allocate a float vector with subscript range v[nl..nh]

Question

Ok so i want to understand what this does:

#define NR_END 1

float *vector(long nl, long nh)
/* allocate a float vector with subscript range v[nl..nh] */
{
    float *v;

    v=(float *)malloc((size_t) ((nh-nl+1+NR_END)*sizeof(float)));
    if (!v) nrerror("allocation failure in vector()");
    return v-nl+NR_END;
}

i mean it creates a pointer to a malloc space of the size given there. so v[0] is the first unit ... and so on till the end of the block.

but why is some term returned in the end.

I thought you couldn't move anywhere on the stack with a pointer but just be able to access the space given?

int main()
{
    printf("Hello world\n\n");

    float* f = vector(3,5);

    f[0]=1;
    f[1]=2;
    f[2]=3;
    f[7] = 5;


    printf("%f", f[7]);

    return 0;

}

i did these tests and it compiles whithout errors or warnings when gcc filename.c -o filename.

and why does v[7]=5 work when it shouldn't?

and what is a subscript range?

and how are you supposed to use this correctly?

i am very confused. Please help me understand this.

the file seems to be also viewable at https://www.cfa.harvard.edu/~sasselov/rec/code/nrutil.c

Answer 1

That is some pretty sketchy-looking code, this is not a good idea.

The function seems to allocate a vector where the caller promises to only use indexes in the closed interval [nl, nh], e.g. vector(100, 104) would try to allocate a 5-element vector indexed 100, 101, 102, 103 and 104. Any other index results in undefined behavior. This includes 0 which typically is the first valid index of a C array.

The two core lines of code are:

// 1
v=(float *)malloc((size_t) ((nh-nl+1+NR_END)*sizeof(float)));

This can be re-written a bit cleaner without the pointless casts:

v = malloc((nh - nl + 1 + NR_END) * sizeof *v);

This then computes the size of the desired index interval (nh - nl + 1 would result in 104 - 100 + 1 which is 5 in our example). It adds an extra NR_END elements, no idea why.

And then there's:

// 2
return v - nl + NR_END;

This returns the base pointer v, but first adjusts it by going backwards nl elements, i.e. 100 in our example. This causes indexing by 100 to hit the first actual allocated element. The addition of NR_END biases the use of the allocated vector towards the end, again I have no idea why.

So in memory it would look like this, with 6 elements allocated:

   +---+---+---+---+---+---+
v: | 0 | 1 | 2 | 3 | 4 | 5 |
   +---+---+---+---+---+---+

But by subtracting, we return a pointer to lower addresses, relying on the caller indexing with at least nl to back up into the allocated space.

All that said, I'm pretty sure this is undefined behavior and assumes a bit much about address computations. You're not supposed to work with addresses outside the range [0,N] for an array of N elements, which would rule out dealing with addresses to before the array starts.

Answer 2

In order to see the code you wrote actually fails, you need to do more than just compiling the code without any extra flags. If you use clang MemorySantizer and disable compiler optimisations, you will see that there is a problem with the memory access done with f[0].

C does not do bounds checking and leaves it to the programmer. The vector() function returns a memory location which can only be addressed through v[nl] ... v[nh]

Line 23 in the a.c. is f[0]=1;

% clang -fsanitize=memory -fno-omit-frame-pointer -g -O0 a.c
% ./a.out 
Hello world

MemorySanitizer:DEADLYSIGNAL
==26321==ERROR: MemorySanitizer: SEGV on unknown address 0x600ffffffff8 (pc 0x0000010a9670 bp 0x7fffffffeaa0 sp 0x7fffffffea10 T101363)
==26321==The signal is caused by a WRITE memory access.
    #0 0x10a966f in main /home/fnoyanisi/a.c:23:9
    #1 0x1060b5a in __sanitizer::ReportDeadlySignalImpl(__sanitizer::SignalContext const&, unsigned int, void (*)(__sanitizer::SignalContext const&, void const*, __sanitizer::BufferedStackTrace*), void const*) /usr/src/contrib/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_report.cc:211:3
    #2 0x1060b5a in __sanitizer::ReportDeadlySignal(__sanitizer::SignalContext const&, unsigned int, void (*)(__sanitizer::SignalContext const&, void const*, __sanitizer::BufferedStackTrace*), void const*) /usr/src/contrib/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_report.cc:225
    #3 0x1060e8e in __sanitizer::HandleDeadlySignal(void*, void*, unsigned int, void (*)(__sanitizer::SignalContext const&, void const*, __sanitizer::BufferedStackTrace*), void const*) /usr/src/contrib/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_report.cc:234:3

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV /home/fnoyanisi/a.c:23:9 in main
==26321==ABORTING
% sed '23q;d' a.c
    f[0]=1;
% clang a.c
% ./a.out 
Hello world

5.000000
% 

Answer 3

What the vector(long nl, long nh) function does is create an array of the necessary size to hold the given range of numbers, and adds an 'extra' element (possibly, in order to permit the C practice of taking an address "one beyond the bounds"). So, if you call it with values of 3 and 5, it allocates space for 4 float variables at the address in v.

However, simply using this v address, one would have to access the elements using indexes in the range 0 thru 2. So, before returning an address, the function subtracts your lower index (nl) from it. Now, although this value will now point to an invalid memory address, if you only ever access elements from your specified range, then the pointer arithmetic used in calculating, say f[3] in your main function, will add a suitable offset to this "invalid" pointer, so that your are then actually accessing the v[0] variable.