www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 6478] New: Implement conservative range-checking for array lengths

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6478

           Summary: Implement conservative range-checking for array
                    lengths
           Product: D
           Version: D2
          Platform: Other
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: P2
         Component: DMD
        AssignedTo: nobody puremagic.com
        ReportedBy: clugdbug yahoo.com.au


--- Comment #0 from Don <clugdbug yahoo.com.au> 2011-08-12 02:36:16 PDT ---
For every dynamic array variable x in a function:
* Scan every statement in the function for length-changing assignment to x.
Distinguish three cases:
(a) assignment from something of known length
x = array literal of length N
x = static array of length N
x.length = N  
x = new T[N]
---> For all of these, the possible length of X is equal to the range of N.

(b) relative length change by a known amount
x ~= expression_of_fixed_length;
x.length += N;
x = x ~ expression_of_fixed_length;
If any of these occur inside a loop or a nested function (or in a function with
a goto statement), the range of x is 0..size_t; except in the case where length
= length - N. Otherwise, new range of range of x.length = oldrange + N.range.

(c) anything else
conservatively assume that the length of x could be 0..size_t/(x[0].sizeof).

* Any use of asm or a pointer inside the function should set the range of all
arrays to 0..size_t/(x[0].sizeof).

The reason I think this is valuable, is that most arrays do not arbitrarily
change size throughout a function.

Benefits:
(1) Eliminate most false positives from signed-unsigned mismatches.
Cases like this:

int [] x = new int[6]; // or x = some array literal.
for (int i = 0; i < x.length; ++i) {...}

As long as x is only assigned from an object of known length, this sort of
thing is always safe.

(2) This minimal array-length range tracking would also allow some
out-of-bounds array indexing errors to be detected at compile time.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Aug 12 2011
parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=6478


Don <clugdbug yahoo.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement


-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Aug 12 2011