PCC, lint bug
Guy Harris
guy at sun.uucp
Fri Aug 30 14:17:13 AEST 1985
This really belonged in net.lang.c, for reasons which will be apparent
shortly...
> The following totally reasonable looking garbage compiles and passes
> lint -hp without a peep. It printed garbage on my 4.2 VAX, core dumped
> on my UNIX/PC (SYSV). I realize the difference between a two dimensional
> array and a pointer to a pointer (or whatever, pluralize), apparently
> neither C nor lint does. Sorry if this has been covered.
> (excerpted)
> ----------
> int x[2][2] ;
> int **xp = x ;
> printf("%d\n",x[i][j] = i+j) ;
> printf("%d\n",xp[i][j]) ;
C does know the difference between "array of X" and "pointer to X"; however,
when the name of an "array of X" is used it evaluates to a pointer to the
first member of that array, hence a "pointer to X".
xp[i][j] is (xp[i])[j]. xp[i] is *(xp + i). "xp" is a pointer to a pointer
to an "int", as is xp + i. *(xp + i) is thus a pointer to an "int".
(xp[i])[j] is thus (*(xp + i))[j]. Call *(xp + i) Xp. (xp[i])[j] is Xp[j].
This is *(Xp + j). "Xp" is a pointer to an int, as is Xp + j, so *(Xp + j)
is an "int". The code is perfectly legal C. Any C compiler or "lint" which
*rejected* it would have a bug. Why the program drops core is left as an
exercise for the reader. (Hint - has what "xp" points to been initialized?
Is code that dereferences an uninitialized pointer likely to work?)
Does anybody else think that the array/pointer semi-equivalence is probably
one of the major causes of errors in C coding?
Guy Harris
More information about the Comp.unix.wizards
mailing list