PCC, lint bug

Scott Hankerson scottha at copper.UUCP
Thu Sep 5 11:26:56 AEST 1985 

In article <1152 at brl-tgr.ARPA> root%bostonu.csnet at csnet-relay.arpa (BostonU SysMgr) writes:
>
>>This really belonged in net.lang.c, for reasons which will be apparent
>>shortly...
>>
>>> The following totally reasonable looking garbage compiles and passes
>>> lint -hp without a peep. It printed garbage on my 4.2 VAX, core dumped
>>> on my UNIX/PC (SYSV). I realize the difference between a two dimensional
>>> array and a pointer to a pointer (or whatever, pluralize), apparently
>>> neither C nor lint does. Sorry if this has been covered.
>> (excerpted)
>> ----------
>>> 	int x[2][2] ;
>>> 	int **xp = x ;
>>> 			printf("%d\n",x[i][j] = i+j) ;
>>> 			printf("%d\n",xp[i][j]) ;
>>
>>C does know the difference between "array of X" and "pointer to X"; however,
>>when the name of an "array of X" is used it evaluates to a pointer to the
>>first member of that array, hence a "pointer to X".
>>
>>xp[i][j] is (xp[i])[j].  xp[i] is *(xp + i).  "xp" is a pointer to a pointer
>>to an "int", as is xp + i.  *(xp + i) is thus a pointer to an "int".
>>(xp[i])[j] is thus (*(xp + i))[j].  Call *(xp + i) Xp.  (xp[i])[j] is Xp[j].
>>This is *(Xp + j).  "Xp" is a pointer to an int, as is Xp + j, so *(Xp + j)
>>is an "int".  The code is perfectly legal C.  Any C compiler or "lint" which
>>*rejected* it would have a bug.  Why the program drops core is left as an
>>exercise for the reader.  (Hint - has what "xp" points to been initialized?
>>Is code that dereferences an uninitialized pointer likely to work?)
>>
>>	Guy Harris
>
>WRONG WRONG WRONG
>
>THE  ERROR IS ALLOWING THE DECLARATION TO PASS BOTH C AND LINT:
>
>	int x[STUFF][THING] ;	/* the name 'x' is a pointer to an int */
>	int **xp = x ;		/* not a pointer to a pointer */
>
>I do not believe *any* reading of 'x' lets it be a pointer to a pointer.
>	.
>	.
>	.
>		-Barry Shein, Boston University


Who is WRONG WRONG WRONG??  Page 104 of the 1978 edition of \The C
Programming Language/ by Kernighan and Ritchie says:

	   In C, by definition a two-dimensional array is really a
	one-dimensional array, each of whose elements is an array.
	Hence subscripts are written as

		day_tab[i][j]

	rather than

		day_tab[i, j]

	as in most languages.  Other than this, a two-dimensional array
	can be treated in much the same way as in other languages.

There's still the question of whether or not xp (in the original example)
is properly initialized.  But since when did C care if a pointer is
initialized?

Scott Hankerson
tektronix!copper!scottha

More information about the Comp.unix.wizards mailing list