Is ((void *) -1) a valid address?

c void-pointers

Verbatim from Linux' man shmat:

RETURN VALUE

[...] on error (void *) -1 is returned, and errno is set to indicate the cause of the error.

(POSIX tells the same using a slightly different wording.)

Is there any mandatory rule or definition (standard?) that (void *) -1 may not be a valid address?


Solution 1:

0xffffffff is technically a valid address in a 32 bit environment but on most operating systems (Certainly Linux/Windows) will be in the reserved kernel part of the address space. That means that in user mode processes it's safe to use it as a error code since no user mode allocation function would return this as a usable address.

Solution 2:

For simplicity, consider a machine with 16 bits of address space. This machine can address memory from 0 to 65535. In this case (void*) -1 would be the same as 0xffff which is 65535. While technically this address is valid, there are few system that would have anything there that they would allow to be accessed.

The other thing to consider is that almost all POSIX system calls returns -1 on error.

As noted by Benj, it's actually possible to map the address NULL. This can be used for example when you want to see if there is a mapping with a specified shmid, in which case the shmaddr argument is set to NULL and the function return NULL to signify that the shared memory exists.

Solution 3:

To answer the question directly, no, there is no mandatory rule, definition, standard, or specification that says (void *) -1 may not be a valid address.

(Of course, no rules, definitions, standards, or specifications about memory addresses are mandatory. I see people walking down the street every day without conforming to the C standard, for example, but I have never seen anybody arrested for it. But, even if we omit the mandatory part, using (void *) -1 as an address is generally not prohibited by common specifications.)

However, it is not necessary for (void *) -1 not to be a valid address in order for shmat to work. It is merely necessary that a successful call to shmat never returns (void *) -1 and that (void *) -1 be supported by the compiler for purposes of testing the return value from shmat. If these two conditions are met, then a program can always distinguish a successful shmat call from an unsuccessful shmat call.

Regarding the second condition, the C standard does not guarantee that (void *) -1 can be used, so POSIX, in specifying that this is an error return from shmat, implicitly requires the C (or other language) implementation to support it. So this is an extension to the language required by POSIX, and it is generally a simple thing for compilers to support.

Regarding the first condition, consider when we might want shmat to return (void *) -1 for a successful call. shmat can be called with a user-requested address or without, in which case the implementation chooses an address. In any normal computer architecture, there are multiple reasons to use addresses that are multiples of various values. For shmat, the most obvious is memory mapping. On architectures with virtual memory, memory is mapped in units of pages, and shmat, when it maps memory for the segment, will map to the start of a page. Any even page size has no multiples that are (void *) -1, since the latter is odd, so shmat never chooses to map a segment to (void *) -1. Even if shmat did not use page size, it would typically use some other alignment, such as 4, 8, or 16 bytes, because providing aligned memory means that structures stored at the start of that memory will be aligned, which results in faster memory access on many processors.

That leaves the case where the user requests (void *) -1 as an address. This would be unusual, and it could work only if the memory segment were a single byte or the memory model allowed wrapping around (or the compiler presented a very strange memory model in which (void *) -1 were not the last byte in the address space). I cannot say for sure whether any POSIX systems support this or not. However, it is clear that this is essentially useless, and nobody has any reason for doing it other than curiosity. Therefore, it is safe and reasonable to rule this case out of shmat, simply saying that is not supported, do not do it.

Related

JavaFX 2 custom popup pane
JavaScript Regex, where to use escape characters?
DataGridView keydown event not working in C#
How to inject module declaration into JAR?
Bluetooth support on Android Emulator
How to store sqlite database directly on sdcard
Posting array from form
Detect power button long press
WPF: How do I loop through the all controls in a window?
To use or not to use regular expressions?
Initialize List to a variable in a Dictionary inside a loop
Blank PDF even with the simplest Jasperreport jrxml