Right. Also it might it sound like array-to-pointer decay is forced onto the programmer. Instead, you can take the address of an array just fine without letting it decay. The type then preserves the length.
C:
int foo(int a[]) { return a[5]; }
int main() {
int a[3];
return foo(a);
}
> gcc test.c
> ./a.outD: int foo(int[] a) { return a[5]; }
int main() {
int[3] a;
return foo(a);
}
> ./cc array.d
> ./array
core.exception.ArrayIndexError@array.d(1): index [5] is out of bounds for array of length 3
How to fix it for C:
You need to take the address of the array instead of letting it decay and then size is encoded in the type:
int foo(int (*a)[6]) { return a[5]; }
int main() {
int a[3];
return foo(&a);
}
int foo(int n, int (*a)[n]) { return (\*a)[5]; }
int main() {
int a[3];
return foo(ARRAY_SIZE(a), &a);
}
/app/example.c:4:38: runtime error: index 5 out of bounds for
type 'int[n]'
Nice, when you know the length at compile time, which is rarely from my experience.
The holy grail is runtime access to the length, which means an array would have to be backed by something more elaborate.
Oh, it also work for runtime length:
Now try that on a compiler without -fsanitize=bounds, yet full ISO C compliant.