James Kuyper said:Within the context of the C language, there's lots of routines in the C
standard library that work with null-terminated strings, and only a few
that work with counted strings.
Every routine that treats a string as a series of characters rather than
as raw memory recognizes null termination, even those functions that also
accept a count.
Therefore, if the standard used 'string' as a short for for 'counted
string' rather than 'null terminated string', it would be marginally
longer and harder to read.
My C++ string class is a length and data ptr (pretty much, since the
underpinnings are an array class).
And didn't the null terminated string give us the buffer overrun fiasco?
Richard said:I use C++ and very often "ponder" the defficiencies of the language that are
there for reasons of backward compatibility with C. My C++ string class IS a
length and a ptr to data.
why don't you use std::string?
<[email protected]>; <[email protected]>;
<[email protected]>; "Master Troll" <[email protected]>
wrote in messagenews:[email protected]....
Thank Han. I thought I was going to have to read many more posts in this
thread but now you've marked the prune point and I need not read this branch
beyond your post at all!
Perhaps strings should be akin to width-specified integers:
string16 (a string with up to 65536 chars)
string32 ... etc.
"These are normally known as "C-style" strings. The main advantage is
the length of the string is limited only by available memory, and the
length field is not stored with the string, thus conserving storage
space."
The "main advantage" above, is actually a disadvantage. It causes
programmers to write code that is succeptible to buffer overrun attacks.
Storage space conservation? Only in the exceptional case nowadays.
""removing"
the prefix of a string can be done simply by referring to a location
past the beginning,"
That operation is the same in the "Pascal-type string also, but then the
length has to be updated. No big deal.
"dividing strings into substrings can be done by
placing 0's where appropriate. As an exercise, try implementing strtok
() with Pascal-style strings. You may be surprised at the difficulty."
Well one function is an exceptional case. The rule is to program for the
common case and make special things as required rather than complicate the
general case.
"The main disadvantage of C-style strings is computing the length is O
(n)"
I'd say there are a FEW issues and that is just one of them.
", but applications that need to reduce this to constant time can
easily do so by storing the length elsewhere, if they need it."
jacob navia said:There are many advantages to zero terminated strings:
o Performance. You must scan the whole string millions of times
each time you want to know how long it is. This needs always
a faster processor so you can count on C to get that new game
machine you were dreaming of.
Well said (meaning, I read that, understand it). I still don't see the
benefit of null terminated strings over a struct-like thing:struct string
{
uint32 length;
char* data;
};
Here are some potential advantages:
(1) The struct takes more space - 4 bytes for the length vs 1 for
the nul.
(2) The code for a nul terminated string typically is more
compact. Compare
for (i = 0; i<s.length; i++) {... s.data ...}
vs
for (ptr = s; ptr; ptr++) {... *ptr ...}
or even (if we don't need to preserve the pointer to the string)
for (;s;s++) {... *s ...}
However, my dog never attempted to improve the C string library
throughout his life. He died of old age about 5 years ago.
Well said (meaning, I read that, understand it). I still don't see the
benefit of null terminated strings over a struct-like thing:
struct string
{
uint32 length;
char* data;
};
Here are some potential advantages:
(1) The struct takes more space - 4 bytes for the length vs 1 for
the nul.
(2) The code for a nul terminated string typically is more
compact. Compare
for (i = 0; i<s.length; i++) {... s.data ...}
vs
for (ptr = s; ptr; ptr++) {... *ptr ...}
or even (if we don't need to preserve the pointer to the string)
for (;s;s++) {... *s ...}
JC said:This is almost not a bad idea, but the major problem with it is
string16 and string32 are now different types, when they arguably
should not be. Are there special rules for converting from string16 ->
string32? What if you want to pass a string8 to a function that
expects a string32? What if the function modifies the string through
it's parameter? Then the string8 -> string32 conversion must make
changes to the string32 visible in the string8. What if you want to
convert a string32 to a string16? Should it do a run-time check and
fail if the string32's length is larger than 65535?
Storing the length with the string does not protect against buffer
overrun attacks.
Not on embedded systems. The ATMega168 I have sitting on my desk right
now has 512 bytes of read-only storage for data, and 16kB more
available for program + data. Every byte counts. These are not
exceptional cases; it's fairly common hardware, albeit somewhat
specialized.
No. This is not correct. Consider this function, which takes as input
a full path name (e.g. "c:\\windows\\notepad.exe") and prints the last
path component ("notepad.exe"), without modifying the input.
void print_file_name (const char *fullpath) {
const char *filename = strrchr(fullpath, PATH_SEPARATOR);
printf("file name only: %s\n", filename ? filename : fullpath);
}
I challenge you to implement that with counted strings without leaking
memory or allocating new memory. As a handicap, you may assume that a
function "last_index_of(counted_string, char)" exists that returns the
index of the last occurrence of the character in the specified
counted_string (say it returns -1 if not found).
Here are some potential advantages:(1) The struct takes more space - 4 bytes for the length vs 1 for
the nul.(2) The code for a nul terminated string typically is more
compact. Comparefor (i = 0; i<s.length; i++) {... s.data ...}
for (ptr = s; ptr; ptr++) {... *ptr ...}
or even (if we don't need to preserve the pointer to the string)for (;s;s++) {... *s ...}
It may be more compact, but is it easier to make a silly mistake
that compiles without a warning?
This is almost not a bad idea, but the major problem with it is
string16 and string32 are now different types, when they arguably
should not be.
[snip]
Other schemes are possible. For instance you store the length in
the first byte if the length is smaller than 255. If it is bigger than
254, you store 255 in the first byte and the length in the following two
bytes. If the length is bigger than 65534, you store 65535 in the
two bytes and store the length of the strings in the next 4 bytes.
Etc.
Well, it makes strcpy much faster and 100% sure. Surely a way of making
a buffer overflow atack is to supply a string too long for strcpy so
your statement makes no sense at all...
Do those processors need a lot of string handling?
And, by the way, why should the language be tailored to shitty
hardware?
Erm...
A schema as I described above would in most cases
just waste ZERO bytes: Since most strings in the ATM168 will be
smaller tghan 255 bytes, and we do not need the terminating
zezro the space wasted is NIL!!!
Well, you make a temporary copy or you make a fat pointer to it.
Both can be done with lcc-win library
This is very easy
Just copy the part you want.
Note that your solution makes an alias to the string, an alias that can
mean a crash if its stored away somewhere, and the original string is
discarded with free().
It is absolutely not a difficulty.
But (as you may know) modifying the
input string is not possible in many cases.
This is not a valid premise as it is not only false, but does not
relate to any of the arguments being made anyways.
Tony said:Well "duh". Once you define "string" to mean "null terminated sequence of
chars", then obviously you write the functions to fit that PARADIGM.
Yeah, so? That is obvious and follows directly from the defintion of a C
string as being a null-terminated thing.
Did you just give the following argument: "god created all things, hence
there must be a god"?
> Well said (meaning, I read that, understand it). I still don't see the
> benefit of null terminated strings over a struct-like thing:
>
> struct string
> {
> uint32 length;
> char* data;
> };
Keith said:.... snip ...
If calloc accepts calls for items with a net size greater than
SIZE_MAX, the code is in error. calloc should simply return NULL
for such a call.
An implementation can certainly avoid the whole issue by having
calloc() return NULL whenever the requested size exceeds SIZE_MAX,
and I suspect most implementations do that.
But suppose an implementation returns a non-null result for
calloc(SIZE_MAX, 2). You can't directly apply sizeof to the
resulting object, since it's anonymous. You can try to compute,
for example, "sizeof char[SIZE_MAX][2]", but you could try that
even if calloc() didn't exist. One compiler I tried issued a
compile-time diagnostic:
error: size of array 'type name' is too large
CBFalconer said:Keith said:... snip ...
If calloc accepts calls for items with a net size greater than
SIZE_MAX, the code is in error. calloc should simply return NULL
for such a call.
An implementation can certainly avoid the whole issue by having
calloc() return NULL whenever the requested size exceeds SIZE_MAX,
and I suspect most implementations do that.
But suppose an implementation returns a non-null result for
calloc(SIZE_MAX, 2). You can't directly apply sizeof to the
resulting object, since it's anonymous. You can try to compute,
for example, "sizeof char[SIZE_MAX][2]", but you could try that
even if calloc() didn't exist. One compiler I tried issued a
compile-time diagnostic:
error: size of array 'type name' is too large
Here I maintain that calloc is faulty. The standard specifies no
failure mechanism, simply a failure to supply the memory, signalled
by a NULL. If it occurs only on compilation, it might be
acceptable. But that can't handle calls with variable parameters.
calloc itself can.
You snipped the actual question, which was to cite a specific clause in
the standard that such an implementation would violate.
Once again, assume the following (I'll change the example a bit):
sizeof (short) == 2
The following:
short *ptr = calloc(SIZE_MAX, sizeof *ptr);
succeeds, causing ptr to point to the first element of an array
object whose size is SIZE_MAX*2 bytes. You can successfully read
and write all SIZE_MAX short objects in the allocated object, from
ptr[0] to ptr[SIZE_MAX-1].
sizeof (short[SIZE_MAX]) is rejected with a diagnostic at compile
time. (I would expect this to happen for any compiler where sizeof
(short) > 1.)
You claim that this hypothetical implementation is non-conforming. What
specific clause of the standard does it violate?
Harald van Dijk said:You snipped the actual question, which was to cite a specific clause in
the standard that such an implementation would violate.
Once again, assume the following (I'll change the example a bit):
sizeof (short) == 2
The following:
short *ptr = calloc(SIZE_MAX, sizeof *ptr);
succeeds, causing ptr to point to the first element of an array
object whose size is SIZE_MAX*2 bytes. You can successfully read
and write all SIZE_MAX short objects in the allocated object, from
ptr[0] to ptr[SIZE_MAX-1].
sizeof (short[SIZE_MAX]) is rejected with a diagnostic at compile
time. (I would expect this to happen for any compiler where sizeof
(short) > 1.)
You claim that this hypothetical implementation is non-conforming. What
specific clause of the standard does it violate?
I don't know who posted this first, but fill the memory, call strlen, and
any result it can give renders the implementation nonconforming as
strlen's description has no exception for strings longer than SIZE_MAX
characters.
Keith said:CBFalconer said:Keith said:... snip ...
If calloc accepts calls for items with a net size greater than
SIZE_MAX, the code is in error. calloc should simply return NULL
for such a call.
An implementation can certainly avoid the whole issue by having
calloc() return NULL whenever the requested size exceeds SIZE_MAX,
and I suspect most implementations do that.
But suppose an implementation returns a non-null result for
calloc(SIZE_MAX, 2). You can't directly apply sizeof to the
resulting object, since it's anonymous. You can try to compute,
for example, "sizeof char[SIZE_MAX][2]", but you could try that
even if calloc() didn't exist. One compiler I tried issued a
compile-time diagnostic:
error: size of array 'type name' is too large
Here I maintain that calloc is faulty. The standard specifies no
failure mechanism, simply a failure to supply the memory, signalled
by a NULL. If it occurs only on compilation, it might be
acceptable. But that can't handle calls with variable parameters.
calloc itself can.
You snipped the actual question, which was to cite a specific clause
in the standard that such an implementation would violate.
Once again, assume the following (I'll change the example a bit):
sizeof (short) == 2
The following:
short *ptr = calloc(SIZE_MAX, sizeof *ptr);
succeeds, causing ptr to point to the first element of an array
object whose size is SIZE_MAX*2 bytes. You can successfully read
and write all SIZE_MAX short objects in the allocated object, from
ptr[0] to ptr[SIZE_MAX-1].
sizeof (short[SIZE_MAX]) is rejected with a diagnostic at compile
time. (I would expect this to happen for any compiler where
sizeof (short) > 1.)
You claim that this hypothetical implementation is non-conforming.
What specific clause of the standard does it violate?
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.