Is char** (or char*[]) implicitly convertible to 'const char * const *'?

[Greg Comeau]

Greg,

I understand why 'char**' is not convertible to 'const char**'. Here's
why "char**" is not convertible to "const char**". Here's how I
explain it to others. Let us see what could happen if the conversion
was allowed:

void foo(const char** strArray)
{
strArray[0] = "Hello"; // This is OK for const char**
}

Well, that's also ok for char**, since string literals are of type
char * in c. The general idea still stands, though.

The thing that irritates me is that despite all this, it's _trivial_
to violate const in C without resorting to all this.

const char foo[] = "mystring";
char *constviol = strchr(foo,*foo);

Indeed. Which is why the C++ committee plugged that hole in the
type system.

How'd they manage that? Just out of curiosity, I know it's off-topic

C++ is OT but the underlying issues may not be per se: By plugging
as many (C) type holes as possible and/or related issues: doing
stuff like making string literals const, providing a strchr overload
(the overload itself was not the desired solution but C compatibility
was desired), requiring function prototypes, disallowing implicit int,
etc. (obviously not all these are connected to strchr()).

 

[kevin.hall]

Greg,

Thanks for all the information! I deeply appeciate how you contribute
to the forums and help others despite being busy with your buisness.

- Kevin

 

[Netocrat]

N869, 6.2.5, para 26
The qualified or unqualified versions of a [pointer type] ... have the
same representation and alignment requirements.

and para 27:
[P]ointers to qualified or unqualified versions of compatible types
shall have the same representation and alignment requirements.

The FAQ should IMO be clarified here. It _could_ cause undefined
behaviour if (as described elsethread and in Greg's FAQ) such a cast were
used to violate const-protection.

It's a violation of const-safety to be able to implicitly convert char **
to const char **, but the prohibition of other implicit conversions (e.g.
char ** to const char *const *) does seem to be spurious.

When this objection has come up in the past, the explanation has been that
the standard's authors were being cautious with a new rule (and Greg has
again cited this explanation in the current thread).

AFAIRecall, you are correct: the cast is not required to make it work
and hence it's not a case of "would work" but _could_ work.

The cast itself is required to work though. By N869, 6.5, para 7 the
aliasing rules allow a const pointer to be accessed through a compatible
non-const lvalue (and vice-versa), and 6.3.2.3. para 2 states:

For any qualifier q, a pointer to a non-q-qualified type may be
converted to a pointer to the q-qualified version of the type; the
values stored in the original and converted pointers shall compare
equal.

 

[Greg Comeau]

The cast itself is required to work though. By N869, 6.5, para 7 the
aliasing rules allow a const pointer to be accessed through a compatible
non-const lvalue (and vice-versa), and 6.3.2.3. para 2 states:

For any qualifier q, a pointer to a non-q-qualified type may be
converted to a pointer to the q-qualified version of the type; the
values stored in the original and converted pointers shall compare
equal.

We may be talking about two different things, but from C99 6.7.3p5
(also C90 3.5.3p4):

"If an attempt is made to modify an object defined with a
const-qualified type through use of an lvalue with
non-const-qualified type, the behavior is undefined."

Casting does not excuse this. If this is what you're saying,
then we agree. I'm talking about the case where in the
example the underlying char is const, not the case where it isn't.

 

[Netocrat]

We may be talking about two different things, but from C99 6.7.3p5

Yes, my comment was a slight side-track (that's why I prefaced it with
"The cast itself); I wasn't intending to negate what you said.

(also C90 3.5.3p4):

"If an attempt is made to modify an object defined with a
const-qualified type through use of an lvalue with
non-const-qualified type, the behavior is undefined."

Casting does not excuse this. If this is what you're saying,
then we agree.

We agree. I was simply saying that the cast itself (and access to the
cast pointer) does not invoke undefined behaviour - it's access to what
the pointer points to that (potentially) invokes undefined behaviour.