views:

218

answers:

2

In his November 1, 2005 C++ column, Herb Sutter writes ...

int A[17];
int* endA = A + 17;
for( int* ptr = A; ptr < endA; ptr += 5 )
{
  // ...
}

[O]n some CPU architectures, including current ones, the aforementioned code can cause a hardware trap to occur at the point where the three-past-the-end pointer is created, whether that pointer is ever dereferenced or not.

How does a CPU trap on a bitpattern? What about ...

int A[17];

// (i) hardware will trap this ?
int *pUgly = A + 18; 

// (ii) hardware will trap this, too?
int *pEnd = A + 17;
++pEnd;  

// (iii) will this fool it?
int *precious = A + 17;
unsigned long tricksy = reinterpret_cast<unsigned long>(precious) ; 
++tricksy;
int *pHobbits = reinterpret_cast<int *>(tricksy);

Bonus question: Should the phrase "some current CPU architectures" be ordinarily understood to refer to shipping products only, or does it include imaginary architectures as well if the work of fiction in which they are described or alluded to has a recent publication date?

+4  A: 

Pointer operations are implementation-dependent.

It can happen that on some platform only specific registers are allowed for storing pointer values (only specific registers can serve as index registers) and the value written into such register by a non-priviledged program code is immediately checked for being a valid address. In this case if the pointer value corresponds to an address not present in the address space of the program the hardware trap will certainly occur.

If that's the case any code not optimized out by the compiler that assigns a new value to a pointer can potentially cause a trap.

sharptooth
Are there any such platforms, or is this like "Do not use this backhoe if you are located in the Cloud City of Bespin" ?
Thomas L Holaday
there are some, like Sutter said, "including current ones". I can't remember any names, but I know they exist. They're not extremely common though. But several architectures have used separate registers for pointers and data, which makes it trivial to detect invalid addressing.Does it matter whether any such platforms exist though? Just don't do it. ;)
jalf
The surealist auuthor Borges wrote that there are three kinds of animals: those that can be touched, those that can only be seen from a great distance, and those which can only be learned of from the tales of other people. My question is how these CPUs do the trap, so a real CPU's technical documentation would be instructive.
Thomas L Holaday
You already got the answer though. If the CPU has special "address registers", in which pointer arithmetics are performed, then it can, between every instruction, verify that the value stored in that register is actually a legal address, and generate a hardware trap if it isn't. At the very least, it could trivially detect overflows, which might occur if you go past the end of an array. The Motorola 68000 had such separate address registers, but I don't know if it would generate traps on illegal addresses.
jalf
I have been unable to locate any evidence that the Motorola 68000 would trap on illegal addresses.
Thomas L Holaday
+2  A: 

You might to google "speculative reading". As soon as an address is formed, it may be smart for the cache architecture to bring the corresponding dataline into cache. Normally, this should be harmless, but if you're significantly out of bounds (e.g. onto the next page) this might no longer be true.

MSalters
+1 for the search term.
Thomas L Holaday
Nope, that is not the issue. The point about speculative reads is that they're optimizations, nothing else. If the address they attempt to read is off limits, they simply do not read it.
jalf
@jalf: isn't that just another way of saying that the hardware trap has no visible consequences? The MMU will still be presented with a virtual address that does not resolve to a physical address, and that has to communicated back one way or another.
MSalters