[Cryptography] bounded pointers in C
Patrick Chkoreff
patrick at rayservers.net
Wed Apr 23 10:47:22 EDT 2014
Nemo wrote, On 04/22/2014 09:32 PM:
> Dave Horsfall <dave at horsfall.org> writes:
>
>> I'd like to see your counter-example.
>
> First, I do not need a counter-example because I HAVE A SPEC. The
> language is defined independently of any implementation; this is one of
> the strongest arguments for using C at all, actually. If you code to the
> spec, you can write routines that are guaranteed to run correctly both
> on today's systems and tomorrow's.
Exactly. There's no need to rely on "rules of thumb" here.
C programmers should use features guaranteed by the C specification.
There's no need to assume things like "a pointer can fit in a long" and
other such statements that are not guaranteed by the specification. A
huge litany of useful and portable features exist, e.g.:
uintptr_t
uint_least32_t
uint_least64_t
uint_fast32_t
uint_fast64_t
uintmax_t
UINT_MAX
ULONG_MAX
... etc. etc. etc.
Just as one simple example, the C spec provides types that allow me to
multiply two 32-bit unsigned integers and get a 64-bit unsigned result,
guaranteed portable. But you have to use uint_least32_t and
uint_least64_t. You can't use (unsigned int) and (unsigned long).
As for integers capable of holding pointers, I'm not doing that anymore
anyway, but it can be done portably.
-- Patrick
More information about the cryptography
mailing list