array bounds check option

public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed

* array bounds check option
@ 1998-01-20  4:00 Per Bothner
  1998-01-21  9:54 ` Craig Burley
  0 siblings, 1 reply; 3+ messages in thread
From: Per Bothner @ 1998-01-20  4:00 UTC (permalink / raw)
  To: egcs, rms, kenner

I would like to add a language-dependent option to enable/disable array
bounds checking.  This would not necessarily be supported by all
languages (bounds checking for C/C++ is of course difficult), and
the default may also differ for different languages (it should be
on by default for Java and Chill;  off for C/C++ if it gets implemented;
unknown for Fortran and Ada).

Even though it is somewhat language-dependent, it seems reasonable
that at least the name of the option be standardized.  So I propose
-f[no-]bounds-check.   I am open to replacing "bounds" by "range"
and/or swapping the word order to -fcheck-bounds.  However, it would
be nice to be consistent:  Currently we have -fstack-check, which
suggests that "-check" should come last, or we should check it to
-fcheck-stack.

	--Per Bothner
Cygnus Solutions     bothner@cygnus.com     http://www.cygnus.com/~bothner

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: array bounds check option
  1998-01-20  4:00 array bounds check option Per Bothner
@ 1998-01-21  9:54 ` Craig Burley
  1998-01-22  1:45   ` Per Bothner
  0 siblings, 1 reply; 3+ messages in thread
From: Craig Burley @ 1998-01-21  9:54 UTC (permalink / raw)
  To: bothner; +Cc: egcs, rms, kenner

I'd suggest -farray-bounds-check, because "bounds" might be too
general ("range" certainly is).

E.g. consider whether someone might want an option to check the
range of values assigned to "enum"s, or types declared with
explicit ranges (a la Pascal).

Another idea is -fsubscript-bounds-check, or maybe if "subscript"
always pertains to arrays, -fsubscript-check.

However, it is important to determine just what is being checked,
and name the option accordingly.

In Fortran, given

  REAL A(5,5)

the reference

  A(6,2)

does not violate some Fortran compilers' *array* bounds checking,
but does violate *subscript* bounds.  (Using the canonical
computation, the reference is equivalent to A(1,3), I believe,
but the canonical computation is *not* standard Fortran, just
as adding 1 to 2147483647 producing -2147483648 is canonical
but not standard C.)

So I'd say -fsubscript-bounds-check is appropriate only if
you're putting a check on each ARRAY_REF node (or whatever
its called), while -farray-bounds-check is appropriate only if
you're checking the computed offset into the array against
the overall bounds of the array.

Of course, if you do the subscript checking (on ARRAY_REF),
and a front end collapses subscript references to computations
using lower-level constructs in the back end, that's a problem.
(g77 has an undocumented internal macro that happens to make
such a change; it was found useful by egcs people wishing to
experiment with improving g77 performance on Alphas and, I
believe, is no longer helpful due to the optimizations they
came up with.)

        tq vm, (burley)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: array bounds check option
  1998-01-21  9:54 ` Craig Burley
@ 1998-01-22  1:45   ` Per Bothner
  0 siblings, 0 replies; 3+ messages in thread
From: Per Bothner @ 1998-01-22  1:45 UTC (permalink / raw)
  To: egcs, rms, kenner

Craig Burley <burley@gnu.org> writes:
> I'd suggest -farray-bounds-check, because "bounds" might be too
> general ("range" certainly is).
>
> E.g. consider whether someone might want an option to check the
> range of values assigned to "enum"s, or types declared with
> explicit ranges (a la Pascal).

In a language with range types, if you check array indexes,
I think you would normally want to "range check" also on values
coerced to ranges.  That catches possible subscript errors earlier.
Also, if we can assume that index expressions whose types are
ranges have values that are actually within the range of its type,
then we can easily optimize away range checks when the range of
the actual index is a sub-set of the array index range.

Thus in normal use, "check array subscript" would imply "check
cast to range type".  That is reasonable for Chill, and (I
believe) Pascal.  Ada I'm not sure about.  A common flag
(both in the sense of one that does it all, and in the sense of
the flag most commonly used!) does not preclude finer control
(such as -fbounds-check -fno-conversion-bounds-check).

> consider whether someone might want an option to check the 
> range of values assigned to "enum"s

That should probably also be implied by -fbounds-check - but
only for enums that have a dense range with values that
always increase by one.

> So I'd say -fsubscript-bounds-check is appropriate only if
> you're putting a check on each ARRAY_REF node (or whatever
> its called), while -farray-bounds-check is appropriate only if
> you're checking the computed offset into the array against
> the overall bounds of the array.

That is reasonable.  But I think -fbounds-check should imply
one of -fsubscript-bounds-check or -farray-bounds-check
depending on the language and strictness mode.  In C or C++,
and traditional Fortran, it might imply -farray-bounds-check.
In Java, Chill, and -pedantic Fortran it might imply
-fsubscript-bounds-check.

	--Per Bothner
Cygnus Solutions     bothner@cygnus.com     http://www.cygnus.com/~bothner

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~1998-01-22  1:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1998-01-20  4:00 array bounds check option Per Bothner
1998-01-21  9:54 ` Craig Burley
1998-01-22  1:45   ` Per Bothner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).