• Making the element type of string literals const

    From Philipp Klaus Krause@21:1/5 to All on Fri Aug 14 11:34:53 2020
    C does not allow programs to modify a string literal.

    However, for historic reasons this is not reflected in their type.

    E.g. this compiled, but has undefined behaviour if ever executed:

    void f(void)
    {
    "test"[2] = 'a';
    }

    It would be more consistent is the element type for string literals
    would be const-qualified. And coding standards (e.g. MISRA) require the
    use of const-qualified types already in e.g.

    const char *c = "test"; // OK
    vs.
    char *c = "test"; // Allowed by C standard, not allowed by MISRA

    I don't think this change would break many recent programs. So even if
    the type of char string literals cannot be changed, such a change should
    at least be possible for string literals of other types.

    Is it worth writing a proposal for C2X?
    What do you think of such a change?

    Philipp

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Brown@21:1/5 to Philipp Klaus Krause on Fri Aug 14 13:43:29 2020
    On 14/08/2020 11:34, Philipp Klaus Krause wrote:
    C does not allow programs to modify a string literal.

    However, for historic reasons this is not reflected in their type.

    E.g. this compiled, but has undefined behaviour if ever executed:

    void f(void)
    {
    "test"[2] = 'a';
    }

    It would be more consistent is the element type for string literals
    would be const-qualified. And coding standards (e.g. MISRA) require the
    use of const-qualified types already in e.g.

    const char *c = "test"; // OK
    vs.
    char *c = "test"; // Allowed by C standard, not allowed by MISRA

    I don't think this change would break many recent programs. So even if
    the type of char string literals cannot be changed, such a change should
    at least be possible for string literals of other types.

    Is it worth writing a proposal for C2X?
    What do you think of such a change?

    Philipp


    It would break many programs (perhaps more old ones than new ones, but backwards compatibility is king). In particular, you can't then use a
    string literal as a parameter to a function that has a "char *" argument.

    Baring obtuse use of _Generic, I believe that a program that is correct
    if string literals have "const char[]" types (like in C++) will have the
    same functionality with normal "char[]" types - so the change would
    affect the ease of error avoidance and checking rather than the effect
    of the code.

    So personally I think it would be a good thing - but I strongly doubt it
    could happen.

    The best alternative is to have it as a compiler switch. gcc's "-fwrite-strings" option does exactly this, and I use it in my own code.
    (I disagree with the naming - as it affects the semantics of the
    language, it should not be a "warning" option - but that's another matter.)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Florian Weimer@21:1/5 to All on Fri Aug 14 23:41:20 2020
    * David Brown:

    The best alternative is to have it as a compiler switch. gcc's "-fwrite-strings" option does exactly this, and I use it in my own code.
    (I disagree with the naming - as it affects the semantics of the
    language, it should not be a "warning" option - but that's another matter.)

    The historic -fwritable-strings option actually made string literals
    writable by placing them into the data segment.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Brown@21:1/5 to Florian Weimer on Mon Aug 17 15:23:03 2020
    On 14/08/2020 23:41, Florian Weimer wrote:
    * David Brown:

    The best alternative is to have it as a compiler switch. gcc's
    "-fwrite-strings" option does exactly this, and I use it in my own code.
    (I disagree with the naming - as it affects the semantics of the
    language, it should not be a "warning" option - but that's another matter.)

    The historic -fwritable-strings option actually made string literals
    writable by placing them into the data segment.


    Sorry, I meant "-Wwrite-strings" ! I don't know how I managed to write
    exactly the opposite flag.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)