Bounds checked string library

[Joona I Palaste]

The concept is there, you just don't recognize it. Each of the
LOADs was a constant expression. The whole sequence was an
expression, and left the result stacked, just as did the loads.

The thing is, in C, I write the expression the way it would appear in
a mathematics (for computer engineers) textbook, and let the compiler
worry about evaluating it. In assembly language, I have to work out
the evaluation algorithm myself.

 

[Dan Pop]

The thing is, in C, I write the expression the way it would appear in
a mathematics (for computer engineers) textbook,

Nope, you don't. You write them according to the C syntax, not to the
math syntax (think about multiplications, square roots and so on).

Furthermore, you're limited to the kind of expressions that can be
written in C syntax, which is a small subset of the expressions that
can be written in math syntax.

and let the compiler worry about evaluating it.

Or you do the hard work yourself if the compiler cannot evaluate it,
e.g. you need a function that is not part of the standard C library,
or an integral or an array multiplication etc etc.

In assembly language, I have to work out the evaluation algorithm myself.

No different from C, except that the C compiler can evaluate a broader
range of expressions than the typical assembler. But there are plenty
of expressions beyond the reach of both, although other languages can
evaluate them just fine. Assembly is lower level than C and C is lower
level than those languages.

One of the easiest things, for the experienced assembly programmer, is the
evaluation of expressions. The good old VAX allowed evaluating A = B + C
in a single machine instruction (the 3 operand add).

Dan

 

[Dave Thompson]

I have this in my personal standard C library in my "STR" module :

/* ---------------------------------------------------------------------
STR_safecopy()

There is no word "outbonding". You probably mean "overflow". You may
have been trying to make a verb from "out of bounds", but first, bound
!= bond, and second, bound in this sense is a transitive verb not an
intransitive one and so doesn't extend (conjugate?) that way.

---------------------------------------------------------------------
I: destination address
I: destination size
I: source address
O: destination address
--------------------------------------------------------------------- */
char *STR_safecopy (char *const des
,size_t const size
,char const *const src)
{
char *s_out = NULL;
if (des && size && src)
{
memcpy (des, src, size - 1);
des[size - 1] = 0;
s_out = des;
}

This is unsafe if the buffer pointed to by src is smaller than that
pointed to by des, or more accurately than size which presumably must
be <= the size pointed to by des, because you read memory not
allocated to this object, and possibly unallocated (to you) and even
nonexistent. And even if that doesn't happen, it is inefficient,
possibly very much so. You should use the minimum of the (current)
length at src or the usable size (i.e. -1) at des.

PS- I (would) use dst instead of des; des could be the abbreviation of
quite a few other things I might mean as a parameter, like descriptor,
design, desire(d), not to mention cryptographic DES.

- David.Thompson1 at worldnet.att.net