.)
The idea that, "There might be some exotic implementation where this isn't the case," hadn't occurred to me. I can't imagine what it would be like. Hmmm. An architecture on which the least significant bit it used as the sign of a value combined with a C compiler which coerces int values to unsigned by clearing the sign bit or even by shifting it to one of the value bits. Then -3 would be represented as 00000111 and would be coerced to unsigned as 00000110 which would be +3 but still less than 99.
If this happens, the language is not C. Period.
The result of converting -3 to `unsigned int' is `UINT_MAX - 2'. Always. And since `UINT_MAX' is at least 65535, the result will be at least 65533 and most definitely greater than 99.
What about a machine with 24-bit words, with UINT_MAX and INT_MAX both
set to 8388607 (2**23-1)?
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Keith Thompson wrote: Eric Sosman <Er*********@su n.com> writes:
Giorgos Keramidas wrote:
An architecture on which the least significant bit it used as the sign of a value combined with a C compiler which coerces int values to unsigned by clearing the sign bit or even by shifting it to one of the value bits. Then -3 would be represented as 00000111 and would be coerced to unsigned as 00000110 which would be +3 but still less than 99.
If this happens, the language is not C. Period.
The result of converting -3 to `unsigned int' is `UINT_MAX - 2'. Always. And since `UINT_MAX' is at least 65535, the result will be at least 65533 and most definitely greater than 99.
What about a machine with 24-bit words, with UINT_MAX and INT_MAX both set to 8388607 (2**23-1)?
What's the "what" you're concerned about? -3 would
convert to UINT_MAX - 2, as always, yielding the value
8388605 which is larger than 99 -- I'm sure that's not
what's worrying you, but I don't know what is ...
-- Er*********@sun .com
Eric Sosman <Er*********@su n.com> writes: Keith Thompson wrote: Eric Sosman <Er*********@su n.com> writes:
Giorgos Keramidas wrote:
An architecture on which the least significant bit it used as the sign of a value combined with a C compiler which coerces int values to unsigned by clearing the sign bit or even by shifting it to one of the value bits. Then -3 would be represented as 00000111 and would be coerced to unsigned as 00000110 which would be +3 but still less than 99.
If this happens, the language is not C. Period.
The result of converting -3 to `unsigned int' is `UINT_MAX - 2'. Always. And since `UINT_MAX' is at least 65535, the result will be at least 65533 and most definitely greater than 99. What about a machine with 24-bit words, with UINT_MAX and INT_MAX both set to 8388607 (2**23-1)?
What's the "what" you're concerned about? -3 would convert to UINT_MAX - 2, as always, yielding the value 8388605 which is larger than 99 -- I'm sure that's not what's worrying you, but I don't know what is ...
A few articles upthread, I wrote:
] No, there is no negative value of type int that yields a value less
] than 99 when converted to unsigned int. (There might be exotic
] representations where this isn't the case.)
If UINT_MAX and INT_MAX both have the value 8388607 (2**23-1), then
the int value -8388558, converted to unsigned int, yields the value 50.
The context was a suggestion to use something like
assert((unsigne d) i <= 99);
as an optimization of
assert(i >= 0 && i <= 99);
The check would fail on the hypothetical exotic system if i is equal
to 8388607, causing undefined behavior when i is subsequently used as
an index into a 100-element array.
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
On Sun, 25 Jul 2004 22:12:41 -0700, "Ricardo Gibert"
<no**********@c ox.net> wrote: "Barry Schwarz" <sc******@deloz .net> wrote in message news:ce******** **@216.39.135.1 07@theriver.com ... On Sun, 25 Jul 2004 10:58:40 -0700, "Ricardo Gibert" <no**********@c ox.net> wrote:
> >"Barry Schwarz" <sc******@deloz .net> wrote in message news:ce******** **@216.39.134.2 39@theriver.com ... >> On Sun, 25 Jul 2004 07:18:37 GMT, Keith Thompson <ks***@mib.or g> >> wrote: >> >> >Barry Schwarz <sc******@deloz .net> writes: >> >> On Sat, 24 Jul 2004 17:26:10 -0700, "Ricardo Gibert" >> >> <no**********@c ox.net> wrote: >> >> >"Sterten" <st*****@aol.co m> wrote in message >> >> >news:20******* *************** *****@mb-m05.aol.com... >> >> >> >> >> >> when I define >> >> >> int R[99]; >> >> >> and then later access it with >> >> >> x=R[r];C[x]=7; >> >> >> ... >> >> >> but x happens to be <0 or >99 , then the program's behavious >> >> >> becomes unpredictable. >> >> > >> >> >You must mean x < 0 or x >= 99 in the above. >> >> > >> >> >You can try this: >> >> > >> >> > assert((unsigne d) i < 99); >> >> >> >> Why the cast. If i contains a sufficiently large negative value, your >> >> assert will be true but your next statement will invoke undefined >> >> behavior. >> >> >> >> > t = R[i]; >> > >> >No, there is no negative value of type int that yields a value less >> >than 99 when converted to unsigned int. (There might be exotic >> >representation s where this isn't the case.) >> >> This is only true in the "common" situation where the absolute value >> of INT_MIN is only half of UINT_MAX. The standard does not require >> this. It is possible for these values to be equal but opposite in >> sign. It would be legal on a 32-bit system for >> INT_MAX=UINT_MA X=pow(2,31)-1 and INT_MIN=-INT_MAX. (There is no >> requirement that an unsigned int use the now irrelevant sign bit to >> extend its range of values.) In fact, any exponent value between 31 >> and 16 would be compliant. >> >> On any system where INT_MIN <= -UINT_MAX, the 99 int values >> between -UINT_MAX and -UINT_MAX+98 would satisfy the assert but still >> invoke undefined behavior. > >A cast from int or char to unsigned does not cause undefined behavior. > >> >> > >> >But I'd still be more comfortable with >> > >> > assert(i >= 0 && i < 99); >> > >> >(assuming that assert is a good way to do the check in the first >> >place). >> >> >> Obviously, but once the unsigned value has passed the assert, the signed negative value is used as an array index and that does cause undefined behavior.
Okay, I see I managed to misunderstand even though it should have been clear. Sorry.
In the event that the condition "INT_MIN <= -UINT_MAX" were true, you would be correct. Something that would exhibit such undefined behavior would be a cast from long long to unsigned long as an example, but I don't think "INT_MIN <= -UINT_MAX" is ever true, since unsigned is guaranteed to occupy the same amount of storage as an int.
But there is no requirement that an unsigned int use the sign bit to
extend its range. It is legal for INT_MIN to be -(pow(2,31)-1) and
UINT_MAX and INT_MAX both to be pow(2,31)-1.
<<Remove the del for email>>
"Barry Schwarz" <sc******@deloz .net> wrote in message
news:ce******** **@216.39.134.2 11@theriver.com ... On Sun, 25 Jul 2004 22:12:41 -0700, "Ricardo Gibert" <no**********@c ox.net> wrote:
"Barry Schwarz" <sc******@deloz .net> wrote in message
news:ce******** **@216.39.135.1 07@theriver.com ... On Sun, 25 Jul 2004 10:58:40 -0700, "Ricardo Gibert" <no**********@c ox.net> wrote:
> >"Barry Schwarz" <sc******@deloz .net> wrote in message
news:ce******** **@216.39.134.2 39@theriver.com ... >> On Sun, 25 Jul 2004 07:18:37 GMT, Keith Thompson <ks***@mib.or g> >> wrote: >> >> >Barry Schwarz <sc******@deloz .net> writes: >> >> On Sat, 24 Jul 2004 17:26:10 -0700, "Ricardo Gibert" >> >> <no**********@c ox.net> wrote: >> >> >"Sterten" <st*****@aol.co m> wrote in message >> >> >news:20******* *************** *****@mb-m05.aol.com... >> >> >> >> >> >> when I define >> >> >> int R[99]; >> >> >> and then later access it with >> >> >> x=R[r];C[x]=7; >> >> >> ... >> >> >> but x happens to be <0 or >99 , then the program's behavious >> >> >> becomes unpredictable. >> >> > >> >> >You must mean x < 0 or x >= 99 in the above. >> >> > >> >> >You can try this: >> >> > >> >> > assert((unsigne d) i < 99); >> >> >> >> Why the cast. If i contains a sufficiently large negative value,
your >> >> assert will be true but your next statement will invoke undefined >> >> behavior. >> >> >> >> > t = R[i]; >> > >> >No, there is no negative value of type int that yields a value less >> >than 99 when converted to unsigned int. (There might be exotic >> >representation s where this isn't the case.) >> >> This is only true in the "common" situation where the absolute value >> of INT_MIN is only half of UINT_MAX. The standard does not require >> this. It is possible for these values to be equal but opposite in >> sign. It would be legal on a 32-bit system for >> INT_MAX=UINT_MA X=pow(2,31)-1 and INT_MIN=-INT_MAX. (There is no >> requirement that an unsigned int use the now irrelevant sign bit to >> extend its range of values.) In fact, any exponent value between 31 >> and 16 would be compliant. >> >> On any system where INT_MIN <= -UINT_MAX, the 99 int values >> between -UINT_MAX and -UINT_MAX+98 would satisfy the assert but still >> invoke undefined behavior. > >A cast from int or char to unsigned does not cause undefined behavior. > >> >> > >> >But I'd still be more comfortable with >> > >> > assert(i >= 0 && i < 99); >> > >> >(assuming that assert is a good way to do the check in the first >> >place). >> >> >> Obviously, but once the unsigned value has passed the assert, the signed negative value is used as an array index and that does cause undefined behavior. Okay, I see I managed to misunderstand even though it should have been
clear. Sorry. In the event that the condition "INT_MIN <= -UINT_MAX" were true, you would
be correct. Something that would exhibit such undefinedbehavior would be a cast from long long to unsigned long as an example, but
I don't think "INT_MIN <= -UINT_MAX" is ever true, sinceunsigned is guaranteed to occupy the same amount of storage as an int.
But there is no requirement that an unsigned int use the sign bit to extend its range. It is legal for INT_MIN to be -(pow(2,31)-1) and UINT_MAX and INT_MAX both to be pow(2,31)-1.
I see that I have no choice, but to accept this as a legal possibility. I can't
find anything in the standard that precludes this. Strictly speaking, it seems
the trick is a technical error portability-wise, though useful to the compiler
writer or assembly language programmer.
Thanks for being patient with me.
<<Remove the del for email>> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Steve |
last post by:
I'm working on an e-commerce site, and one of the things I need to do is split an existing order into two orders. The problem I'm having is not
creating the new order, but getting the remaining items from the original order cleaned up in the array. What I've tried to do so far is:
1) The data is stored in a serialized array in the order_data field in the orders table. When the order is selected, it is unserialized and called
$order_data....
|
by: Michael Drumheller |
last post by:
(If you're not interested in NumArray, please skip this message.)
I am new to NumArray and I wonder if someone can help me with
array-indexing. Here's the basic situation: Given a rank-2 array
(i.e., a matrix) it seems to be trivial, with array indexing,
to extract a subset of its *columns*. But it does not seem
to be trivial to extract a subset of its *rows*. The code
snippet below describes the problem (if it really is a problem)...
|
by: Dr John Stockton |
last post by:
Q1 :
Given an array such as might have been generated by
var A =
is there a highly effective way of reducing it to - i.e.
removing the undefineds and shifting the rest down?
A.sort().slice(0,n) // would do it, but sorts; and the number
|
by: Randell D. |
last post by:
Folks,
I can program fairly comfortably in PHP and can, for the most part using
these skills and others that I've picked up over the years manage to
read/understand most code in Javascript... so I'm just asking for a few
pointers (or the full solution if you have the time) for what I want to do.
Basically, I want to write a javascript wherby I only need to pass it the
names of form fields - then my javascript will check each form field...
|
by: Adam Hartshorne |
last post by:
As a result of a graphics based algorihtms, I have a list of indices to
a set of nodes.
I want to efficiently identify any node indices that are stored multiple
times in the array and the location of them in the array /list. Hence
the output being some list of lists, containing groups of indices of the
storage array that point to the same node index.
This is obviously a trivial problem, but if my storage list is large and
the set of...
| |
by: VK |
last post by:
A while ago I proposed to update info in the group FAQ section, but I
dropped the discussion using the approach "No matter what color the cat
is as long as it still hounts the mice". Over the last month I had
enough of extra proof that the cat doesn't hount mice anymore in more
and more situations. And the surrent sicretisme among array and hash is
the base for it.
I summarized all points in this article:...
|
by: shmartonak |
last post by:
For maximum portability what should the type of an array index be? Can
any integer type be used safely? Or should I only use an unsigned type?
Or what?
If I'm using pointers to access array elements as *(mptr+k) where I've
declared
MYTYPE *mptr;
what should be the type of 'k'? Should it be ptrdiff_t?
|
by: dennis.sam |
last post by:
Hi,
Is there away to define a multi-dimensional array with respect to the
number of dimensions the array has? For example, given a user spec of
"a b c d", I want to create a 4 dimensional array with dimensional
lengths of a, b, c and d. Thanx for any help.
|
by: memeticvirus |
last post by:
I have an array cli::array<float, 2and I would like to access a
subset of it's values by compiling an array of pointers. But, it's not
possible to create an array of type
cli:array<cli::interior_ptr<float>, 2>...
So, what do I do?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |