Comment by dfawcus
25 days ago
Then don't allow it to decay:
void arr_fn(char (*arr)[15]) {
enum { len = sizeof *arr }; printf("len of array: %d\n", len);
printf("Got: %.*s\n", len, *arr);
}
void sptr_fn(char ptr[static 15]) { printf("Got: %s\n", ptr); }
int main(void) {
char array[15] = "Hello, World!";
arr_fn(&array); sptr_fn(array); return 0;
}
Using gcc (and similarly clang) removing the '15' from 'array', and allowing it to allocate it as 14 chars will result in warnings for both function calls.
One can hide that ptr to array behind a typedef to make it more readable:
typedef char (Arr_15)[15];
void arr_fn2(Arr_15 *arr) {
What do you mean by 'the static trick'? Is that what I have in sptr_fn()?
That is the static trick.
The issues as it stands today are:
- It is still a warning instead of an error, and we all know how many projects have endless lists of warnings
- Only GCC and clang issue such warning, if we want to improve C, security must be imposed to all implementations
https://c.godbolt.org/z/fEKzT4WfM
OK - assuming you're referring to 'char ptr[static 15]' as the 'static trick', then yeah - other compilers do not complain.
However the other form 'char (*arr)[15]' has always been available, and is complained of in other compilers.
I believe I remember using it in DOS based C-89 compilers back in the early 90s, possibly also in K&R (via lint) in the 80s.
NB: icc, msvc, mvc complain about the misuse of the traditional version if one adjusts your godbolt example.
Yes one has to build with warnings forcing errors, which takes a bit of work to achieve if the code has previously been built without that.
There isn't really much difference between "ignoring warnings" in C and careless use of "unsafe" or "unwrap" in Rust. Once you entered the realm of sloppiness, the programming language will not safe you.
The point is to what extend the tools for safe programming are available. C certainly has gaps, but not having proper arrays is not one of them.