www.Usenet.com
www.Usenet.com
| <-- __Chronological__ --> | <-- __Thread__ --> |
Archive-name: C-faq/faq
Comp-lang-c-archive-name: C-FAQ-list
URL: http://www.eskimo.com/~scs/C-faq/top.html
[Last modified February 7, 1999 by scs.]
This article is Copyright 1990-1999 by Steve Summit. Content from the
book _C Programming FAQs: Frequently Asked Questions_ is made available
here by permission of the author and the publisher as a service to the
community. It is intended to complement the use of the published text
and is protected by international copyright laws. The content is made
available here and may be accessed freely for personal use but may not
be republished without permission.
Certain topics come up again and again on this newsgroup. They are good
questions, and the answers may not be immediately obvious, but each time
they recur, much net bandwidth and reader time is wasted on repetitive
responses, and on tedious corrections to the incorrect answers which are
inevitably posted.
This article, which is posted monthly, attempts to answer these common
questions definitively and succinctly, so that net discussion can move
on to more constructive topics without continual regression to first
principles.
No mere newsgroup article can substitute for thoughtful perusal of a
full-length tutorial or language reference manual. Anyone interested
enough in C to be following this newsgroup should also be interested
enough to read and study one or more such manuals, preferably several
times. Some C books and compiler manuals are unfortunately inadequate;
a few even perpetuate some of the myths which this article attempts to
refute. Several noteworthy books on C are listed in this article's
bibliography; see also questions 18.9 and 18.10. Many of the questions
and answers are cross-referenced to these books, for further study by
the interested and dedicated reader.
If you have a question about C which is not answered in this article,
first try to answer it by checking a few of the referenced books, or by
asking knowledgeable colleagues, before posing your question to the net
at large. There are many people on the net who are happy to answer
questions, but the volume of repetitive answers posted to one question,
as well as the growing number of questions as the net attracts more
readers, can become oppressive. If you have questions or comments
prompted by this article, please reply by mail rather than following up --
this article is meant to decrease net traffic, not increase it.
Besides listing frequently-asked questions, this article also summarizes
frequently-posted answers. Even if you know all the answers, it's worth
skimming through this list once in a while, so that when you see one of
its questions unwittingly posted, you won't have to waste time
answering. (However, this is a large and heavy document, so don't
assume that everyone on the newsgroup has managed to read all of it in
detail, and please don't roll it up and thwack people over the head with
it just because they missed their answer in it.)
This article was last modified on February 7, 1999, and its travels may
have taken it far from its original home on Usenet. It may, however,
be out-of-date, particularly if you are looking at a printed copy
or one retrieved from a tertiary archive site or CD-ROM. You should
be able to obtain the most up-to-date copy on the web at
http://www.eskimo.com/~scs/C-faq/top.html or http://www.faqs.org/faqs/ ,
or from one of the ftp sites mentioned in question 20.40. Since this
list is modified from time to time, its question numbers may not match
those in older or newer copies which are in circulation; be careful when
referring to FAQ list entries by number alone.
This article was produced for free redistribution. You should not need
to pay anyone for a copy of it.
Other versions of this document are also available. Posted along with
it are an abridged version and (when there are changes) a list of
differences with respect to the previous version. A hypertext version
is available on the web at the aforementioned URL. Finally, for those
who might prefer a bound, hardcopy version (and even longer answers to
even more questions!), a book-length version has been published by
Addison-Wesley (ISBN 0-201-84519-9).
This article is always being improved. Your input is welcomed. Send
your comments to [EMAIL PROTECTED] .
The questions answered here are divided into several categories:
1. Declarations and Initializations
2. Structures, Unions, and Enumerations
3. Expressions
4. Pointers
5. Null Pointers
6. Arrays and Pointers
7. Memory Allocation
8. Characters and Strings
9. Boolean Expressions and Variables
10. C Preprocessor
11. ANSI/ISO Standard C
12. Stdio
13. Library Functions
14. Floating Point
15. Variable-Length Argument Lists
16. Strange Problems
17. Style
18. Tools and Resources
19. System Dependencies
20. Miscellaneous
Bibliography
Acknowledgements
(The question numbers within each section are not always continuous,
because they are aligned with the aforementioned book-length version,
which contains even more questions.)
Herewith, some frequently-asked questions and their answers:
Section 1. Declarations and Initializations
1.1: How do you decide which integer type to use?
A: If you might need large values (above 32,767 or below -32,767),
use long. Otherwise, if space is very important (i.e. if there
are large arrays or many structures), use short. Otherwise, use
int. If well-defined overflow characteristics are important and
negative values are not, or if you want to steer clear of sign-
extension problems when manipulating bits or bytes, use one of
the corresponding unsigned types. (Beware when mixing signed
and unsigned values in expressions, though.)
Although character types (especially unsigned char) can be used
as "tiny" integers, doing so is sometimes more trouble than it's
worth, due to unpredictable sign extension and increased code
size. (Using unsigned char can help; see question 12.1 for a
related problem.)
A similar space/time tradeoff applies when deciding between
float and double. None of the above rules apply if the address
of a variable is taken and must have a particular type.
If for some reason you need to declare something with an *exact*
size (usually the only good reason for doing so is when
attempting to conform to some externally-imposed storage layout,
but see question 20.5), be sure to encapsulate the choice behind
an appropriate typedef.
References: K&R1 Sec. 2.2 p. 34; K&R2 Sec. 2.2 p. 36, Sec. A4.2
pp. 195-6, Sec. B11 p. 257; ISO Sec. 5.2.4.2.1, Sec. 6.1.2.5;
H&S Secs. 5.1,5.2 pp. 110-114.
1.4: What should the 64-bit type on a machine that can support it?
A: The forthcoming revision to the C Standard (C9X) specifies type
long long as effectively being at least 64 bits, and this type
has been implemented by a number of compilers for some time.
(Others have implemented extensions such as __longlong.)
On the other hand, there's no theoretical reason why a compiler
couldn't implement type short int as 16, int as 32, and long int
as 64 bits, and some compilers do indeed choose this
arrangement.
See also question 18.15d.
References: C9X Sec. 5.2.4.2.1, Sec. 6.1.2.5.
1.7: What's the best way to declare and define global variables
and functions?
A: First, though there can be many "declarations" (and in many
translation units) of a single "global" (strictly speaking,
"external") variable or function, there must be exactly one
"definition". (The definition is the declaration that actually
allocates space, and provides an initialization value, if any.)
The best arrangement is to place each definition in some
relevant .c file, with an external declaration in a header
(".h") file, which is #included wherever the declaration is
needed. The .c file containing the definition should also
#include the same header file, so that the compiler can check
that the definition matches the declarations.
This rule promotes a high degree of portability: it is
consistent with the requirements of the ANSI C Standard, and is
also consistent with most pre-ANSI compilers and linkers. (Unix
compilers and linkers typically use a "common model" which
allows multiple definitions, as long as at most one is
initialized; this behavior is mentioned as a "common extension"
by the ANSI Standard, no pun intended. A few very odd systems
may require an explicit initializer to distinguish a definition
from an external declaration.)
It is possible to use preprocessor tricks to arrange that a line
like
DEFINE(int, i);
need only be entered once in one header file, and turned into a
definition or a declaration depending on the setting of some
macro, but it's not clear if this is worth the trouble.
It's especially important to put global declarations in header
files if you want the compiler to catch inconsistent
declarations for you. In particular, never place a prototype
for an external function in a .c file: it wouldn't generally be
checked for consistency with the definition, and an incompatible
prototype is worse than useless.
See also questions 10.6 and 18.8.
References: K&R1 Sec. 4.5 pp. 76-7; K&R2 Sec. 4.4 pp. 80-1; ISO
Sec. 6.1.2.2, Sec. 6.7, Sec. 6.7.2, Sec. G.5.11; Rationale
Sec. 3.1.2.2; H&S Sec. 4.8 pp. 101-104, Sec. 9.2.3 p. 267; CT&P
Sec. 4.2 pp. 54-56.
1.11: What does extern mean in a function declaration?
A: It can be used as a stylistic hint to indicate that the
function's definition is probably in another source file, but
there is no formal difference between
extern int f();
and
int f();
References: ISO Sec. 6.1.2.2, Sec. 6.5.1; Rationale
Sec. 3.1.2.2; H&S Secs. 4.3,4.3.1 pp. 75-6.
1.12: What's the auto keyword good for?
A: Nothing; it's archaic. See also question 20.37.
References: K&R1 Sec. A8.1 p. 193; ISO Sec. 6.1.2.4, Sec. 6.5.1;
H&S Sec. 4.3 p. 75, Sec. 4.3.1 p. 76.
1.14: I can't seem to define a linked list successfully. I tried
typedef struct {
char *item;
NODEPTR next;
} *NODEPTR;
but the compiler gave me error messages. Can't a structure in C
contain a pointer to itself?
A: Structures in C can certainly contain pointers to themselves;
the discussion and example in section 6.5 of K&R make this
clear. The problem with the NODEPTR example is that the typedef
has not been defined at the point where the "next" field is
declared. To fix this code, first give the structure a tag
("struct node"). Then, declare the "next" field as a simple
"struct node *", or disentangle the typedef declaration from the
structure definition, or both. One corrected version would be
struct node {
char *item;
struct node *next;
};
typedef struct node *NODEPTR;
and there are at least three other equivalently correct ways of
arranging it.
A similar problem, with a similar solution, can arise when
attempting to declare a pair of typedef'ed mutually referential
structures.
See also question 2.1.
References: K&R1 Sec. 6.5 p. 101; K&R2 Sec. 6.5 p. 139; ISO
Sec. 6.5.2, Sec. 6.5.2.3; H&S Sec. 5.6.1 pp. 132-3.
1.21: How do I declare an array of N pointers to functions returning
pointers to functions returning pointers to characters?
A: The first part of this question can be answered in at least
three ways:
1. char *(*(*a[N])())();
2. Build the declaration up incrementally, using typedefs:
typedef char *pc; /* pointer to char */
typedef pc fpc(); /* function returning pointer to char */
typedef fpc *pfpc; /* pointer to above */
typedef pfpc fpfpc(); /* function returning... */
typedef fpfpc *pfpfpc; /* pointer to... */
pfpfpc a[N]; /* array of... */
3. Use the cdecl program, which turns English into C and vice
versa:
cdecl> declare a as array of pointer to function returning
pointer to function returning pointer to char
char *(*(*a[])())()
cdecl can also explain complicated declarations, help with
casts, and indicate which set of parentheses the arguments
go in (for complicated function definitions, like the one
above). See question 18.1.
Any good book on C should explain how to read these complicated
C declarations "inside out" to understand them ("declaration
mimics use").
The pointer-to-function declarations in the examples above have
not included parameter type information. When the parameters
have complicated types, declarations can *really* get messy.
(Modern versions of cdecl can help here, too.)
References: K&R2 Sec. 5.12 p. 122; ISO Sec. 6.5ff (esp.
Sec. 6.5.4); H&S Sec. 4.5 pp. 85-92, Sec. 5.10.1 pp. 149-50.
1.22: How can I declare a function that can return a pointer to a
function of the same type? I'm building a state machine with
one function for each state, each of which returns a pointer to
the function for the next state. But I can't find a way to
declare the functions.
A: You can't quite do it directly. Either have the function return
a generic function pointer, with some judicious casts to adjust
the types as the pointers are passed around; or have it return a
structure containing only a pointer to a function returning that
structure.
1.25: My compiler is complaining about an invalid redeclaration of a
function, but I only define it once and call it once.
A: Functions which are called without a declaration in scope
(perhaps because the first call precedes the function's
definition) are assumed to be declared as returning int (and
without any argument type information), leading to discrepancies
if the function is later declared or defined otherwise. Non-int
functions must be declared before they are called.
Another possible source of this problem is that the function has
the same name as another one declared in some header file.
See also questions 11.3 and 15.1.
References: K&R1 Sec. 4.2 p. 70; K&R2 Sec. 4.2 p. 72; ISO
Sec. 6.3.2.2; H&S Sec. 4.7 p. 101.
1.25b: What's the right declaration for main()?
Is void main() correct?
A: See questions 11.12a to 11.15. (But no, it's not correct.)
1.30: What am I allowed to assume about the initial values
of variables which are not explicitly initialized?
If global variables start out as "zero", is that good
enough for null pointers and floating-point zeroes?
A: Uninitialized variables with "static" duration (that is, those
declared outside of functions, and those declared with the
storage class static), are guaranteed to start out as zero, as
if the programmer had typed "= 0". Therefore, such variables
are implicitly initialized to the null pointer (of the correct
type; see also section 5) if they are pointers, and to 0.0 if
they are floating-point.
Variables with "automatic" duration (i.e. local variables
without the static storage class) start out containing garbage,
unless they are explicitly initialized. (Nothing useful can be
predicted about the garbage.)
Dynamically-allocated memory obtained with malloc() and
realloc() is also likely to contain garbage, and must be
initialized by the calling program, as appropriate. Memory
obtained with calloc() is all-bits-0, but this is not
necessarily useful for pointer or floating-point values (see
question 7.31, and section 5).
References: K&R1 Sec. 4.9 pp. 82-4; K&R2 Sec. 4.9 pp. 85-86; ISO
Sec. 6.5.7, Sec. 7.10.3.1, Sec. 7.10.5.3; H&S Sec. 4.2.8 pp. 72-
3, Sec. 4.6 pp. 92-3, Sec. 4.6.2 pp. 94-5, Sec. 4.6.3 p. 96,
Sec. 16.1 p. 386.
1.31: This code, straight out of a book, isn't compiling:
int f()
{
char a[] = "Hello, world!";
}
A: Perhaps you have a pre-ANSI compiler, which doesn't allow
initialization of "automatic aggregates" (i.e. non-static
local arrays, structures, and unions). (As a workaround, and
depending on how the variable a is used, you may be able to make
it global or static, or replace it with a pointer, or initialize
it by hand with strcpy() when f() is called.) See also
question 11.29.
1.31b: What's wrong with this initialization?
char *p = malloc(10);
My compiler is complaining about an "invalid initializer",
or something.
A: Is the declaration of a static or non-local variable? Function
calls are allowed only in initializers for automatic variables
(that is, for local, non-static variables).
1.32: What is the difference between these initializations?
char a[] = "string literal";
char *p = "string literal";
My program crashes if I try to assign a new value to p[i].
A: A string literal can be used in two slightly different ways. As
an array initializer (as in the declaration of char a[]), it
specifies the initial values of the characters in that array.
Anywhere else, it turns into an unnamed, static array of
characters, which may be stored in read-only memory, which is
why you can't safely modify it. In an expression context, the
array is converted at once to a pointer, as usual (see section
6), so the second declaration initializes p to point to the
unnamed array's first element.
(For compiling old code, some compilers have a switch
controlling whether strings are writable or not.)
See also questions 1.31, 6.1, 6.2, and 6.8.
References: K&R2 Sec. 5.5 p. 104; ISO Sec. 6.1.4, Sec. 6.5.7;
Rationale Sec. 3.1.4; H&S Sec. 2.7.4 pp. 31-2.
1.34: I finally figured out the syntax for declaring pointers to
functions, but now how do I initialize one?
A: Use something like
extern int func();
int (*fp)() = func;
When the name of a function appears in an expression like this,
it "decays" into a pointer (that is, it has its address
implicitly taken), much as an array name does.
An explicit declaration for the function is normally needed,
since implicit external function declaration does not happen in
this case (because the function name in the initialization is
not part of a function call).
See also questions 1.25 and 4.12.
Section 2. Structures, Unions, and Enumerations
2.1: What's the difference between these two declarations?
struct x1 { ... };
typedef struct { ... } x2;
A: The first form declares a "structure tag"; the second declares a
"typedef". The main difference is that you subsequently refer
to the first type as "struct x1" and the second simply as "x2".
That is, the second declaration is of a slightly more abstract
type -- its users don't necessarily know that it is a structure,
and the keyword struct is not used when declaring instances of it.
2.2: Why doesn't
struct x { ... };
x thestruct;
work?
A: C is not C++. Typedef names are not automatically generated for
structure tags. See also question 2.1 above.
2.3: Can a structure contain a pointer to itself?
A: Most certainly. See question 1.14.
2.4: What's the best way of implementing opaque (abstract) data types
in C?
A: One good way is for clients to use structure pointers (perhaps
additionally hidden behind typedefs) which point to structure
types which are not publicly defined.
2.6: I came across some code that declared a structure like this:
struct name {
int namelen;
char namestr[1];
};
and then did some tricky allocation to make the namestr array
act like it had several elements. Is this legal or portable?
A: This technique is popular, although Dennis Ritchie has called it
"unwarranted chumminess with the C implementation." An official
interpretation has deemed that it is not strictly conforming
with the C Standard, although it does seem to work under all
known implementations. (Compilers which check array bounds
carefully might issue warnings.)
Another possibility is to declare the variable-size element very
large, rather than very small; in the case of the above example:
...
char namestr[MAXSIZE];
where MAXSIZE is larger than any name which will be stored.
However, it looks like this technique is disallowed by a strict
interpretation of the Standard as well. Furthermore, either of
these "chummy" structures must be used with care, since the
programmer knows more about their size than the compiler does.
(In particular, they can generally only be manipulated via
pointers.)
C9X will introduce the concept of a "flexible array member",
which will allow the size of an array to be omitted if it is
the last member in a structure, thus providing a well-defined
solution.
References: Rationale Sec. 3.5.4.2; C9X Sec. 6.5.2.1.
2.7: I heard that structures could be assigned to variables and
passed to and from functions, but K&R1 says not.
A: What K&R1 said (though this was quite some time ago by now) was
that the restrictions on structure operations would be lifted
in a forthcoming version of the compiler, and in fact structure
assignment and passing were fully functional in Ritchie's
compiler even as K&R1 was being published. A few ancient C
compilers may have lacked these operations, but all modern
compilers support them, and they are part of the ANSI C
standard, so there should be no reluctance to use them.
(Note that when a structure is assigned, passed, or returned,
the copying is done monolithically; the data pointed to by any
pointer fields is *not* copied.)
References: K&R1 Sec. 6.2 p. 121; K&R2 Sec. 6.2 p. 129; ISO
Sec. 6.1.2.5, Sec. 6.2.2.1, Sec. 6.3.16; H&S Sec. 5.6.2 p. 133.
2.8: Is there a way to compare structures automatically?
A: No. There is no single, good way for a compiler to implement
implicit structure comparison (i.e. to support the == operator
for structures) which is consistent with C's low-level flavor.
A simple byte-by-byte comparison could founder on random bits
present in unused "holes" in the structure (such padding is used
to keep the alignment of later fields correct; see question
2.12). A field-by-field comparison might require unacceptable
amounts of repetitive code for large structures.
If you need to compare two structures, you'll have to write your
own function to do so, field by field.
References: K&R2 Sec. 6.2 p. 129; Rationale Sec. 3.3.9; H&S
Sec. 5.6.2 p. 133.
2.10: How can I pass constant values to functions which accept
structure arguments?
A: As of this writing, C has no way of generating anonymous
structure values. You will have to use a temporary structure
variable or a little structure-building function.
The C9X Standard will introduce "compound literals"; one form of
compound literal will allow structure constants. For example,
to pass a constant coordinate pair to a plotpoint() function
which expects a struct point, you will be able to call
plotpoint((struct point){1, 2});
Combined with "designated initializers" (another C9X feature),
it will also be possible to specify member values by name:
plotpoint((struct point){.x=1, .y=2});
See also question 4.10.
References: C9X Sec. 6.3.2.5, Sec. 6.5.8.
2.11: How can I read/write structures from/to data files?
A: It is relatively straightforward to write a structure out using
fwrite():
fwrite(&somestruct, sizeof somestruct, 1, fp);
and a corresponding fread invocation can read it back in.
However, data files so written will *not* be portable (see
questions 2.12 and 20.5). Note also that if the structure
contains any pointers, only the pointer values will be written,
and they are most unlikely to be valid when read back in.
Finally, note that for widespread portability you must use the
"b" flag when fopening the files; see question 12.38.
A more portable solution, though it's a bit more work initially,
is to write a pair of functions for writing and reading a
structure, field-by-field, in a portable (perhaps even human-
readable) way.
References: H&S Sec. 15.13 p. 381.
2.12: My compiler is leaving holes in structures, which is wasting
space and preventing "binary" I/O to external data files. Can I
turn off the padding, or otherwise control the alignment of
structure fields?
A: Your compiler may provide an extension to give you this control
(perhaps a #pragma; see question 11.20), but there is no
standard method.
See also question 20.5.
References: K&R2 Sec. 6.4 p. 138; H&S Sec. 5.6.4 p. 135.
2.13: Why does sizeof report a larger size than I expect for a
structure type, as if there were padding at the end?
A: Structures may have this padding (as well as internal padding),
if necessary, to ensure that alignment properties will be
preserved when an array of contiguous structures is allocated.
Even when the structure is not part of an array, the end padding
remains, so that sizeof can always return a consistent size.
See also question 2.12 above.
References: H&S Sec. 5.6.7 pp. 139-40.
2.14: How can I determine the byte offset of a field within a
structure?
A: ANSI C defines the offsetof() macro, which should be used if
available; see <stddef.h>. If you don't have it, one possible
implementation is
#define offsetof(type, mem) ((size_t) \
((char *)&((type *)0)->mem - (char *)(type *)0))
This implementation is not 100% portable; some compilers may
legitimately refuse to accept it.
See question 2.15 below for a usage hint.
References: ISO Sec. 7.1.6; Rationale Sec. 3.5.4.2; H&S
Sec. 11.1 pp. 292-3.
2.15: How can I access structure fields by name at run time?
A: Build a table of names and offsets, using the offsetof() macro.
The offset of field b in struct a is
offsetb = offsetof(struct a, b)
If structp is a pointer to an instance of this structure, and
field b is an int (with offset as computed above), b's value can
be set indirectly with
*(int *)((char *)structp + offsetb) = value;
2.18: This program works correctly, but it dumps core after it
finishes. Why?
struct list {
char *item;
struct list *next;
}
/* Here is the main program. */
main(argc, argv)
{ ... }
A: A missing semicolon causes main() to be declared as returning a
structure. (The connection is hard to see because of the
intervening comment.) Since structure-valued functions are
usually implemented by adding a hidden return pointer, the
generated code for main() tries to accept three arguments,
although only two are passed (in this case, by the C start-up
code). See also questions 10.9 and 16.4.
References: CT&P Sec. 2.3 pp. 21-2.
2.20: Can I initialize unions?
A: The current C Standard allows an initializer for the first-named
member of a union. C9X will introduce "designated initializers"
which can be used to initialize any member.
References: K&R2 Sec. 6.8 pp. 148-9; ISO Sec. 6.5.7; C9X
Sec. 6.5.8; H&S Sec. 4.6.7 p. 100.
2.22: What is the difference between an enumeration and a set of
preprocessor #defines?
A: At the present time, there is little difference. The C Standard
says that enumerations may be freely intermixed with other
integral types, without errors. (If, on the other hand, such
intermixing were disallowed without explicit casts, judicious
use of enumerations could catch certain programming errors.)
Some advantages of enumerations are that the numeric values are
automatically assigned, that a debugger may be able to display
the symbolic values when enumeration variables are examined, and
that they obey block scope. (A compiler may also generate
nonfatal warnings when enumerations and integers are
indiscriminately mixed, since doing so can still be considered
bad style even though it is not strictly illegal.) A
disadvantage is that the programmer has little control over
those nonfatal warnings; some programmers also resent not having
control over the sizes of enumeration variables.
References: K&R2 Sec. 2.3 p. 39, Sec. A4.2 p. 196; ISO
Sec. 6.1.2.5, Sec. 6.5.2, Sec. 6.5.2.2, Annex F; H&S Sec. 5.5
pp. 127-9, Sec. 5.11.2 p. 153.
2.24: Is there an easy way to print enumeration values symbolically?
A: No. You can write a little function to map an enumeration
constant to a string. (For debugging purposes, a good debugger
should automatically print enumeration constants symbolically.)
Section 3. Expressions
3.1: Why doesn't this code:
a[i] = i++;
work?
A: The subexpression i++ causes a side effect -- it modifies i's
value -- which leads to undefined behavior since i is also
referenced elsewhere in the same expression, and there's no way
to determine whether the reference (in a[i] on the left-hand
side) should be to the old or the new value. (Note that
although the language in K&R suggests that the behavior of this
expression is unspecified, the C Standard makes the stronger
statement that it is undefined -- see question 11.33.)
References: K&R1 Sec. 2.12; K&R2 Sec. 2.12; ISO Sec. 6.3; H&S
Sec. 7.12 pp. 227-9.
3.2: Under my compiler, the code
int i = 7;
printf("%d\n", i++ * i++);
prints 49. Regardless of the order of evaluation, shouldn't it
print 56?
A: Although the postincrement and postdecrement operators ++ and --
perform their operations after yielding the former value, the
implication of "after" is often misunderstood. It is *not*
guaranteed that an increment or decrement is performed
immediately after giving up the previous value and before any
other part of the expression is evaluated. It is merely
guaranteed that the update will be performed sometime before the
expression is considered "finished" (before the next "sequence
point," in ANSI C's terminology; see question 3.8). In the
example, the compiler chose to multiply the previous value by
itself and to perform both increments afterwards.
The behavior of code which contains multiple, ambiguous side
effects has always been undefined. (Loosely speaking, by
"multiple, ambiguous side effects" we mean any combination of
++, --, =, +=, -=, etc. in a single expression which causes the
same object either to be modified twice or modified and then
inspected. This is a rough definition; see question 3.8 for a
precise one, and question 11.33 for the meaning of "undefined.")
Don't even try to find out how your compiler implements such
things (contrary to the ill-advised exercises in many C
textbooks); as K&R wisely point out, "if you don't know *how*
they are done on various machines, that innocence may help to
protect you."
References: K&R1 Sec. 2.12 p. 50; K&R2 Sec. 2.12 p. 54; ISO
Sec. 6.3; H&S Sec. 7.12 pp. 227-9; CT&P Sec. 3.7 p. 47; PCS
Sec. 9.5 pp. 120-1.
3.3: I've experimented with the code
int i = 3;
i = i++;
on several compilers. Some gave i the value 3, and some gave 4.
Which compiler is correct?
A: There is no correct answer; the expression is undefined. See
questions 3.1, 3.8, 3.9, and 11.33. (Also, note that neither
i++ nor ++i is the same as i+1. If you want to increment i,
use i=i+1, i+=1, i++, or ++i, not some combination. See also
question 3.12.)
3.3b: Here's a slick expression:
a ^= b ^= a ^= b
It swaps a and b without using a temporary.
A: Not portably, it doesn't. It attempts to modify the variable a
twice between sequence points, so its behavior is undefined.
For example, it has been reported that when given the code
int a = 123, b = 7654;
a ^= b ^= a ^= b;
the SCO Optimizing C compiler (icc) sets b to 123 and a to 0.
See also questions 3.1, 3.8, 10.3, and 20.15c.
3.4: Can I use explicit parentheses to force the order of evaluation
I want? Even if I don't, doesn't precedence dictate it?
A: Not in general.
Operator precedence and explicit parentheses impose only a
partial ordering on the evaluation of an expression. In the
expression
f() + g() * h()
although we know that the multiplication will happen before the
addition, there is no telling which of the three functions will
be called first.
When you need to ensure the order of subexpression evaluation,
you may need to use explicit temporary variables and separate
statements.
References: K&R1 Sec. 2.12 p. 49, Sec. A.7 p. 185; K&R2
Sec. 2.12 pp. 52-3, Sec. A.7 p. 200.
3.5: But what about the && and || operators?
I see code like "while((c = getchar()) != EOF && c != '\n')" ...
A: There is a special "short-circuiting" exception for those
operators. The right-hand side is not evaluated if the left-
hand side determines the outcome (i.e. is true for || or false
for &&). Therefore, left-to-right evaluation is guaranteed, as
it also is for the comma operator. Furthermore, all of these
operators (along with ?:) introduce an extra internal sequence
point (see question 3.8).
References: K&R1 Sec. 2.6 p. 38, Secs. A7.11-12 pp. 190-1; K&R2
Sec. 2.6 p. 41, Secs. A7.14-15 pp. 207-8; ISO Sec. 6.3.13,
Sec. 6.3.14, Sec. 6.3.15; H&S Sec. 7.7 pp. 217-8, Sec. 7.8 pp.
218-20, Sec. 7.12.1 p. 229; CT&P Sec. 3.7 pp. 46-7.
3.8: How can I understand these complex expressions? What's a
"sequence point"?
A: A sequence point is a point in time (at the end of the
evaluation of a full expression, or at the ||, &&, ?:, or comma
operators, or just before a function call) at which the dust
has settled and all side effects are guaranteed to be complete.
The ANSI/ISO C Standard states that
Between the previous and next sequence point an
object shall have its stored value modified at
most once by the evaluation of an expression.
Furthermore, the prior value shall be accessed
only to determine the value to be stored.
The second sentence can be difficult to understand. It says
that if an object is written to within a full expression, any
and all accesses to it within the same expression must be for
the purposes of computing the value to be written. This rule
effectively constrains legal expressions to those in which the
accesses demonstrably precede the modification.
See also question 3.9 below.
References: ISO Sec. 5.1.2.3, Sec. 6.3, Sec. 6.6, Annex C;
Rationale Sec. 2.1.2.3; H&S Sec. 7.12.1 pp. 228-9.
3.9: So given
a[i] = i++;
we don't know which cell of a[] gets written to, but i does get
incremented by one, right?
A: *No*. Once an expression or program becomes undefined, *all*
aspects of it become undefined. See questions 3.2, 3.3, 11.33,
and 11.35.
3.12: If I'm not using the value of the expression, should I use i++
or ++i to increment a variable?
A: Since the two forms differ only in the value yielded, they are
entirely equivalent when only their side effect is needed.
(However, the prefix form is preferred in C++.) See also
question 3.3.
References: K&R1 Sec. 2.8 p. 43; K&R2 Sec. 2.8 p. 47; ISO
Sec. 6.3.2.4, Sec. 6.3.3.1; H&S Sec. 7.4.4 pp. 192-3, Sec. 7.5.8
pp. 199-200.
3.14: Why doesn't the code
int a = 1000, b = 1000;
long int c = a * b;
work?
A: Under C's integral promotion rules, the multiplication is
carried out using int arithmetic, and the result may overflow or
be truncated before being promoted and assigned to the long int
left-hand side. Use an explicit cast to force long arithmetic:
long int c = (long int)a * b;
Note that (long int)(a * b) would *not* have the desired effect.
A similar problem can arise when two integers are divided, with
the result assigned to a floating-point variable; the solution
is similar, too.
References: K&R1 Sec. 2.7 p. 41; K&R2 Sec. 2.7 p. 44; ISO
Sec. 6.2.1.5; H&S Sec. 6.3.4 p. 176; CT&P Sec. 3.9 pp. 49-50.
3.16: I have a complicated expression which I have to assign to one of
two variables, depending on a condition. Can I use code like
this?
((condition) ? a : b) = complicated_expression;
A: No. The ?: operator, like most operators, yields a value, and
you can't assign to a value. (In other words, ?: does not yield
an "lvalue".) If you really want to, you can try something like
*((condition) ? &a : &b) = complicated_expression;
although this is admittedly not as pretty.
References: ISO Sec. 6.3.15; H&S Sec. 7.1 pp. 179-180.
Section 4. Pointers
4.2: I'm trying to declare a pointer and allocate some space for it,
but it's not working. What's wrong with this code?
char *p;
*p = malloc(10);
A: The pointer you declared is p, not *p. To make a pointer point
somewhere, you just use the name of the pointer:
p = malloc(10);
It's when you're manipulating the pointed-to memory that you use
* as an indirection operator:
*p = 'H';
See also questions 1.21, 7.1, 7.3c, and 8.3.
References: CT&P Sec. 3.1 p. 28.
4.3: Does *p++ increment p, or what it points to?
A: Postfix ++ essentially has higher precedence than the prefix
unary operators. Therefore, *p++ is equivalent to *(p++); it
increments p, and returns the value which p pointed to before p
was incremented. To increment the value pointed to by p, use
(*p)++ (or perhaps ++*p, if the order of the side effect doesn't
matter).
References: K&R1 Sec. 5.1 p. 91; K&R2 Sec. 5.1 p. 95; ISO
Sec. 6.3.2, Sec. 6.3.3; H&S Sec. 7.4.4 pp. 192-3, Sec. 7.5 p.
193, Secs. 7.5.7,7.5.8 pp. 199-200.
4.5: I have a char * pointer that happens to point to some ints, and
I want to step it over them. Why doesn't
((int *)p)++;
work?
A: In C, a cast operator does not mean "pretend these bits have a
different type, and treat them accordingly"; it is a conversion
operator, and by definition it yields an rvalue, which cannot be
assigned to, or incremented with ++. (It is either an accident
or a delibrate but nonstandard extension if a particular
compiler accepts expressions such as the above.) Say what you
mean: use
p = (char *)((int *)p + 1);
or (since p is a char *) simply
p += sizeof(int);
Whenever possible, you should choose appropriate pointer types
in the first place, instead of trying to treat one type as
another.
References: K&R2 Sec. A7.5 p. 205; ISO Sec. 6.3.4; Rationale
Sec. 3.3.2.4; H&S Sec. 7.1 pp. 179-80.
4.8: I have a function which accepts, and is supposed to initialize,
a pointer:
void f(int *ip)
{
static int dummy = 5;
ip = &dummy;
}
But when I call it like this:
int *ip;
f(ip);
the pointer in the caller remains unchanged.
A: Are you sure the function initialized what you thought it did?
Remember that arguments in C are passed by value. The called
function altered only the passed copy of the pointer. You'll
either want to pass the address of the pointer (the function
will end up accepting a pointer-to-a-pointer), or have the
function return the pointer.
See also questions 4.9 and 4.11.
4.9: Can I use a void ** pointer as a parameter so that a function
can accept a generic pointer by reference?
A: Not portably. There is no generic pointer-to-pointer type in C.
void * acts as a generic pointer only because conversions are
applied automatically when other pointer types are assigned to
and from void *'s; these conversions cannot be performed (the
correct underlying pointer type is not known) if an attempt is
made to indirect upon a void ** value which points at a pointer
type other than void *.
4.10: I have a function
extern int f(int *);
which accepts a pointer to an int. How can I pass a constant by
reference? A call like
f(&5);
doesn't seem to work.
A: You can't do this directly. You will have to declare a
temporary variable, and then pass its address to the function:
int five = 5;
f(&five);
See also questions 2.10, 4.8, and 20.1.
4.11: Does C even have "pass by reference"?
A: Not really. Strictly speaking, C always uses pass by value.
You can simulate pass by reference yourself, by defining
functions which accept pointers and then using the & operator
when calling, and the compiler will essentially simulate it for
you when you pass an array to a function (by passing a pointer
instead, see question 6.4 et al.). However, C has nothing truly
equivalent to formal pass by reference or C++ reference
parameters. (On the other hand, function-like preprocessor
macros can provide a form of "pass by name".)
See also questions 4.8 and 20.1.
References: K&R1 Sec. 1.8 pp. 24-5, Sec. 5.2 pp. 91-3; K&R2
Sec. 1.8 pp. 27-8, Sec. 5.2 pp. 95-7; ISO Sec. 6.3.2.2; H&S
Sec. 9.5 pp. 273-4.
4.12: I've seen different methods used for calling functions via
pointers. What's the story?
A: Originally, a pointer to a function had to be "turned into" a
"real" function, with the * operator (and an extra pair of
parentheses, to keep the precedence straight), before calling:
int r, func(), (*fp)() = func;
r = (*fp)();
It can also be argued that functions are always called via
pointers, and that "real" function names always decay implicitly
into pointers (in expressions, as they do in initializations;
see question 1.34). This reasoning (which is in fact used in
the ANSI standard) means that
r = fp();
is legal and works correctly, whether fp is the name of a
function or a pointer to one. (The usage has always been
unambiguous; there is nothing you ever could have done with a
function pointer followed by an argument list except call the
function pointed to.) An explicit * is still allowed.
See also question 1.34.
References: K&R1 Sec. 5.12 p. 116; K&R2 Sec. 5.11 p. 120; ISO
Sec. 6.3.2.2; Rationale Sec. 3.3.2.2; H&S Sec. 5.8 p. 147,
Sec. 7.4.3 p. 190.
Section 5. Null Pointers
5.1: What is this infamous null pointer, anyway?
A: The language definition states that for each pointer type, there
is a special value -- the "null pointer" -- which is
distinguishable from all other pointer values and which is
"guaranteed to compare unequal to a pointer to any object or
function." That is, the address-of operator & will never yield
a null pointer, nor will a successful call to malloc().
(malloc() does return a null pointer when it fails, and this is
a typical use of null pointers: as a "special" pointer value
with some other meaning, usually "not allocated" or "not
pointing anywhere yet.")
A null pointer is conceptually different from an uninitialized
pointer. A null pointer is known not to point to any object or
function; an uninitialized pointer might point anywhere. See
also questions 1.30, 7.1, and 7.31.
As mentioned above, there is a null pointer for each pointer
type, and the internal values of null pointers for different
types may be different. Although programmers need not know the
internal values, the compiler must always be informed which type
of null pointer is required, so that it can make the distinction
if necessary (see questions 5.2, 5.5, and 5.6 below).
References: K&R1 Sec. 5.4 pp. 97-8; K&R2 Sec. 5.4 p. 102; ISO
Sec. 6.2.2.3; Rationale Sec. 3.2.2.3; H&S Sec. 5.3.2 pp. 121-3.
5.2: How do I get a null pointer in my programs?
A: According to the language definition, a constant 0 in a pointer
context is converted into a null pointer at compile time. That
is, in an initialization, assignment, or comparison when one
side is a variable or expression of pointer type, the compiler
can tell that a constant 0 on the other side requests a null
pointer, and generate the correctly-typed null pointer value.
Therefore, the following fragments are perfectly legal:
char *p = 0;
if(p != 0)
(See also question 5.3.)
However, an argument being passed to a function is not
necessarily recognizable as a pointer context, and the compiler
may not be able to tell that an unadorned 0 "means" a null
pointer. To generate a null pointer in a function call context,
an explicit cast may be required, to force the 0 to be
recognized as a pointer. For example, the Unix system call
execl takes a variable-length, null-pointer-terminated list of
character pointer arguments, and is correctly called like this:
execl("/bin/sh", "sh", "-c", "date", (char *)0);
If the (char *) cast on the last argument were omitted, the
compiler would not know to pass a null pointer, and would pass
an integer 0 instead. (Note that many Unix manuals get this
example wrong.)
When function prototypes are in scope, argument passing becomes
an "assignment context," and most casts may safely be omitted,
since the prototype tells the compiler that a pointer is
required, and of which type, enabling it to correctly convert an
unadorned 0. Function prototypes cannot provide the types for
variable arguments in variable-length argument lists however, so
explicit casts are still required for those arguments. (See
also question 15.3.) It is probably safest to properly cast
all null pointer constants in function calls, to guard against
varargs functions or those without prototypes.
Summary:
Unadorned 0 okay: Explicit cast required:
initialization function call,
no prototype in scope
assignment
variable argument in
comparison varargs function call
function call,
prototype in scope,
fixed argument
References: K&R1 Sec. A7.7 p. 190, Sec. A7.14 p. 192; K&R2
Sec. A7.10 p. 207, Sec. A7.17 p. 209; ISO Sec. 6.2.2.3; H&S
Sec. 4.6.3 p. 95, Sec. 6.2.7 p. 171.
5.3: Is the abbreviated pointer comparison "if(p)" to test for non-
null pointers valid? What if the internal representation for
null pointers is nonzero?
A: When C requires the Boolean value of an expression, a false
value is inferred when the expression compares equal to zero,
and a true value otherwise. That is, whenever one writes
if(expr)
where "expr" is any expression at all, the compiler essentially
acts as if it had been written as
if((expr) != 0)
Substituting the trivial pointer expression "p" for "expr", we
have
if(p) is equivalent to if(p != 0)
and this is a comparison context, so the compiler can tell that
the (implicit) 0 is actually a null pointer constant, and use
the correct null pointer value. There is no trickery involved
here; compilers do work this way, and generate identical code
for both constructs. The internal representation of a null
pointer does *not* matter.
The boolean negation operator, !, can be described as follows:
!expr is essentially equivalent to (expr)?0:1
or to ((expr) == 0)
which leads to the conclusion that
if(!p) is equivalent to if(p == 0)
"Abbreviations" such as if(p), though perfectly legal, are
considered by some to be bad style (and by others to be good
style; see question 17.10).
See also question 9.2.
References: K&R2 Sec. A7.4.7 p. 204; ISO Sec. 6.3.3.3,
Sec. 6.3.9, Sec. 6.3.13, Sec. 6.3.14, Sec. 6.3.15, Sec. 6.6.4.1,
Sec. 6.6.5; H&S Sec. 5.3.2 p. 122.
5.4: What is NULL and how is it #defined?
A: As a matter of style, many programmers prefer not to have
unadorned 0's scattered through their programs. Therefore, the
preprocessor macro NULL is #defined (by <stdio.h> and several
other headers) with the value 0, possibly cast to (void *) (see
also question 5.6). A programmer who wishes to make explicit
the distinction between 0 the integer and 0 the null pointer
constant can then use NULL whenever a null pointer is required.
Using NULL is a stylistic convention only; the preprocessor
turns NULL back into 0 which is then recognized by the compiler,
in pointer contexts, as before. In particular, a cast may still
be necessary before NULL (as before 0) in a function call
argument. The table under question 5.2 above applies for NULL
as well as 0 (an unadorned NULL is equivalent to an unadorned
0).
NULL should *only* be used for pointers; see question 5.9.
References: K&R1 Sec. 5.4 pp. 97-8; K&R2 Sec. 5.4 p. 102; ISO
Sec. 7.1.6, Sec. 6.2.2.3; Rationale Sec. 4.1.5; H&S Sec. 5.3.2
p. 122, Sec. 11.1 p. 292.
5.5: How should NULL be defined on a machine which uses a nonzero bit
pattern as the internal representation of a null pointer?
A: The same as on any other machine: as 0 (or some version of 0;
see question 5.4).
Whenever a programmer requests a null pointer, either by writing
"0" or "NULL", it is the compiler's responsibility to generate
whatever bit pattern the machine uses for that null pointer.
Therefore, #defining NULL as 0 on a machine for which internal
null pointers are nonzero is as valid as on any other: the
compiler must always be able to generate the machine's correct
null pointers in response to unadorned 0's seen in pointer
contexts. See also questions 5.2, 5.10, and 5.17.
References: ISO Sec. 7.1.6; Rationale Sec. 4.1.5.
5.6: If NULL were defined as follows:
#define NULL ((char *)0)
wouldn't that make function calls which pass an uncast NULL
work?
A: Not in general. The complication is that there are machines
which use different internal representations for pointers to
different types of data. The suggested definition would make
uncast NULL arguments to functions expecting pointers to
characters work correctly, but pointer arguments of other types
would still be problematical, and legal constructions such as
FILE *fp = NULL;
could fail.
Nevertheless, ANSI C allows the alternate definition
#define NULL ((void *)0)
for NULL. Besides potentially helping incorrect programs to
work (but only on machines with homogeneous pointers, thus
questionably valid assistance), this definition may catch
programs which use NULL incorrectly (e.g. when the ASCII NUL
character was really intended; see question 5.9).
References: Rationale Sec. 4.1.5.
5.9: If NULL and 0 are equivalent as null pointer constants, which
should I use?
A: Many programmers believe that NULL should be used in all pointer
contexts, as a reminder that the value is to be thought of as a
pointer. Others feel that the confusion surrounding NULL and 0
is only compounded by hiding 0 behind a macro, and prefer to use
unadorned 0 instead. There is no one right answer. (See also
questions 9.2 and 17.10.) C programmers must understand that
NULL and 0 are interchangeable in pointer contexts, and that an
uncast 0 is perfectly acceptable. Any usage of NULL (as opposed
to 0) should be considered a gentle reminder that a pointer is
involved; programmers should not depend on it (either for their
own understanding or the compiler's) for distinguishing pointer
0's from integer 0's.
NULL should *not* be used when another kind of 0 is required,
even though it might work, because doing so sends the wrong
stylistic message. (Furthermore, ANSI allows the definition of
NULL to be ((void *)0), which will not work at all in non-
pointer contexts.) In particular, do not use NULL when the
ASCII null character (NUL) is desired. Provide your own
definition
#define NUL '\0'
if you must.
References: K&R1 Sec. 5.4 pp. 97-8; K&R2 Sec. 5.4 p. 102.
5.10: But wouldn't it be better to use NULL (rather than 0), in case
the value of NULL changes, perhaps on a machine with nonzero
internal null pointers?
A: No. (Using NULL may be preferable, but not for this reason.)
Although symbolic constants are often used in place of numbers
because the numbers might change, this is *not* the reason that
NULL is used in place of 0. Once again, the language guarantees
that source-code 0's (in pointer contexts) generate null
pointers. NULL is used only as a stylistic convention. See
questions 5.5 and 9.2.
5.12: I use the preprocessor macro
#define Nullptr(type) (type *)0
to help me build null pointers of the correct type.
A: This trick, though popular and superficially attractive, does
not buy much. It is not needed in assignments or comparisons;
see question 5.2. (It does not even save keystrokes.) See also
questions 9.1 and 10.2.
5.13: This is strange. NULL is guaranteed to be 0, but the null
pointer is not?
A: When the term "null" or "NULL" is casually used, one of several
things may be meant:
1. The conceptual null pointer, the abstract language concept
defined in question 5.1. It is implemented with...
2. The internal (or run-time) representation of a null
pointer, which may or may not be all-bits-0 and which may
be different for different pointer types. The actual
values should be of concern only to compiler writers.
Authors of C programs never see them, since they use...
3. The null pointer constant, which is a constant integer 0
(see question 5.2). It is often hidden behind...
4. The NULL macro, which is #defined to be 0 (see question
5.4). Finally, as red herrings, we have...
5. The ASCII null character (NUL), which does have all bits
zero, but has no necessary relation to the null pointer
except in name; and...
6. The "null string," which is another name for the empty
string (""). Using the term "null string" can be
confusing in C, because an empty string involves a null
('\0') character, but *not* a null pointer, which brings
us full circle...
This article uses the phrase "null pointer" (in lower case) for
sense 1, the character "0" or the phrase "null pointer constant"
for sense 3, and the capitalized word "NULL" for sense 4.
5.14: Why is there so much confusion surrounding null pointers? Why
do these questions come up so often?
A: C programmers traditionally like to know more than they might
need to about the underlying machine implementation. The fact
that null pointers are represented both in source code, and
internally to most machines, as zero invites unwarranted
assumptions. The use of a preprocessor macro (NULL) may seem
to suggest that the value could change some day, or on some
weird machine. The construct "if(p == 0)" is easily misread
as calling for conversion of p to an integral type, rather
than 0 to a pointer type, before the comparison. Finally,
the distinction between the several uses of the term "null"
(listed in question 5.13 above) is often overlooked.
One good way to wade out of the confusion is to imagine that C
used a keyword (perhaps "nil", like Pascal) as a null pointer
constant. The compiler could either turn "nil" into the
appropriate type of null pointer when it could unambiguously
determine that type from the source code, or complain when it
could not. Now in fact, in C the keyword for a null pointer
constant is not "nil" but "0", which works almost as well,
except that an uncast "0" in a non-pointer context generates an
integer zero instead of an error message, and if that uncast 0
was supposed to be a null pointer constant, the code may not
work.
5.15: I'm confused. I just can't understand all this null pointer
stuff.
A: Here are two simple rules you can follow:
1. When you want a null pointer constant in source code,
use "0" or "NULL".
2. If the usage of "0" or "NULL" is an argument in a
function call, cast it to the pointer type expected by
the function being called.
The rest of the discussion has to do with other people's
misunderstandings, with the internal representation of null
pointers (which you shouldn't need to know), and with the
complexities of function prototypes. (Taking those complexities
into account, we find that rule 2 is conservative, of course;
but it doesn't hurt.) Understand questions 5.1, 5.2, and 5.4,
and consider 5.3, 5.9, 5.13, and 5.14, and you'll do fine.
5.16: Given all the confusion surrounding null pointers, wouldn't it
be easier simply to require them to be represented internally by
zeroes?
A: If for no other reason, doing so would be ill-advised because it
would unnecessarily constrain implementations which would
otherwise naturally represent null pointers by special, nonzero
bit patterns, particularly when those values would trigger
automatic hardware traps for invalid accesses.
Besides, what would such a requirement really accomplish?
Proper understanding of null pointers does not require knowledge
of the internal representation, whether zero or nonzero.
Assuming that null pointers are internally zero does not make
any code easier to write (except for a certain ill-advised usage
of calloc(); see question 7.31). Known-zero internal pointers
would not obviate casts in function calls, because the *size* of
the pointer might still be different from that of an int. (If
"nil" were used to request null pointers, as mentioned in
question 5.14 above, the urge to assume an internal zero
representation would not even arise.)
5.17: Seriously, have any actual machines really used nonzero null
pointers, or different representations for pointers to different
types?
A: The Prime 50 series used segment 07777, offset 0 for the null
pointer, at least for PL/I. Later models used segment 0, offset
0 for null pointers in C, necessitating new instructions such as
TCNP (Test C Null Pointer), evidently as a sop to all the extant
poorly-written C code which made incorrect assumptions. Older,
word-addressed Prime machines were also notorious for requiring
larger byte pointers (char *'s) than word pointers (int *'s).
The Eclipse MV series from Data General has three
architecturally supported pointer formats (word, byte, and bit
pointers), two of which are used by C compilers: byte pointers
for char * and void *, and word pointers for everything else.
Some Honeywell-Bull mainframes use the bit pattern 06000 for
(internal) null pointers.
The CDC Cyber 180 Series has 48-bit pointers consisting of a
ring, segment, and offset. Most users (in ring 11) have null
pointers of 0xB00000000000. It was common on old CDC ones-
complement machines to use an all-one-bits word as a special
flag for all kinds of data, including invalid addresses.
The old HP 3000 series uses a different addressing scheme for
byte addresses than for word addresses; like several of the
machines above it therefore uses different representations for
char * and void * pointers than for other pointers.
The Symbolics Lisp Machine, a tagged architecture, does not even
have conventional numeric pointers; it uses the pair <NIL, 0>
(basically a nonexistent <object, offset> handle) as a C null
pointer.
Depending on the "memory model" in use, 8086-family processors
(PC compatibles) may use 16-bit data pointers and 32-bit
function pointers, or vice versa.
Some 64-bit Cray machines represent int * in the lower 48 bits
of a word; char * additionally uses the upper 16 bits to
indicate a byte address within a word.
References: K&R1 Sec. A14.4 p. 211.
5.20: What does a run-time "null pointer assignment" error mean?
How can I track it down?
A: This message, which typically occurs with MS-DOS compilers, means
that you've written, via a null (perhaps because uninitialized)
pointer, to an invalid location (probably offset 0 in the
default data segment).
A debugger may let you set a data watchpoint on location 0.
Alternatively, you could write a bit of code to stash away a
copy of 20 or so bytes from location 0, and periodically check
that the memory at location 0 hasn't changed. See also question
16.8.
Section 6. Arrays and Pointers
6.1: I had the definition char a[6] in one source file, and in
another I declared extern char *a. Why didn't it work?
A: In one source file you defind an array of characters and in the
other you declared a pointer to characters. The declaration
extern char *a simply does not match the actual definition.
The type pointer-to-type-T is not the same as array-of-type-T.
Use extern char a[].
References: ISO Sec. 6.5.4.2; CT&P Sec. 3.3 pp. 33-4, Sec. 4.5
pp. 64-5.
6.2: But I heard that char a[] was identical to char *a.
A: Not at all. (What you heard has to do with formal parameters to
functions; see question 6.4.) Arrays are not pointers. The
array declaration char a[6] requests that space for six
characters be set aside, to be known by the name "a". That is,
there is a location named "a" at which six characters can sit.
The pointer declaration char *p, on the other hand, requests a
place which holds a pointer, to be known by the name "p". This
pointer can point almost anywhere: to any char, or to any
contiguous array of chars, or nowhere (see also questions 5.1
and 1.30).
As usual, a picture is worth a thousand words. The declarations
char a[] = "hello";
char *p = "world";
would initialize data structures which could be represented like
this:
+---+---+---+---+---+---+
a: | h | e | l | l | o |\0 |
+---+---+---+---+---+---+
+-----+ +---+---+---+---+---+---+
p: | *======> | w | o | r | l | d |\0 |
+-----+ +---+---+---+---+---+---+
It is important to realize that a reference like x[3] generates
different code depending on whether x is an array or a pointer.
Given the declarations above, when the compiler sees the
expression a[3], it emits code to start at the location "a",
move three past it, and fetch the character there. When it sees
the expression p[3], it emits code to start at the location "p",
fetch the pointer value there, add three to the pointer, and
finally fetch the character pointed to. In other words, a[3] is
three places past (the start of) the object *named* a, while
p[3] is three places past the object *pointed to* by p. In the
example above, both a[3] and p[3] happen to be the character
'l', but the compiler gets there differently. (The essential
difference is that the values of an array like a and a pointer
like p are computed differently *whenever* they appear in
expressions, whether or not they are being subscripted, as
explained further in the next question.)
References: K&R2 Sec. 5.5 p. 104; CT&P Sec. 4.5 pp. 64-5.
6.3: So what is meant by the "equivalence of pointers and arrays" in
C?
A: Much of the confusion surrounding arrays and pointers in C can
be traced to a misunderstanding of this statement. Saying that
arrays and pointers are "equivalent" means neither that they are
identical nor even interchangeable. What it means is that array
and pointer arithmetic is defined such that a pointer can be
conveniently used to access an array or to simulate an array.
Specifically, the cornerstone of the equivalence is this key
definition:
An lvalue of type array-of-T which appears in an
expression decays (with three exceptions) into a
pointer to its first element; the type of the
resultant pointer is pointer-to-T.
That is, whenever an array appears in an expression,
the compiler implicitly generates a pointer to the array's
first element, just as if the programmer had written &a[0].
(The exceptions are when the array is the operand of a sizeof or
& operator, or is a string literal initializer for a character
array.)
As a consequence of this definition, the compiler doesn't apply
the array subscripting operator [] that differently to arrays
and pointers, after all. In an expression of the form a[i], the
array decays into a pointer, following the rule above, and is
then subscripted just as would be a pointer variable in the
expression p[i] (although the eventual memory accesses will be
different, as explained in question 6.2). If you were to assign
the array's address to the pointer:
p = a;
then p[3] and a[3] would access the same element.
See also questions 6.8 and 6.14.
References: K&R1 Sec. 5.3 pp. 93-6; K&R2 Sec. 5.3 p. 99; ISO
Sec. 6.2.2.1, Sec. 6.3.2.1, Sec. 6.3.6; H&S Sec. 5.4.1 p. 124.
6.4: Then why are array and pointer declarations interchangeable as
function formal parameters?
A: It's supposed to be a convenience.
Since arrays decay immediately into pointers, an array is never
actually passed to a function. Allowing pointer parameters to
be declared as arrays is a simply a way of making it look as
though an array was being passed, perhaps because the parameter
will be used within the function as if it were an array.
Specifically, any parameter declarations which "look like"
arrays, e.g.
void f(char a[])
{ ... }
are treated by the compiler as if they were pointers, since that
is what the function will receive if an array is passed:
void f(char *a)
{ ... }
This conversion holds only within function formal parameter
declarations, nowhere else. If the conversion bothers you,
avoid it; many programmers have concluded that the confusion it
causes outweighs the small advantage of having the declaration
"look like" the call or the uses within the function.
See also question 6.21.
References: K&R1 Sec. 5.3 p. 95, Sec. A10.1 p. 205; K&R2
Sec. 5.3 p. 100, Sec. A8.6.3 p. 218, Sec. A10.1 p. 226; ISO
Sec. 6.5.4.3, Sec. 6.7.1, Sec. 6.9.6; H&S Sec. 9.3 p. 271; CT&P
Sec. 3.3 pp. 33-4.
6.7: How can an array be an lvalue, if you can't assign to it?
A: The ANSI C Standard defines a "modifiable lvalue," which an
array is not.
References: ISO Sec. 6.2.2.1; Rationale Sec. 3.2.2.1; H&S
Sec. 7.1 p. 179.
6.8: Practically speaking, what is the difference between arrays and
pointers?
A: Arrays automatically allocate space, but can't be relocated or
resized. Pointers must be explicitly assigned to point to
allocated space (perhaps using malloc), but can be reassigned
(i.e. pointed at different objects) at will, and have many other
uses besides serving as the base of blocks of memory.
Due to the so-called equivalence of arrays and pointers (see
question 6.3), arrays and pointers often seem interchangeable,
and in particular a pointer to a block of memory assigned by
malloc is frequently treated (and can be referenced using [])
exactly as if it were a true array. See questions 6.14 and
6.16. (Be careful with sizeof, though.)
See also questions 1.32 and 20.14.
6.9: Someone explained to me that arrays were really just constant
pointers.
A: This is a bit of an oversimplification. An array name is
"constant" in that it cannot be assigned to, but an array is
*not* a pointer, as the discussion and pictures in question 6.2
should make clear. See also questions 6.3 and 6.8.
6.11: I came across some "joke" code containing the "expression"
5["abcdef"] . How can this be legal C?
A: Yes, Virginia, array subscripting is commutative in C. This
curious fact follows from the pointer definition of array
subscripting, namely that a[e] is identical to *((a)+(e)), for
*any* two expressions a and e, as long as one of them is a
pointer expression and one is integral. This unsuspected
commutativity is often mentioned in C texts as if it were
something to be proud of, but it finds no useful application
outside of the Obfuscated C Contest (see question 20.36).
References: Rationale Sec. 3.3.2.1; H&S Sec. 5.4.1 p. 124,
Sec. 7.4.1 pp. 186-7.
6.12: Since array references decay into pointers, if arr is an array,
what's the difference between arr and &arr?
A: The type.
In Standard C, &arr yields a pointer, of type pointer-to-array-
of-T, to the entire array. (In pre-ANSI C, the & in &arr
generally elicited a warning, and was generally ignored.) Under
all C compilers, a simple reference (without an explicit &) to
an array yields a pointer, of type pointer-to-T, to the array's
first element. (See also questions 6.3, 6.13, and 6.18.)
References: ISO Sec. 6.2.2.1, Sec. 6.3.3.2; Rationale
Sec. 3.3.3.2; H&S Sec. 7.5.6 p. 198.
6.13: How do I declare a pointer to an array?
A: Usually, you don't want to. When people speak casually of a
pointer to an array, they usually mean a pointer to its first
element.
Instead of a pointer to an array, consider using a pointer to
one of the array's elements. Arrays of type T decay into
pointers to type T (see question 6.3), which is convenient;
subscripting or incrementing the resultant pointer will access
the individual members of the array. True pointers to arrays,
when subscripted or incremented, step over entire arrays, and
are generally useful only when operating on arrays of arrays, if
at all. (See question 6.18.)
If you really need to declare a pointer to an entire array, use
something like "int (*ap)[N];" where N is the size of the array.
(See also question 1.21.) If the size of the array is unknown,
N can in principle be omitted, but the resulting type, "pointer
to array of unknown size," is useless.
See also question 6.12 above.
References: ISO Sec. 6.2.2.1.
6.14: How can I set an array's size at run time?
How can I avoid fixed-sized arrays?
A: The equivalence between arrays and pointers (see question 6.3)
allows a pointer to malloc'ed memory to simulate an array
quite effectively. After executing
#include <stdlib.h>
int *dynarray;
dynarray = malloc(10 * sizeof(int));
(and if the call to malloc succeeds), you can reference
dynarray[i] (for i from 0 to 9) almost as if dynarray were a
conventional, statically-allocated array (int a[10]). The only
difference is that sizeof will not give the size of the "array".
See also questions 1.31b, 6.16, and 7.7.
6.15: How can I declare local arrays of a size matching a passed-in
array?
A: Until recently, you couldn't. Array dimensions in C
traditionally had to be compile-time constants. C9X will
introduce variable-length arrays (VLA's) which will solve this
problem; local arrays may have sizes set by variables or other
expressions, perhaps involving function parameters. (gcc has
provided parameterized arrays as an extension for some time.)
If you can't use C9X or gcc, you'll have to use malloc(), and
remember to call free() before the function returns. See also
questions 6.14, 6.16, 6.19, 7.22, and maybe 7.32.
References: ISO Sec. 6.4, Sec. 6.5.4.2; C9X Sec. 6.5.5.2.
6.16: How can I dynamically allocate a multidimensional array?
A: The traditional solution is to allocate an array of pointers,
and then initialize each pointer to a dynamically-allocated
"row." Here is a two-dimensional example:
#include <stdlib.h>
int **array1 = malloc(nrows * sizeof(int *));
for(i = 0; i < nrows; i++)
array1[i] = malloc(ncolumns * sizeof(int));
(In real code, of course, all of malloc's return values would
be checked.)
You can keep the array's contents contiguous, at the cost of
making later reallocation of individual rows more difficult,
with a bit of explicit pointer arithmetic:
int **array2 = malloc(nrows * sizeof(int *));
array2[0] = malloc(nrows * ncolumns * sizeof(int));
for(i = 1; i < nrows; i++)
array2[i] = array2[0] + i * ncolumns;
In either case, the elements of the dynamic array can be
accessed with normal-looking array subscripts: arrayx[i][j]
(for 0 <= i < nrows and 0 <= j < ncolumns).
If the double indirection implied by the above schemes is for
some reason unacceptable, you can simulate a two-dimensional
array with a single, dynamically-allocated one-dimensional
array:
int *array3 = malloc(nrows * ncolumns * sizeof(int));
However, you must now perform subscript calculations manually,
accessing the i,jth element with array3[i * ncolumns + j]. (A
macro could hide the explicit calculation, but invoking it would
require parentheses and commas which wouldn't look exactly like
multidimensional array syntax, and the macro would need access
to at least one of the dimensions, as well. See also question
6.19.)
Yet another option is to use pointers to arrays:
int (*array4)[NCOLUMNS] = malloc(nrows * sizeof(*array4));
but the syntax starts getting horrific and at most one dimension
may be specified at run time.
With all of these techniques, you may of course need to remember
to free the arrays (which may take several steps; see question
7.23) when they are no longer needed, and you cannot necessarily
intermix dynamically-allocated arrays with conventional,
statically-allocated ones (see question 6.20, and also question
6.18).
Finally, in C9X you can use a variable-length array.
All of these techniques can also be extended to three or more
dimensions.
References: C9X Sec. 6.5.5.2.
6.17: Here's a neat trick: if I write
int realarray[10];
int *array = &realarray[-1];
I can treat "array" as if it were a 1-based array.
A: Although this technique is attractive (and was used in old
editions of the book _Numerical Recipes in C_), it is not
strictly conforming to the C Standard. Pointer arithmetic
is defined only as long as the pointer points within the same
allocated block of memory, or to the imaginary "terminating"
element one past it; otherwise, the behavior is undefined,
*even if the pointer is not dereferenced*. The code above
could fail if, while subtracting the offset, an illegal
address were generated (perhaps because the address tried
to "wrap around" past the beginning of some memory segment).
References: K&R2 Sec. 5.3 p. 100, Sec. 5.4 pp. 102-3, Sec. A7.7
pp. 205-6; ISO Sec. 6.3.6; Rationale Sec. 3.2.2.3.
6.18: My compiler complained when I passed a two-dimensional array to
a function expecting a pointer to a pointer.
A: The rule (see question 6.3) by which arrays decay into pointers
is not applied recursively. An array of arrays (i.e. a two-
dimensional array in C) decays into a pointer to an array, not a
pointer to a pointer. Pointers to arrays can be confusing, and
must be treated carefully; see also question 6.13.
If you are passing a two-dimensional array to a function:
int array[NROWS][NCOLUMNS];
f(array);
the function's declaration must match:
void f(int a[][NCOLUMNS])
{ ... }
or
void f(int (*ap)[NCOLUMNS]) /* ap is a pointer to an array */
{ ... }
In the first declaration, the compiler performs the usual
implicit parameter rewriting of "array of array" to "pointer to
array" (see questions 6.3 and 6.4); in the second form the
pointer declaration is explicit. Since the called function does
not allocate space for the array, it does not need to know the
overall size, so the number of rows, NROWS, can be omitted. The
width of the array is still important, so the column dimension
NCOLUMNS (and, for three- or more dimensional arrays, the
intervening ones) must be retained.
If a function is already declared as accepting a pointer to a
pointer, it is almost certainly meaningless to pass a two-
dimensional array directly to it.
See also questions 6.12 and 6.15.
References: K&R1 Sec. 5.10 p. 110; K&R2 Sec. 5.9 p. 113; H&S
Sec. 5.4.3 p. 126.
6.19: How do I write functions which accept two-dimensional arrays
when the width is not known at compile time?
A: It's not always easy. One way is to pass in a pointer to the
[0][0] element, along with the two dimensions, and simulate
array subscripting "by hand":
void f2(int *aryp, int nrows, int ncolumns)
{ ... array[i][j] is accessed as aryp[i * ncolumns + j] ... }
This function could be called with the array from question 6.18
as
f2(&array[0][0], NROWS, NCOLUMNS);
It must be noted, however, that a program which performs
multidimensional array subscripting "by hand" in this way is not
in strict conformance with the ANSI C Standard; according to an
official interpretation, the behavior of accessing
(&array[0][0])[x] is not defined for x >= NCOLUMNS.
C9X will allow variable-length arrays, and once compilers which
accept C9X's extensions become widespread, this will probably
become the preferred solution. (gcc has supported variable-
sized arrays for some time.)
When you want to be able to use a function on multidimensional
arrays of various sizes, one solution is to simulate all the
arrays dynamically, as in question 6.16.
See also questions 6.18, 6.20, and 6.15.
References: ISO Sec. 6.3.6; C9X Sec. 6.5.5.2.
6.20: How can I use statically- and dynamically-allocated
multidimensional arrays interchangeably when passing them to
functions?
A: There is no single perfect method. Given the declarations
int array[NROWS][NCOLUMNS];
int **array1; /* ragged */
int **array2; /* contiguous */
int *array3; /* "flattened" */
int (*array4)[NCOLUMNS];
with the pointers initialized as in the code fragments in
question 6.16, and functions declared as
void f1a(int a[][NCOLUMNS], int nrows, int ncolumns);
void f1b(int (*a)[NCOLUMNS], int nrows, int ncolumns);
void f2(int *aryp, int nrows, int ncolumns);
void f3(int **pp, int nrows, int ncolumns);
where f1a() and f1b() accept conventional two-dimensional
arrays, f2() accepts a "flattened" two-dimensional array, and
f3() accepts a pointer-to-pointer, simulated array (see also
questions 6.18 and 6.19), the following calls should work as
expected:
f1a(array, NROWS, NCOLUMNS);
f1b(array, NROWS, NCOLUMNS);
f1a(array4, nrows, NCOLUMNS);
f1b(array4, nrows, NCOLUMNS);
f2(&array[0][0], NROWS, NCOLUMNS);
f2(*array, NROWS, NCOLUMNS);
f2(*array2, nrows, ncolumns);
f2(array3, nrows, ncolumns);
f2(*array4, nrows, NCOLUMNS);
f3(array1, nrows, ncolumns);
f3(array2, nrows, ncolumns);
The following calls would probably work on most systems, but
involve questionable casts, and work only if the dynamic
ncolumns matches the static NCOLUMNS:
f1a((int (*)[NCOLUMNS])(*array2), nrows, ncolumns);
f1a((int (*)[NCOLUMNS])(*array2), nrows, ncolumns);
f1b((int (*)[NCOLUMNS])array3, nrows, ncolumns);
f1b((int (*)[NCOLUMNS])array3, nrows, ncolumns);
It must again be noted that passing &array[0][0] (or,
equivalently, *array) to f2() is not strictly conforming; see
question 6.19.
If you can understand why all of the above calls work and are
written as they are, and if you understand why the combinations
that are not listed would not work, then you have a *very* good
understanding of arrays and pointers in C.
Rather than worrying about all of this, one approach to using
multidimensional arrays of various sizes is to make them *all*
dynamic, as in question 6.16. If there are no static
multidimensional arrays -- if all arrays are allocated like
array1 or array2 in question 6.16 -- then all functions can be
written like f3().
6.21: Why doesn't sizeof properly report the size of an array when the
array is a parameter to a function?
A: The compiler pretends that the array parameter was declared as a
pointer (see question 6.4), and sizeof reports the size of the
pointer.
References: H&S Sec. 7.5.2 p. 195.
Section 7. Memory Allocation
7.1: Why doesn't this fragment work?
char *answer;
printf("Type something:\n");
gets(answer);
printf("You typed \"%s\"\n", answer);
A: The pointer variable answer, which is handed to gets() as the
location into which the response should be stored, has not been
set to point to any valid storage. That is, we cannot say where
the pointer answer points. (Since local variables are not
initialized, and typically contain garbage, it is not even
guaranteed that answer starts out as a null pointer.
See questions 1.30 and 5.1.)
The simplest way to correct the question-asking program is to
use a local array, instead of a pointer, and let the compiler
worry about allocation:
#include <stdio.h>
#include <string.h>
char answer[100], *p;
printf("Type something:\n");
fgets(answer, sizeof answer, stdin);
if((p = strchr(answer, '\n')) != NULL)
*p = '\0';
printf("You typed \"%s\"\n", answer);
This example also uses fgets() instead of gets(), so that the
end of the array cannot be overwritten. (See question 12.23.
Unfortunately for this example, fgets() does not automatically
delete the trailing \n, as gets() would.) It would also be
possible to use malloc() to allocate the answer buffer.
7.2: I can't get strcat() to work. I tried
char *s1 = "Hello, ";
char *s2 = "world!";
char *s3 = strcat(s1, s2);
but I got strange results.
A: As in question 7.1 above, the main problem here is that space
for the concatenated result is not properly allocated. C does
not provide an automatically-managed string type. C compilers
only allocate memory for objects explicitly mentioned in the
source code (in the case of strings, this includes character
arrays and string literals). The programmer must arrange for
sufficient space for the results of run-time operations such as
string concatenation, typically by declaring arrays, or by
calling malloc().
strcat() performs no allocation; the second string is appended
to the first one, in place. Therefore, one fix would be to
declare the first string as an array:
char s1[20] = "Hello, ";
Since strcat() returns the value of its first argument (s1, in
this case), the variable s3 is superfluous; after the call to
strcat(), s1 contains the result.
The original call to strcat() in the question actually has two
problems: the string literal pointed to by s1, besides not being
big enough for any concatenated text, is not necessarily
writable at all. See question 1.32.
References: CT&P Sec. 3.2 p. 32.
7.3: But the man page for strcat() says that it takes two char *'s as
arguments. How am I supposed to know to allocate things?
A: In general, when using pointers you *always* have to consider
memory allocation, if only to make sure that the compiler is
doing it for you. If a library function's documentation does
not explicitly mention allocation, it is usually the caller's
problem.
The Synopsis section at the top of a Unix-style man page or in
the ANSI C standard can be misleading. The code fragments
presented there are closer to the function definitions used by
an implementor than the invocations used by the caller. In
particular, many functions which accept pointers (e.g. to
structures or strings) are usually called with a pointer to some
object (a structure, or an array -- see questions 6.3 and 6.4)
which the caller has allocated. Other common examples are
time() (see question 13.12) and stat().
7.3b: I just tried the code
char *p;
strcpy(p, "abc");
and it worked. How? Why didn't it crash?
A: You got lucky, I guess. The memory pointed to by the
unitialized pointer p happened to be writable by you,
and apparently was not already in use for anything vital.
7.3c: How much memory does a pointer variable allocate?
A: That's a pretty misleading question. When you declare
a pointer variable, as in
char *p;
you (or, more properly, the compiler) have allocated only enough
memory to hold the pointer itself; that is, in this case you
have allocated sizeof(char *) bytes of memory. But you have
not yet allocated *any* memory for the pointer to point to.
See also questions 7.1 and 7.2.
7.5a: I have a function that is supposed to return a string, but when
it returns to its caller, the returned string is garbage.
A: Make sure that the pointed-to memory is properly allocated.
For example, make sure you have *not* done something like
char *itoa(int n)
{
char retbuf[20]; /* WRONG */
sprintf(retbuf, "%d", n);
return retbuf; /* WRONG */
}
One fix (which is imperfect, especially if the function in
question is called recursively, or if several of its return
values are needed simultaneously) would be to declare the return
buffer as
static char retbuf[20];
See also questions 7.5b, 12.21, and 20.1.
References: ISO Sec. 6.1.2.4.
7.5b: So what's the right way to return a string or other aggregate?
A: The returned pointer should be to a statically-allocated buffer,
or to a buffer passed in by the caller, or to memory obtained
with malloc(), but *not* to a local (automatic) array.
See also question 20.1.
7.6: Why am I getting "warning: assignment of pointer from integer
lacks a cast" for calls to malloc()?
A: Have you #included <stdlib.h>, or otherwise arranged for
malloc() to be declared properly? See also question 1.25.
References: H&S Sec. 4.7 p. 101.
7.7: Why does some code carefully cast the values returned by malloc
to the pointer type being allocated?
A: Before ANSI/ISO Standard C introduced the void * generic pointer
type, these casts were typically required to silence warnings
(and perhaps induce conversions) when assigning between
incompatible pointer types.
Under ANSI/ISO Standard C, these casts are no longer necessary,
and in fact modern practice discourages them, since they can
camouflage important warnings which would otherwise be generated
if malloc() happened not to be declared correctly; see question
7.6 above. (However, the casts are typically seen in C code
which for one reason or another is intended to be compatible
with C++, where explicit casts from void * are required.)
References: H&S Sec. 16.1 pp. 386-7.
7.8: I see code like
char *p = malloc(strlen(s) + 1);
strcpy(p, s);
Shouldn't that be malloc((strlen(s) + 1) * sizeof(char))?
A: It's never necessary to multiply by sizeof(char), since
sizeof(char) is, by definition, exactly 1. (On the other
hand, multiplying by sizeof(char) doesn't hurt, and in some
circumstances may help by introducing a size_t into the
expression.) See also question 8.9.
References: ISO Sec. 6.3.3.4; H&S Sec. 7.5.2 p. 195.
7.14: I've heard that some operating systems don't actually allocate
malloc'ed memory until the program tries to use it. Is this
legal?
A: It's hard to say. The Standard doesn't say that systems can act
this way, but it doesn't explicitly say that they can't, either.
References: ISO Sec. 7.10.3.
7.16: I'm allocating a large array for some numeric work, using the
line
double *array = malloc(300 * 300 * sizeof(double));
malloc() isn't returning null, but the program is acting
strangely, as if it's overwriting memory, or malloc() isn't
allocating as much as I asked for, or something.
A: Notice that 300 x 300 is 90,000, which will not fit in a 16-bit
int, even before you multiply it by sizeof(double). If you
need to allocate this much memory, you'll have to be careful.
If size_t (the type accepted by malloc()) is a 32-bit type on
your machine, but int is 16 bits, you might be able to get away
with writing 300 * (300 * sizeof(double)) (see question 3.14).
Otherwise, you'll have to break your data structure up into
smaller chunks, or use a 32-bit machine or compiler, or use
some nonstandard memory allocation functions. See also
question 19.23.
7.17: I've got 8 meg of memory in my PC. Why can I only seem to
malloc 640K or so?
A: Under the segmented architecture of PC compatibles, it can be
difficult to use more than 640K with any degree of transparency,
especially under MS-DOS. See also question 19.23.
7.19: My program is crashing, apparently somewhere down inside malloc,
but I can't see anything wrong with it. Is there a bug in
malloc()?
A: It is unfortunately very easy to corrupt malloc's internal data
structures, and the resulting problems can be stubborn. The
most common source of problems is writing more to a malloc'ed
region than it was allocated to hold; a particularly common bug
is to malloc(strlen(s)) instead of strlen(s) + 1. Other
problems may involve using pointers to memory that has been
freed, freeing pointers twice, freeing pointers not obtained
from malloc, or trying to realloc a null pointer (see question
7.30).
See also questions 7.26, 16.8, and 18.2.
7.20: You can't use dynamically-allocated memory after you free it,
can you?
A: No. Some early documentation for malloc() stated that the
contents of freed memory were "left undisturbed," but this ill-
advised guarantee was never universal and is not required by the
C Standard.
Few programmers would use the contents of freed memory
deliberately, but it is easy to do so accidentally. Consider
the following (correct) code for freeing a singly-linked list:
struct list *listp, *nextp;
for(listp = base; listp != NULL; listp = nextp) {
nextp = listp->next;
free(listp);
}
and notice what would happen if the more-obvious loop iteration
expression listp = listp->next were used, without the temporary
nextp pointer.
References: K&R2 Sec. 7.8.5 p. 167; ISO Sec. 7.10.3; Rationale
Sec. 4.10.3.2; H&S Sec. 16.2 p. 387; CT&P Sec. 7.10 p. 95.
7.21: Why isn't a pointer null after calling free()?
How unsafe is it to use (assign, compare) a pointer value after
it's been freed?
A: When you call free(), the memory pointed to by the passed
pointer is freed, but the value of the pointer in the caller
probably remains unchanged, because C's pass-by-value semantics
mean that called functions never permanently change the values
of their arguments. (See also question 4.8.)
A pointer value which has been freed is, strictly speaking,
invalid, and *any* use of it, even if is not dereferenced, can
theoretically lead to trouble, though as a quality of
implementation issue, most implementations will probably not go
out of their way to generate exceptions for innocuous uses of
invalid pointers.
References: ISO Sec. 7.10.3; Rationale Sec. 3.2.2.3.
7.22: When I call malloc() to allocate memory for a pointer which is
local to a function, do I have to explicitly free() it?
A: Yes. Remember that a pointer is different from what it points
to. Local variables are deallocated when the function returns,
but in the case of a pointer variable, this means that the
pointer is deallocated, *not* what it points to. Memory
allocated with malloc() always persists until you explicitly
free it. In general, for every call to malloc(), there should
be a corresponding call to free().
7.23: I'm allocating structures which contain pointers to other
dynamically-allocated objects. When I free a structure, do I
also have to free each subsidiary pointer?
A: Yes. In general, you must arrange that each pointer returned
from malloc() be individually passed to free(), exactly once (if
it is freed at all). A good rule of thumb is that for each call
to malloc() in a program, you should be able to point at the
call to free() which frees the memory allocated by that malloc()
call.
See also question 7.24.
7.24: Must I free allocated memory before the program exits?
A: You shouldn't have to. A real operating system definitively
reclaims all memory and other resources when a program exits.
Nevertheless, some personal computers are said not to reliably
recover memory, and all that can be inferred from the ANSI/ISO C
Standard is that this is a "quality of implementation issue."
References: ISO Sec. 7.10.3.2.
7.25: I have a program which mallocs and later frees a lot of memory,
but I can see from the operating system that memory usage
doesn't actually go back down.
A: Most implementations of malloc/free do not return freed memory
to the operating system, but merely make it available for future
malloc() calls within the same program.
7.26: How does free() know how many bytes to free?
A: The malloc/free implementation remembers the size of each block
as it is allocated, so it is not necessary to remind it of the
size when freeing.
7.27: So can I query the malloc package to find out how big an
allocated block is?
A: Unfortunately, there is no standard or portable way.
7.30: Is it legal to pass a null pointer as the first argument to
realloc()? Why would you want to?
A: ANSI C sanctions this usage (and the related realloc(..., 0),
which frees), although several earlier implementations do not
support it, so it may not be fully portable. Passing an
initially-null pointer to realloc() can make it easier to write
a self-starting incremental allocation algorithm.
References: ISO Sec. 7.10.3.4; H&S Sec. 16.3 p. 388.
7.31: What's the difference between calloc() and malloc()? Is it safe
to take advantage of calloc's zero-filling? Does free() work
on memory allocated with calloc(), or do you need a cfree()?
A: calloc(m, n) is essentially equivalent to
p = malloc(m * n);
memset(p, 0, m * n);
The zero fill is all-bits-zero, and does *not* therefore
guarantee useful null pointer values (see section 5 of this
list) or floating-point zero values. free() is properly used to
free the memory allocated by calloc().
References: ISO Sec. 7.10.3 to 7.10.3.2; H&S Sec. 16.1 p. 386,
Sec. 16.2 p. 386; PCS Sec. 11 pp. 141,142.
7.32: What is alloca() and why is its use discouraged?
A: alloca() allocates memory which is automatically freed when the
function which called alloca() returns. That is, memory
allocated with alloca is local to a particular function's "stack
frame" or context.
alloca() cannot be written portably, and is difficult to
implement on machines without a conventional stack. Its use is
problematical (and the obvious implementation on a stack-based
machine fails) when its return value is passed directly to
another function, as in fgets(alloca(100), 100, stdin).
For these reasons, alloca() is not Standard and cannot be used
in programs which must be widely portable, no matter how useful
it might be.
See also question 7.22.
References: Rationale Sec. 4.10.3.
Section 8. Characters and Strings
8.1: Why doesn't
strcat(string, '!');
work?
A: There is a very real difference between characters and strings,
and strcat() concatenates *strings*.
Characters in C are represented by small integers corresponding
to their character set values (see also question 8.6 below).
Strings are represented by arrays of characters; you usually
manipulate a pointer to the first character of the array. It is
never correct to use one when the other is expected. To append
a ! to a string, use
strcat(string, "!");
See also questions 1.32, 7.2, and 16.6.
References: CT&P Sec. 1.5 pp. 9-10.
8.2: I'm checking a string to see if it matches a particular value.
Why isn't this code working?
char *string;
...
if(string == "value") {
/* string matches "value" */
...
}
A: Strings in C are represented as arrays of characters, and C
never manipulates (assigns, compares, etc.) arrays as a whole.
The == operator in the code fragment above compares two pointers
-- the value of the pointer variable string and a pointer to the
string literal "value" -- to see if they are equal, that is, if
they point to the same place. They probably don't, so the
comparison never succeeds.
To compare two strings, you generally use the library function
strcmp():
if(strcmp(string, "value") == 0) {
/* string matches "value" */
...
}
8.3: If I can say
char a[] = "Hello, world!";
why can't I say
char a[14];
a = "Hello, world!";
A: Strings are arrays, and you can't assign arrays directly. Use
strcpy() instead:
strcpy(a, "Hello, world!");
See also questions 1.32, 4.2, and 7.2.
8.6: How can I get the numeric (character set) value corresponding to
a character, or vice versa?
A: In C, characters are represented by small integers corresponding
to their values (in the machine's character set), so you don't
need a conversion function: if you have the character, you have
its value.
8.9: I think something's wrong with my compiler: I just noticed that
sizeof('a') is 2, not 1 (i.e. not sizeof(char)).
A: Perhaps surprisingly, character constants in C are of type int,
so sizeof('a') is sizeof(int) (though this is another area
where C++ differs). See also question 7.8.
References: ISO Sec. 6.1.3.4; H&S Sec. 2.7.3 p. 29.
Section 9. Boolean Expressions and Variables
9.1: What is the right type to use for Boolean values in C? Why
isn't it a standard type? Should I use #defines or enums for
the true and false values?
A: C does not provide a standard Boolean type, in part because
picking one involves a space/time tradeoff which can best be
decided by the programmer. (Using an int may be faster, while
using char may save data space. Smaller types may make the
generated code bigger or slower, though, if they require lots of
conversions to and from int.)
The choice between #defines and enumeration constants for the
true/false values is arbitrary and not terribly interesting (see
also questions 2.22 and 17.10). Use any of
#define TRUE 1 #define YES 1
#define FALSE 0 #define NO 0
enum bool {false, true}; enum bool {no, yes};
or use raw 1 and 0, as long as you are consistent within one
program or project. (An enumeration may be preferable if your
debugger shows the names of enumeration constants when examining
variables.)
Some people prefer variants like
#define TRUE (1==1)
#define FALSE (!TRUE)
or define "helper" macros such as
#define Istrue(e) ((e) != 0)
These don't buy anything (see question 9.2 below; see also
questions 5.12 and 10.2).
9.2: Isn't #defining TRUE to be 1 dangerous, since any nonzero value
is considered "true" in C? What if a built-in logical or
relational operator "returns" something other than 1?
A: It is true (sic) that any nonzero value is considered true in C,
but this applies only "on input", i.e. where a Boolean value is
expected. When a Boolean value is generated by a built-in
operator, it is guaranteed to be 1 or 0. Therefore, the test
if((a == b) == TRUE)
would work as expected (as long as TRUE is 1), but it is
obviously silly. In fact, explicit tests against TRUE and
FALSE are generally inappropriate, because some library
functions (notably isupper(), isalpha(), etc.) return,
on success, a nonzero value which is not necessarily 1.
(Besides, if you believe that "if((a == b) == TRUE)" is
an improvement over "if(a == b)", why stop there? Why not
use "if(((a == b) == TRUE) == TRUE)"?) A good rule of thumb
is to use TRUE and FALSE (or the like) only for assignment
to a Boolean variable or function parameter, or as the return
value from a Boolean function, but never in a comparison.
The preprocessor macros TRUE and FALSE (and, of course, NULL)
are used for code readability, not because the underlying values
might ever change. (See also questions 5.3 and 5.10.)
Although the use of macros like TRUE and FALSE (or YES
and NO) seems clearer, Boolean values and definitions can
be sufficiently confusing in C that some programmers feel
that TRUE and FALSE macros only compound the confusion, and
prefer to use raw 1 and 0 instead. (See also question 5.9.)
References: K&R1 Sec. 2.6 p. 39, Sec. 2.7 p. 41; K&R2 Sec. 2.6
p. 42, Sec. 2.7 p. 44, Sec. A7.4.7 p. 204, Sec. A7.9 p. 206; ISO
Sec. 6.3.3.3, Sec. 6.3.8, Sec. 6.3.9, Sec. 6.3.13, Sec. 6.3.14,
Sec. 6.3.15, Sec. 6.6.4.1, Sec. 6.6.5; H&S Sec. 7.5.4 pp. 196-7,
Sec. 7.6.4 pp. 207-8, Sec. 7.6.5 pp. 208-9, Sec. 7.7 pp. 217-8,
Sec. 7.8 pp. 218-9, Sec. 8.5 pp. 238-9, Sec. 8.6 pp. 241-4;
"What the Tortoise Said to Achilles".
9.3: Is if(p), where p is a pointer, a valid conditional?
A: Yes. See question 5.3.
Section 10. C Preprocessor
10.2: Here are some cute preprocessor macros:
#define begin {
#define end }
What do y'all think?
A: Bleah. See also section 17.
10.3: How can I write a generic macro to swap two values?
A: There is no good answer to this question. If the values are
integers, a well-known trick using exclusive-OR could perhaps
be used, but it will not work for floating-point values or
pointers, or if the two values are the same variable. (See
questions 3.3b and 20.15c.) If the macro is intended to be
used on values of arbitrary type (the usual goal), it cannot
use a temporary, since it does not know what type of temporary
it needs (and would have a hard time picking a name for it if
it did), and standard C does not provide a typeof operator.
The best all-around solution is probably to forget about using a
macro, unless you're willing to pass in the type as a third
argument.
10.4: What's the best way to write a multi-statement macro?
A: The usual goal is to write a macro that can be invoked as if it
were a statement consisting of a single function call. This
means that the "caller" will be supplying the final semicolon,
so the macro body should not. The macro body cannot therefore
be a simple brace-enclosed compound statement, because syntax
errors would result if it were invoked (apparently as a single
statement, but with a resultant extra semicolon) as the if
branch of an if/else statement with an explicit else clause.
The traditional solution, therefore, is to use
#define MACRO(arg1, arg2) do { \
/* declarations */ \
stmt1; \
stmt2; \
/* ... */ \
} while(0) /* (no trailing ; ) */
When the caller appends a semicolon, this expansion becomes a
single statement regardless of context. (An optimizing compiler
will remove any "dead" tests or branches on the constant
condition 0, although lint may complain.)
If all of the statements in the intended macro are simple
expressions, with no declarations or loops, another technique is
to write a single, parenthesized expression using one or more
comma operators. (For an example, see the first DEBUG() macro
in question 10.26.) This technique also allows a value to be
"returned."
References: H&S Sec. 3.3.2 p. 45; CT&P Sec. 6.3 pp. 82-3.
10.6: I'm splitting up a program into multiple source files for the
first time, and I'm wondering what to put in .c files and what
to put in .h files. (What does ".h" mean, anyway?)
A: As a general rule, you should put these things in header (.h)
files:
macro definitions (preprocessor #defines)
structure, union, and enumeration declarations
typedef declarations
external function declarations (see also question 1.11)
global variable declarations
It's especially important to put a declaration or definition in
a header file when it will be shared between several other
files. (In particular, never put external function prototypes
in .c files. See also question 1.7.)
On the other hand, when a definition or declaration should
remain private to one .c file, it's fine to leave it there.
See also questions 1.7 and 10.7.
References: K&R2 Sec. 4.5 pp. 81-2; H&S Sec. 9.2.3 p. 267; CT&P
Sec. 4.6 pp. 66-7.
10.7: Is it acceptable for one header file to #include another?
A: It's a question of style, and thus receives considerable debate.
Many people believe that "nested #include files" are to be
avoided: the prestigious Indian Hill Style Guide (see question
17.9) disparages them; they can make it harder to find relevant
definitions; they can lead to multiple-definition errors if a
file is #included twice; and they make manual Makefile
maintenance very difficult. On the other hand, they make it
possible to use header files in a modular way (a header file can
#include what it needs itself, rather than requiring each
#includer to do so); a tool like grep (or a tags file) makes it
easy to find definitions no matter where they are; a popular
trick along the lines of:
#ifndef HFILENAME_USED
#define HFILENAME_USED
...header file contents...
#endif
(where a different bracketing macro name is used for each header
file) makes a header file "idempotent" so that it can safely be
#included multiple times; and automated Makefile maintenance
tools (which are a virtual necessity in large projects anyway;
see question 18.1) handle dependency generation in the face of
nested #include files easily. See also question 17.10.
References: Rationale Sec. 4.1.2.
10.8a: What's the difference between #include <> and #include "" ?
A: The <> syntax is typically used with Standard or system-supplied
headers, while "" is typically used for a program's own header
files.
10.8b: What are the complete rules for header file searching?
A: The exact behavior is implementation-defined (which means that
it is supposed to be documented; see question 11.33).
Typically, headers named with <> syntax are searched for in one
or more standard places. Header files named with "" syntax are
first searched for in the "current directory," then (if not
found) in the same standard places.
Traditionally (especially under Unix compilers), the current
directory is taken to be the directory containing the file
containing the #include directive. Under other compilers,
however, the current directory (if any) is the directory in
which the compiler was initially invoked. Check your compiler
documentation.
References: K&R2 Sec. A12.4 p. 231; ISO Sec. 6.8.2; H&S Sec. 3.4
p. 55.
10.9: I'm getting strange syntax errors on the very first declaration
in a file, but it looks fine.
A: Perhaps there's a missing semicolon at the end of the last
declaration in the last header file you're #including. See also
questions 2.18, 11.29, and 16.1b.
10.10b: I'm #including the right header file for the library function
I'm using, but the linker keeps saying it's undefined.
A: See question 13.25.
10.11: I seem to be missing the system header file <sgtty.h>.
Can someone send me a copy?
A: Standard headers exist in part so that definitions appropriate
to your compiler, operating system, and processor can be
supplied. You cannot just pick up a copy of someone else's
header file and expect it to work, unless that person is using
exactly the same environment. Ask your compiler vendor why the
file was not provided (or to send a replacement copy).
10.12: How can I construct preprocessor #if expressions which compare
strings?
A: You can't do it directly; preprocessor #if arithmetic uses only
integers. An alternative is to #define several macros with
symbolic names and distinct integer values, and implement
conditionals on those.
See also question 20.17.
References: K&R2 Sec. 4.11.3 p. 91; ISO Sec. 6.8.1; H&S
Sec. 7.11.1 p. 225.
10.13: Does the sizeof operator work in preprocessor #if directives?
A: No. Preprocessing happens during an earlier phase of
compilation, before type names have been parsed. Instead of
sizeof, consider using the predefined constants in ANSI's
<limits.h>, if applicable, or perhaps a "configure" script.
(Better yet, try to write code which is inherently insensitive
to type sizes; see also question 1.1.)
References: ISO Sec. 5.1.1.2, Sec. 6.8.1; H&S Sec. 7.11.1 p.
225.
10.14: Can I use an #ifdef in a #define line, to define something two
different ways?
A: No. You can't "run the preprocessor on itself," so to speak.
What you can do is use one of two completely separate #define
lines, depending on the #ifdef setting.
References: ISO Sec. 6.8.3, Sec. 6.8.3.4; H&S Sec. 3.2 pp. 40-1.
10.15: Is there anything like an #ifdef for typedefs?
A: Unfortunately, no. You may have to keep sets of preprocessor
macros (e.g. MY_TYPE_DEFINED) recording whether certain typedefs
have been declared. (See also question 10.13.)
References: ISO Sec. 5.1.1.2, Sec. 6.8.1; H&S Sec. 7.11.1 p.
225.
10.16: How can I use a preprocessor #if expression to tell if a machine
is big-endian or little-endian?
A: You probably can't. (Preprocessor arithmetic uses only long
integers, and there is no concept of addressing.) Are you
sure you need to know the machine's endianness explicitly?
Usually it's better to write code which doesn't care.
See also question 20.9.
References: ISO Sec. 6.8.1; H&S Sec. 7.11.1 p. 225.
10.18: I inherited some code which contains far too many #ifdef's for
my taste. How can I preprocess the code to leave only one
conditional compilation set, without running it through the
preprocessor and expanding all of the #include's and #define's
as well?
A: There are programs floating around called unifdef, rmifdef,
and scpp ("selective C preprocessor") which do exactly this.
See question 18.16.
10.19: How can I list all of the predefined identifiers?
A: There's no standard way, although it is a common need. gcc
provides a -dM option which works with -E, and other compilers
may provide something similar. If the compiler documentation
is unhelpful, the most expedient way is probably to extract
printable strings from the compiler or preprocessor executable
with something like the Unix strings utility. Beware that many
traditional system-specific predefined identifiers (e.g. "unix")
are non-Standard (because they clash with the user's namespace)
and are being removed or renamed.
10.20: I have some old code that tries to construct identifiers with a
macro like
#define Paste(a, b) a/**/b
but it doesn't work any more.
A: It was an undocumented feature of some early preprocessor
implementations (notably John Reiser's) that comments
disappeared entirely and could therefore be used for token
pasting. ANSI affirms (as did K&R1) that comments are replaced
with white space. However, since the need for pasting tokens
was demonstrated and real, ANSI introduced a well-defined token-
pasting operator, ##, which can be used like this:
#define Paste(a, b) a##b
See also question 11.17.
References: ISO Sec. 6.8.3.3; Rationale Sec. 3.8.3.3; H&S
Sec. 3.3.9 p. 52.
10.22: Why is the macro
#define TRACE(n) printf("TRACE: %d\n", n)
giving me the warning "macro replacement within a string
literal"? It seems to be expanding
TRACE(count);
as
printf("TRACE: %d\count", count);
A: See question 11.18.
10.23-4: I'm having trouble using macro arguments inside string
literals, using the `#' operator.
A: See questions 11.17 and 11.18.
10.25: I've got this tricky preprocessing I want to do and I can't
figure out a way to do it.
A: C's preprocessor is not intended as a general-purpose tool.
(Note also that it is not guaranteed to be available as a
separate program.) Rather than forcing it to do something
inappropriate, consider writing your own little special-purpose
preprocessing tool, instead. You can easily get a utility like
make(1) to run it for you automatically.
If you are trying to preprocess something other than C, consider
using a general-purpose preprocessor. (One older one available
on most Unix systems is m4.)
10.26: How can I write a macro which takes a variable number of
arguments?
A: One popular trick is to define and invoke the macro with a
single, parenthesized "argument"