Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Bounds checking
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|In programming, detecting whether a variable is within given bounds before use}} {{more footnotes|date=March 2012}} In [[computer programming]], '''bounds checking''' is any method of detecting whether a [[variable (programming)|variable]] is within some [[upper and lower bounds|bounds]] before it is used. It is usually used to ensure that a number fits into a given type (range checking), or that a variable being used as an [[Array data structure|array]] index is within the bounds of the array (index checking). A failed bounds check usually results in the generation of some sort of [[Exception handling|exception]] signal. As performing bounds checking during each use can be time-consuming, it is not always done. [[Bounds-checking elimination]] is a [[compiler optimization]] technique that eliminates unneeded bounds checking. ==Range checking== A range check is a check to make sure a number is within a certain range; for example, to ensure that a value about to be assigned to a 16-bit integer is within the capacity of a 16-bit integer (i.e. checking against [[Arithmetic overflow|wrap-around]]). This is not quite the same as [[type checking]].{{how|date=March 2024}} Other range checks may be more restrictive; for example, a variable to hold the number of a calendar month may be declared to accept only the range 1 to 12. Example in [[Python (programming language)|Python]]: <syntaxhighlight lang="python"> def set_month(month: int): if month < 1 or month > 12: raise ValueError("The month must be between 1 and 12") </syntaxhighlight> ==Index checking== Index checking means that, in all [[Expression (programming)|expressions]] indexing an array, the index value is checked against the bounds of the array (which were established when the array was defined), and if the index is out-of-bounds, further execution is suspended via some sort of error. Because reading or especially writing a value outside the bounds of an array may cause the program to malfunction or crash or enable security vulnerabilities (see [[buffer overflow]]), index checking is a part of many [[High-level programming language|high-level languages]]. Early compiled [[programming language]]s with index checking ability included [[ALGOL 60]], [[ALGOL 68]] and [[Pascal (programming language)|Pascal]], as well as interpreted programming languages such as [[BASIC]]. Many programming languages, such as [[C (programming language)|C]], never perform automatic bounds checking to raise speed. However, this leaves many [[off-by-one error]]s and [[buffer overflow]]s uncaught. Many programmers believe these languages sacrifice too much for rapid execution.<ref>{{Cite book |doi=10.1109/DISCEX.2000.821514|chapter=Buffer overflows: Attacks and defenses for the vulnerability of the decade|title=Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00|volume=2|pages=119β129|year=1999|last1=Cowan|first1=C|last2=Wagle|first2=F|last3=Calton Pu|last4=Beattie|first4=S|last5=Walpole|first5=J|isbn=978-0-7695-0490-2|s2cid=167759976}}</ref> In his 1980 [[Turing Award]] lecture, [[C. A. R. Hoare]] described his experience in the design of [[ALGOL 60]], a language that included bounds checking, saying: <blockquote>A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interest of efficiency on production runs. Unanimously, they urged us not toβthey already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980, language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law.</blockquote> Mainstream languages that enforce run time checking include [[Ada (programming language)|Ada]], [[C Sharp (programming language)|C#]], [[Haskell (programming language)|Haskell]], [[Java (programming language)|Java]], [[JavaScript]], [[Lisp (programming language)|Lisp]], [[PHP]], [[Python (programming language)|Python]], [[Ruby (programming language)|Ruby]], [[Rust (programming language)|Rust]], and [[Visual Basic]]. The [[D (programming language)|D]] and [[OCaml]] languages have run time bounds checking that is enabled or disabled with a compiler switch. In [[C++]] run time checking is not part of the language, but part of the [[Standard Template Library|STL]] and is enabled with a compiler switch (_GLIBCXX_DEBUG=1 or _LIBCPP_DEBUG=1). C# also supports ''unsafe regions'': sections of code that (among other things) temporarily suspend bounds checking to raise efficiency. These are useful for speeding up small time-critical bottlenecks without sacrificing the safety of a whole program. The [[JS++]] programming language is able to analyze if an array index or map key is out-of-bounds at compile time using [[existent types]], which is a [[Nominal type system|nominal type]] describing whether the index or key is within-bounds or out-of-bounds and guides code generation. Existent types have been shown to add only {{Clarify span|1ms overhead|date=February 2025}} to compile times.<ref>{{Cite web | url=https://www.onux.com/jspp/blog/jspp-0-9-0-efficient-compile-time-analysis-of-out-of-bounds-errors/ | archive-url=https://web.archive.org/web/20190112060200/https://www.onux.com/jspp/blog/jspp-0-9-0-efficient-compile-time-analysis-of-out-of-bounds-errors/| archive-date=2019-01-12| title=JS++ 0.9.0: Efficient Compile Time Analysis of Out-of-Bounds Errors β JS++ Blog| date=11 January 2019}}</ref> == Hardware bounds checking == The safety added by bounds checking necessarily costs CPU time if the checking is performed in software; however, if the checks could be performed by hardware, then the safety can be provided "for free" with no runtime cost. An early system with hardware bounds checking was the [[ICL 2900 Series]] mainframe announced in 1974.<ref>{{cite book |pages=17, 77 |url=http://www.fujitsu.com/uk/Images/icl-2900-series-by-jk-buckle.pdf |title=The ICL 2900 Series |author=J. K. Buckle |publisher=Macmillan Computer Science Series |year=1978 |isbn=978-0-333-21917-1 |access-date=20 April 2018 |archive-date=20 April 2018 |archive-url=https://web.archive.org/web/20180420203006/http://www.fujitsu.com/uk/Images/icl-2900-series-by-jk-buckle.pdf |url-status=dead }}</ref> The [[VAX]] computer has an INDEX assembly instruction for array index checking which takes six operands, all of which can use any VAX addressing mode. The B6500 and similar [[Burroughs Corporation|Burroughs]] computers performed bound checking via hardware, irrespective of which computer language had been compiled to produce the machine code. A limited number of later [[CPU]]s have specialised instructions for checking bounds, e.g., the CHK2 instruction on the [[Motorola 68000#Interrupts|Motorola 68000]] series. Research has been underway since at least 2005 regarding methods to use x86's built-in virtual memory management unit to ensure safety of array and buffer accesses.<ref>{{Cite book | doi=10.1109/DSN.2005.25| chapter=Checking Array Bound Violation Using Segmentation Hardware| title=2005 International Conference on Dependable Systems and Networks (DSN'05)| pages=388β397| year=2005| last1=Lap-Chung Lam| last2=Tzi-Cker Chiueh| isbn=0-7695-2282-3| s2cid=6278708}}</ref> In 2015 Intel provided their [[Intel MPX]] extensions in their [[Skylake (microarchitecture)|Skylake]] processor architecture which stores bounds in a CPU register and table in memory. As of early 2017 at least [[GNU Compiler Collection|GCC]] supports MPX extensions. == See also == * [[Dynamic code analysis]] * [[Runtime error detection]] * [[Static program analysis|Static code analysis]] ==References== {{Reflist}} == External links == * β[https://web.archive.org/web/20160623195112/http://www.feustel.us/Feustel%20%26%20Associates/Advantages.pdf On The Advantages Of Tagged Architecture]β, IEEE Transactions On Computers, Volume C-22, Number 7, July, 1973. * β[http://zoo.cs.yale.edu/classes/cs422/2011/bib/hoare81emperor.pdf The Emperorβs Old Clothes] {{Webarchive|url=https://web.archive.org/web/20171002195604/http://zoo.cs.yale.edu/classes/cs422/2011/bib/hoare81emperor.pdf |date=2017-10-02 }}β, The 1980 ACM Turing Award Lecture, CACM volume 24 number 2, February 1981, pp 75β83. * β[https://www.doc.ic.ac.uk/~afd/rarepapers/KendallBccRuntimeCheckingsforC.pdf Bcc: Runtime checking for C programs]β, Samuel C. Kendall, Proceedings of the [[USENIX]] Summer 1983 Conference. * β[https://web.archive.org/web/20160326081542/https://www.doc.ic.ac.uk/~phjk/BoundsChecking.html Bounds Checking for C]β, Richard Jones and Paul Kelly, Imperial College, July 1995. * β[https://web.archive.org/web/20130124070111/http://public.support.unisys.com/aseries/docs/clearpath-mcp-11.0/pdf/38347639-000.pdf ClearPath Enterprise Servers MCP Security Overview]β, Unisys, April 2006. * β[http://llvm.org/pubs/2007-SOSP-SVA.pdf Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems]β, John Criswell, Andrew Lenharth, Dinakar Dhurjati, Vikram Adve, SOSP'07 21st ACM Symposium on Operating Systems Principles, 2007. * β[https://web.archive.org/web/20160707163127/https://staff.aist.go.jp/y.oiwa/FailSafeC/index-en.html Fail-Safe C]β, Yutaka Oiwa. Implementation of the Memory-safe Full ANSI-C Compiler. ACM SIGPLAN Conference on Programing Language Design and Implementations (PLDI2009), June 2009. * β[https://github.com/google/sanitizers/wiki/AddressSanitizer address-sanitizer]β, Timur Iskhodzhanov, Alexander Potapenko, Alexey Samsonov, Kostya Serebryany, Evgeniy Stepanov, Dmitriy Vyukov, LLVM Dev Meeting, November 18, 2011. * [http://sourceforge.net/projects/safeclib/ Safe C Library of Bounded APIs] * {{cite journal|date=February 20, 2009|title=The Safe C Library|journal=[[Dr. Dobb's Journal]]|url=http://www.drdobbs.com/cpp/the-safe-c-library/214502214|access-date=November 13, 2012|archive-url=https://web.archive.org/web/20131202222313/http://www.drdobbs.com/cpp/the-safe-c-library/214502214|archive-date=December 2, 2013|url-status=dead}} * [https://web.archive.org/web/20131203031224/http://www.owasp.org.cn/OWASP_Conference/2011/17_.pdf Safe C APIβConcise solution of buffer overflow, The OWASP Foundation, OWASP AppSec, Beijing 2011 ] * [https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_macros.html The GNU C++ Library Manual Macros] * [https://libcxx.llvm.org/docs/DesignDocs/DebugMode.html libc++ 11.0 documentation Debug Mode] {{DEFAULTSORT:Bounds Checking}} [[Category:Computer errors]] [[Category:Arrays]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite book
(
edit
)
Template:Cite journal
(
edit
)
Template:Cite web
(
edit
)
Template:Clarify span
(
edit
)
Template:How
(
edit
)
Template:More footnotes
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Webarchive
(
edit
)