Re: [GHC] #2120: Arrays allow out-of-bounds indexes

Thu, 25 Jun 2009 01:56:04 -0700 

#2120: Arrays allow out-of-bounds indexes
----------------------------------+-----------------------------------------
    Reporter:  amthrax            |        Owner:                  
        Type:  bug                |       Status:  new             
    Priority:  normal             |    Milestone:  6.12.1          
   Component:  libraries (other)  |      Version:  6.8.2           
    Severity:  normal             |   Resolution:                  
    Keywords:                     |   Difficulty:  Unknown         
    Testcase:                     |           Os:  Unknown/Multiple
Architecture:  Unknown/Multiple   |  
----------------------------------+-----------------------------------------
Comment (by simonpj):

 Triggered by this thread http://www.haskell.org/pipermail/haskell-
 cafe/2009-June/063399.html, I had quick look.

 There are two range tests under discussion
   * One tests every index supplied by the client of the array, against the
 original bounds.  We should never leave this test out.
   * The other tests the `Int` offset computed by `index`, in case the `Ix`
 instance for this type is bogus. We can omit this check iff we trust the
 instance.

 The only safe thing to do (and Haskell is supposed to be a safe language)
 is to do both checks, thus (in `GHC.Arr`):
 {{{
 safeIndex :: Ix i => (i, i) -> Int -> i -> Int
 safeIndex (l,u) n i = let i' = index (l,u) i
                       in if (0 <= i') && (i' < n)
                          then i'
                          else error "Error in array index"
 }}}
 (Note the use of `index` rather than `unsafeIndex`.)  To avoid the double
 test in the (wildly common) cases of indexing using the (trusted) built-in
 instances for `Int`, `(Int,Int)` etc, we could use a RULE to call version
 of `safeIndex` that did only one test.

 Furthermore, we should improve the "Error in array index" error message.
 If we have the first client-oriented test in place, then this second error
 can read something like "The index method for an Ix instance returned
 offset N, but the array has size M".  I don't see how to say ''which''
 type, sadly.  `Typeable` is not a superclass of `Ix`.

 Simon

-- 
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/2120#comment:11>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
Glasgow-haskell-bugs mailing list
Glasgow-haskell-bugs@haskell.org
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs

Reply via email to