Thread

Topic: Why is const char ** = char ** an error?

Author: maxtal@physics.su.OZ.AU (John Max Skaller)
Date: Thu, 24 Nov 1994 03:55:42 GMT Raw View

In article <3b0qf5$3q@weever.mel.dit.csiro.au> mwr@mel.dit.csiro.au (Mark Rawling) writes:
>    result of a logic error. Passing a value of type char** to an
>    argument of type const char** is illegal in both C++ and ANSI C.
>Can someone explain why this is unsafe?

 Scott Turner is attributed with the discovery.

 const char a='a'; // our hapless target
 char* b;
 char **c = &b;     // *c is b
 const char **d=c; // assume legal (its not!)
 *d = &a; // *d is type "const char *" and so is &a
          // this sets *d to point to a
          // but *d is *c which is b
          // so b points at a now -- we just set b to &a
   // but b is type "char*" and a is a const char! so ..
 *b='b'; // WOOPS

 Andrew Koenig is attributed with changing the rule to allow

 const char * const * <-- char **

 which _is_ safe, and more generally

 "same for volatile" which is not .. (its the only
 time Andrew has even been wrong :-)

 and finally Pat Smith with doing a complete mathematical
 analysis of which conversions are safe and which are not ..
 which forms the basis of the apparently complicated rules
 in the Working Paper.

The point-- you can do any pointer conversion that is safe implicitly.
(In C, you can't)
--
        JOHN (MAX) SKALLER,         INTERNET:maxtal@suphys.physics.su.oz.au
 Maxtal Pty Ltd,
        81A Glebe Point Rd, GLEBE   Mem: SA IT/9/22,SC22/WG21
        NSW 2037, AUSTRALIA     Phone: 61-2-566-2189

Author: mwr@mel.dit.csiro.au (Mark Rawling)
Date: 24 Nov 1994 12:32:21 +1100 Raw View

(Also posted to comp.lang.c++ yesterday (sorry, not cross-posted)
- no answer yet.)

Sun's C++ compiler CC-4.0.1 (running on SunOS 4.1.3_U1) gives me a
surprising warning/anachronism. Upon looking at their "migration"
notes I see the following ...

    C++ 3.0 was lax in its type checking, particularly when pointers to
    const were involved. Failure to handle const and volatile properly
    on pointers is a major cause of this problem. You can usually
    correct it with an explicit cast, but the error is probably the
    result of a logic error. Passing a value of type char** to an
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    argument of type const char** is illegal in both C++ and ANSI C.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    This is not an error or oversight in the standard as such
    assignments open a hole in the type system and violate const
    safety.

Can someone explain why this is unsafe? The same thing happens for both
assignments and parameter passing. It doesn't have to be char, but there
does have to be at least two levels of indirection, eg, const char * =
char * is fine.

Other compilers don't complain, but Sun have documented it explicitly, so
it really is a violation, right??? But why???


----
Mark.Rawling@mel.dit.csiro.au             |  Distributed Systems Program
CSIRO Division of Information Technology  |
723 Swanston Street                       |      tel: +61 3 282 2634
Carlton, VIC 3053, Australia              |      fax: +61 3 282 2600