Check all errors in code?

**Jack Klein** · Sep 20 '08, 03:05 AM

Re: Check all errors in code?

On Fri, 19 Sep 2008 10:24:44 -0700 (PDT), vippstar@gmail. com wrote in
comp.lang.c:

On Sep 19, 7:51 pm, Keith Thompson <ks...@mib.orgw rote:

Richard Heathfield <r...@see.sig.i nvalidwrites:

Keith Thompson said:

[...]

>Conceivably the code doesn't need to differentiate between a string
>representing 0 and a string that doesn't represent any integer value,
>and whatever code calls it will treat either as an error.

Whilst 0 is a common return value for atoi when its input can't be
represented as an int, the Standard doesn't mandate this, so code that
relies on it is broken.

[...]

Good point; I hadn't realized that.

The following is a paraphrase of C99 7.20.1.2 (dropping the references
to atol and atoll for simplicity):

Description

The atoi function converts the initial portion of the string
pointed to by nptr to int representation. Except for the behavior
on error, it is equivalent to
(int)strtol(npt r, (char**)NULL, 10)

Returns

The atoi function returns the converted value.

And a paraphrase from C99 7.20.1.4:

The strtol function returns the converted value, if any. If no
conversion could be performed, zero is returned.

Until a moment ago, I assumed that the *intent* was that atoi()
returns 0 on error, and the standard just didn't express that intent
properly. But that intent could have been expressed simply by
dropping the phrase "Except for the behavior on error". Since it
doesn't say what the behavior on error *is*, the behavior is
undefined.

>
I believe the "behavior on error" is when the string is not an
integer.
strtol can not invoke undefined behavior. If atoi is equal to that
strtol call, it can't invoke undefined behavior if strtol returns 0.
It will invoke implementation defined behavior or will raise
implementation defined signal (only in C99) if the value returned by
strtol is < INT_MIN or INT_MAX.

You are laboring under a dangerous misunderstandin g here.

Here is what C90 says about atoi(), atol(), and atof():

"The functions atof, atoi, and atol need not affect the value of the
integer expression errno on an error. If the value of the result
cannot be represented, the behavior is undefined."

The difference in C99 is that the new function atoll() is included:

"The functions atof, atoi, atol, and atoll need not affect the value
of the integer expression errno on an error. If the value of the
result cannot be represented, the behavior is undefined."

The ato... functions all invoke undefined behavior if the text string
represents a value outside the range of the function's return type. No
implementation-defined behavior or implementation-defined signal, just
plain old UB.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://c-faq.com/
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.l earn.c-c++

http://www.club.cc.cmu.edu/~ajo/docs/FAQ-acllc.html

**Keith Thompson** · Sep 20 '08, 03:55 AM

Re: Check all errors in code?

Jack Klein <jackklein@spam cop.netwrites:
[...]

You are laboring under a dangerous misunderstandin g here.
>
Here is what C90 says about atoi(), atol(), and atof():
>
"The functions atof, atoi, and atol need not affect the value of the
integer expression errno on an error. If the value of the result
cannot be represented, the behavior is undefined."
>
The difference in C99 is that the new function atoll() is included:
>
"The functions atof, atoi, atol, and atoll need not affect the value
of the integer expression errno on an error. If the value of the
result cannot be represented, the behavior is undefined."
>
The ato... functions all invoke undefined behavior if the text string
represents a value outside the range of the function's return type. No
implementation-defined behavior or implementation-defined signal, just
plain old UB.

Argh, how did I miss that?

Or, rather, arrrrrrrrrrgh (this being International Talk Like a Pirate
Day).

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"

**CBFalconer** · Sep 20 '08, 04:25 AM

Re: Check all errors in code?

"christian. bau" wrote:

CBFalconer <cbfalco...@yah oo.comwrote:

>"christian.bau " wrote:

>><lovecreatesb ea...@gmail.com wrote:
>>>
>>>(My boss and ex-bosses don't know about C programming and
>>>don't care about C programming. I'm supposed to show them some
>>>instant achievement same as other humble programmers in China
>>>do. My bosses do the same instant things to the clients.)
>>>
>>Whose money is lost if you do shoddy work by following your
>>bosses orders? If it's your bosses money, go ahead. If it's not
>>your bosses money, follow your conscience.

>>
>Not wise. When the problems arise, who gets blamed and loses
>reputation? Just do a proper job in the first place.

>
The way the original poster described it, what you or I would
call "doing a proper job" is not what his boss calls "doing a
proper job". He would get blame and lose reputation much earlier,
and possibly his job as well.

While there may be exceptions [1] I expect that the 'boss' will
never notice, but both he and the programmer will get the
reputation of producing good code.

[1] Exceptions include such things as embedded packages needing
absolute minimum code space. If the boss ever notices he has to be
a reasonably capable programmer himself, and can probably
appreciate the necessity for those checks.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.

**CBFalconer** · Sep 20 '08, 04:35 AM

Re: Check all errors in code?

Jack Klein wrote:

vippstar@gmail. com wrote:
>

.... snip ...

>

>strtol can not invoke undefined behavior. If atoi is equal to
>that strtol call, it can't invoke undefined behavior if strtol
>returns 0. It will invoke implementation defined behavior or
>will raise implementation defined signal (only in C99) if the
>value returned by strtol is < INT_MIN or INT_MAX.

>
You are laboring under a dangerous misunderstandin g here.
>
Here is what C90 says about atoi(), atol(), and atof():
>
"The functions atof, atoi, and atol need not affect the value
of the integer expression errno on an error. If the value of
the result cannot be represented, the behavior is undefined."
>
The difference in C99 is that the new function atoll() is
included:
>
"The functions atof, atoi, atol, and atoll need not affect the
value of the integer expression errno on an error. If the
value of the result cannot be represented, the behavior is
undefined."
>
The ato... functions all invoke undefined behavior if the text
string represents a value outside the range of the function's
return type. No implementation-defined behavior or
implementation-defined signal, just plain old UB.

I think you are missing the point. Those ato* functions are only
present to allow old code to be compiled. There is no purpose
whatsoever to the atoll code except to encourage foolishness. They
can all be replaced by strto* calls, which have proper error
reporting capabilities, and should be so replaced in any new code.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.

**Keith Thompson** · Sep 20 '08, 07:35 AM

Re: Check all errors in code?

CBFalconer <cbfalconer@yah oo.comwrites:

Jack Klein wrote:

[...]

>The ato... functions all invoke undefined behavior if the text
>string represents a value outside the range of the function's
>return type. No implementation-defined behavior or
>implementati on-defined signal, just plain old UB.

>
I think you are missing the point.

Huh? What makes you think that?

Those ato* functions are only
present to allow old code to be compiled. There is no purpose
whatsoever to the atoll code except to encourage foolishness. They
can all be replaced by strto* calls, which have proper error
reporting capabilities, and should be so replaced in any new code.

He didn't miss the point, he was providing an argument in favor of it.

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"

**vippstar@gmail.com** · Sep 20 '08, 10:15 AM

Re: Check all errors in code?

On Sep 20, 5:58 am, Jack Klein <jackkl...@spam cop.netwrote:

[ correcting me saying atoi doesn't invoke UB ]

You are laboring under a dangerous misunderstandin g here.
>
Here is what C90 says about atoi(), atol(), and atof():
>
"The functions atof, atoi, and atol need not affect the value of the
integer expression errno on an error. If the value of the result
cannot be represented, the behavior is undefined."
>
The difference in C99 is that the new function atoll() is included:
>
"The functions atof, atoi, atol, and atoll need not affect the value
of the integer expression errno on an error. If the value of the
result cannot be represented, the behavior is undefined."
>
The ato... functions all invoke undefined behavior if the text string
represents a value outside the range of the function's return type. No
implementation-defined behavior or implementation-defined signal, just
plain old UB.

I see, thanks for this. Therefore atoi is certainly not equivalent to
(int)strtol(s, (char **)0, 10);
I couldn't see how it could be equivalent anyway, since this code is
valid

#include <stdlib.h>

....
#undef strtol
int i = atoi("42");

But it would break in an implementation where atoi is defined in terms
of strtol and strtol is a macro.

**Harald van =?UTF-8?b?RMSzaw==?=** · Sep 20 '08, 04:55 PM

Re: Check all errors in code?

On Sat, 20 Sep 2008 03:10:48 -0700, vippstar wrote:

I couldn't see how it could be equivalent anyway, since this code is
valid
>
#include <stdlib.h>
>
...
#undef strtol
int i = atoi("42");
>
But it would break in an implementation where atoi is defined in terms
of strtol and strtol is a macro.

How would it break? Even if a macro definition of strtol is provided, it
must also be available as a declaration of an actual function, just like
almost all other standard library functions.

**Keith Thompson** · Sep 20 '08, 05:05 PM

Re: Check all errors in code?

vippstar@gmail. com writes:

On Sep 20, 5:58 am, Jack Klein <jackkl...@spam cop.netwrote:

[...]

>The ato... functions all invoke undefined behavior if the text string
>represents a value outside the range of the function's return type. No
>implementati on-defined behavior or implementation-defined signal, just
>plain old UB.

>
I see, thanks for this. Therefore atoi is certainly not equivalent to
(int)strtol(s, (char **)0, 10);

No, nobody said it was equivalent. The standard clearly says it's
equivalent *except for the behavior on error*.

I couldn't see how it could be equivalent anyway, since this code is
valid
>
#include <stdlib.h>
>
...
#undef strtol
int i = atoi("42");
>
But it would break in an implementation where atoi is defined in terms
of strtol and strtol is a macro.

No, it wouldn't. C99 7.1.4p1:

Any function declared in a header may be additionally implemented
as a function-like macro defined in the header[...]. The use of
#undef to remove any macro definition will also ensure that an
actual function is referred to.

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"

**vippstar@gmail.com** · Sep 20 '08, 07:15 PM

On Sat, 20 Sep 2008 03:10:48 -0700, vippstar wrote:

I couldn't see how it could be equivalent anyway, since this code is
valid

>

#include <stdlib.h>

>

...
#undef strtol
int i = atoi("42");

>

But it would break in an implementation where atoi is defined in terms
of strtol and strtol is a macro.

>
How would it break? Even if a macro definition of strtol is provided, it
must also be available as a declaration of an actual function, just like
almost all other standard library functions.

It wouldn't. I realized a bit after I made my post :-(.

**vippstar@gmail.com** · Sep 20 '08, 07:15 PM

Re: Check all errors in code?

On Sep 20, 8:03 pm, Keith Thompson <ks...@mib.orgw rote:

vipps...@gmail. com writes:

On Sep 20, 5:58 am, Jack Klein <jackkl...@spam cop.netwrote:

[...]

The ato... functions all invoke undefined behavior if the text string
represents a value outside the range of the function's return type. No
implementation-defined behavior or implementation-defined signal, just
plain old UB.

>

I see, thanks for this. Therefore atoi is certainly not equivalent to
(int)strtol(s, (char **)0, 10);

>
No, nobody said it was equivalent. The standard clearly says it's
equivalent *except for the behavior on error*.

You're correct. I didn't notice.

**Nick Keighley** · Sep 21 '08, 11:55 AM

Re: Check all errors in code?

On Sep 19, 5:24 pm, Richard Heathfield <r...@see.sig.i nvalidwrote:

Whilst 0 is a common return value for atoi when its input can't be
represented as an int, the Standard doesn't mandate this, so code that
relies on it is broken.

wow. My first thought was "Richard must be wrong anout this. I'm
certain
atoi() returns zero on error". So I checked. It really is UB if atoi()
cannot perform the conversion! So I learned something new about C
today!

--
Nick Keighley

Check all errors in code?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment