less_retarded_wiki/c_pitfalls.md
Miloslav Ciz 216d43f700 Update
2022-02-07 15:57:04 +01:00

2.9 KiB

C Pitfalls

C is a powerful language that offers almost absolute control and maximum performance which necessarily comes with responsibility and danger of shooting yourself in the foot. Without knowledge of the pitfalls you may well find yourself fallen into one of them.

Unless specified otherwise, this article supposes the C99 standard of the C language.

Undefined/Unspecified Behavior

Undefined, unspecified and implementation-defined behaviors are kinds of unpredictable and sometimes non-intuitive behavior of certain operations that may differ between compilers, platforms or runs because they are not defined by the language specification; this is mostly done on purpose as to allow some implementation freedom which allows implementing the language in a way that is most efficient on given platform. This behavior may be completely random (unpredictable) or implementation-specified (consistent within each implementation but potentially different for each of them). In any case, one has to avoid any such unpredictable behavior in basically any sane program. Note that tools such as cppcheck can help find undefined behavior in code. Description of some of these behaviors follow.

Data type sizes including int and char may not be the same on each platform. Even though we almost take it for granted than char is 8 bits wide, in theory it can be wider. The int (and unsigned int) type width should reflect the architectures native integer type, so nowadays mostly it's mostly 32 or 64 bits. To deal with this we can use the standard library limits.h and stdint.h headers.

Order of evaluation of operands/arguments is not specified. I.e. in an expression or function call it is not defined which operands or arguments will be evaluated first, the order may be completely random and the order may differ even when evaluating the same expression at another time. This is demonstrated by the following code:

#include <stdio.h>

int x = 0;

int a(void)
{
  x += 1;
  return x;
}

int main(void)
{
  printf("%d %d\n",x,a()); // may print 0 1 or 1 1
  return 0;
}

Char data type signedness is not defined. The signedness can be explicitly "forced" by specifying signed char or unsigned char.

Bit shifts by type width or more are undefined. Also bit shifts by negative values are undefined. So e.g. x >> 8 is undefined if width of the data type of x is 8 bits.

Memory Unsafety

Besides being extra careful of writing safe memory code, one needs to also know that some functions of the standard library are memory unsafe. This is regarding mainly string functions such as strcpy or strlen which do not check the string boundaries (i.e. they rely on not being passed a string that's not zero terminated and so can potentially touch memory anywhere beyond); safer alternatives are available, they have an n added in the name (strncpy, strnlen, ...) and allow specifying a length limit.

Different Behavior in C vs C++

TODO