23 lines
2.5 KiB
Markdown
23 lines
2.5 KiB
Markdown
# C Pitfalls
|
|
|
|
[C](c.md) is a powerful language that offers almost absolute control and maximum performance which necessarily comes with responsibility and danger of shooting yourself in the foot. Without knowledge of the pitfalls you may well find yourself fallen into one of them.
|
|
|
|
Unless specified otherwise, this article supposes the C99 standard of the C language.
|
|
|
|
## Undefined/Unspecified Behavior
|
|
|
|
Undefined, unspecified and implementation-defined behaviors are kinds of unpredictable and sometimes non-intuitive behavior of certain operations that may differ between compilers, platforms or runs because they are not defined by the language specification; this is mostly done on purpose as to allow some implementation freedom which allows implementing the language in a way that is most efficient on given platform. This behavior may be completely random (unpredictable) or implementation-specified (consistent within each implementation but potentially different for each of them). In any case, one has to avoid any such unpredictable behavior in basically any sane program. Note that tools such as [cppcheck](cppcheck.md) can help find undefined behavior in code. Description of some of these behaviors follow.
|
|
|
|
**Data type sizes including int and char may not be the same on each platform**. Even though we almost take it for granted than char is 8 bits wide, in theory it can be wider. The int (and unsigned int) type width should reflect the architectures native integer type, so nowadays mostly it's mostly 32 or 64 bits. To deal with this we can use the standard library `limits.h` and `stdint.h` headers.
|
|
|
|
**Char data type signedness is not defined**. The signedness can be explicitly "forced" by specifying `signed char` or `unsigned char`.
|
|
|
|
**Bit shifts by type width or more are undefined.** Also bit shifts by negative values are undefined. So e.g. `x >> 8` is undefined if width of the data type of `x` is 8 bits.
|
|
|
|
## Memory Unsafety
|
|
|
|
Besides being extra careful of writing safe memory code, one needs to also know that **some functions of the standard library are memory unsafe**. This is regarding mainly string functions such as `strcpy` or `strlen` which do not check the string boundaries (i.e. they rely on not being passed a string that's not zero terminated and so can potentially touch memory anywhere beyond); safer alternatives are available, they have an `n` added in the name (`strncpy`, `strnlen`, ...) and allow specifying a length limit.
|
|
|
|
## Different Behavior in C vs C++
|
|
|
|
TODO |