tags:

views:

218

answers:

2
+5  Q: 

How does a hardware trap in a three-past-the-end pointer happen even if the pointer is never dereferenced?

In his November 1, 2005 C++ column, Herb Sutter writes ...

int A[17];
int* endA = A + 17;
for( int* ptr = A; ptr < endA; ptr += 5 )
{
  // ...
}

[O]n some CPU architectures, including current ones, the aforementioned code can cause a hardware trap to occur at the point where the three-past-the-end pointer is created, whether that pointer is ever dereferenced or not.

How does a CPU trap on a bitpattern? What about ...

int A[17];

// (i) hardware will trap this ?
int *pUgly = A + 18; 

// (ii) hardware will trap this, too?
int *pEnd = A + 17;
++pEnd;  

// (iii) will this fool it?
int *precious = A + 17;
unsigned long tricksy = reinterpret_cast<unsigned long>(precious) ; 
++tricksy;
int *pHobbits = reinterpret_cast<int *>(tricksy);

Bonus question: Should the phrase "some current CPU architectures" be ordinarily understood to refer to shipping products only, or does it include imaginary architectures as well if the work of fiction in which they are described or alluded to has a recent publication date?

+4  A: 

Pointer operations are implementation-dependent.

It can happen that on some platform only specific registers are allowed for storing pointer values (only specific registers can serve as index registers) and the value written into such register by a non-priviledged program code is immediately checked for being a valid address. In this case if the pointer value corresponds to an address not present in the address space of the program the hardware trap will certainly occur.

If that's the case any code not optimized out by the compiler that assigns a new value to a pointer can potentially cause a trap.

sharptooth  2009-06-29 12:24:52
Are there any such platforms, or is this like "Do not use this backhoe if you are located in the Cloud City of Bespin" ?
Thomas L Holaday  2009-06-29 12:36:41
there are some, like Sutter said, "including current ones". I can't remember any names, but I know they exist. They're not extremely common though. But several architectures have used separate registers for pointers and data, which makes it trivial to detect invalid addressing.Does it matter whether any such platforms exist though? Just don't do it. ;)
jalf  2009-06-29 12:46:57
The surealist auuthor Borges wrote that there are three kinds of animals: those that can be touched, those that can only be seen from a great distance, and those which can only be learned of from the tales of other people. My question is how these CPUs do the trap, so a real CPU's technical documentation would be instructive.
Thomas L Holaday  2009-06-29 14:00:09
You already got the answer though. If the CPU has special "address registers", in which pointer arithmetics are performed, then it can, between every instruction, verify that the value stored in that register is actually a legal address, and generate a hardware trap if it isn't. At the very least, it could trivially detect overflows, which might occur if you go past the end of an array. The Motorola 68000 had such separate address registers, but I don't know if it would generate traps on illegal addresses.
jalf  2009-06-30 11:39:25
I have been unable to locate any evidence that the Motorola 68000 would trap on illegal addresses.
Thomas L Holaday  2009-07-08 18:30:48
+2  A: 

You might to google "speculative reading". As soon as an address is formed, it may be smart for the cache architecture to bring the corresponding dataline into cache. Normally, this should be harmless, but if you're significantly out of bounds (e.g. onto the next page) this might no longer be true.

MSalters  2009-06-29 12:39:54
+1 for the search term.
Thomas L Holaday  2009-06-29 12:42:27
Nope, that is not the issue. The point about speculative reads is that they're optimizations, nothing else. If the address they attempt to read is off limits, they simply do not read it.
jalf  2009-06-29 12:44:39
@jalf: isn't that just another way of saying that the hardware trap has no visible consequences? The MMU will still be presented with a virtual address that does not resolve to a physical address, and that has to communicated back one way or another.
MSalters  2009-06-29 13:24:37

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS