size_t problems

[Malcolm McLean]

Malcolm:



Sorry I haven't a clue what you're talking about. Could you please
explain more clearly?

Yes.
It the standards problem. As long as every nut will fit every bolt,
everything is simple. Engineer one says "give me a nut", engineer two
supplies it.

Once you allow for more than one standard, there is always trouble.
Engineer one says "give me a quarter inch nut". Engineer two "I can't, I've
only got a nut-making machine that does centimetres". Engineer one, "oh
never mind, I just need to fiddle with this design to make the holes
centimetres rather than quarter inch. Hardly matters. Back to you tomorrow".

sizes and counts are extremely common. Integers that don't ultimately end up
being used in index calculations are maybe a bit rarer, but not so uncommon
either. The function, as supplied, is positively inviting someone to use an
int for an index or size value, if for some reason he needs to add five to
every one of an array of indexes or sizes. We can fix that, by providing a
version that takes size_ts. But now we've just doubled the amount of code in
our system. If it turns out there is some error in the logic, can we
guarantee that both functions will be kept in synch? Maybe in some super, on
the ball, formal methods for eveything shop, but not in any place I've ever
worked.

 

[santosh]

What you not uncommonly find is that the actual processing that the app
performs is trivial - maybe it adds a few columns of numbers together and
produces a report. However the GUI to allow the user to enter these
numbers, check them, specify which columns to add up, and format the
report might be very non-trivial. So in fact the portable bit of the code
is a sum() function and maybe a few histogram or pie chart generators,
without the graphical part.

You can always write your own wrappers for platform specific GUI
functionality. Things like Java's Swing and wxWidgets prove that it can be
done. Of course it still won't be as portable as C code using only Standard
facilities, *and* it's likely to be a lot of work, but it's possible.

 

[Ian Collins]

#include <stddef.h>

extern size_t read( void*, size_t );

int main(void) {
char buf[10];
size_t n = read( buf, 10 );
return 0;
}

Standard C or not standard C?
Undefined - for all we know, read could do the following

So to be "standard C", every function has to be in the same file?

Not at all. But the source has to be available, and in std. C.

Isn't that where this whole silly debate falls down? If I were to write
a 100K line application in "standard C" and then add a 20 line file in a
library to give me access a serial port, you are saying the program
isn't standard C. While at the same time, people advocate putting
system dependent code in a library, so the wheel goes round...

 

[Peter J. Holzer]

Mark McIntyre wrote:

#include <stddef.h>

extern size_t read( void*, size_t );

int main(void) {
char buf[10];
size_t n = read( buf, 10 );
return 0;
}

Standard C or not standard C?

The translation unit is standard C. The program as a whole may or may
not be standard C, depending on how read is defined.

Isn't that where this whole silly debate falls down? If I were to write
a 100K line application in "standard C" and then add a 20 line file in a
library to give me access a serial port, you are saying the program
isn't standard C.

He's right, but is that important? Since 20 lines of your program aren't
standard C, your program won't run on every C implementation. It
may still run on a wide variety of systems, and be portable with little
effort to others (after all, there are only 20 lines to change). There
may be platforms to which it cannot be ported (because they have no
serial port and just doesn't make sense to use some other communication
medium instead).

While at the same time, people advocate putting system dependent code
in a library, so the wheel goes round...

Isn't that the same argument? You put the system dependent code in a
library to get a clean distinction between "standard C code" and "system
dependent code". When porting to a different system, you only need to
port the library, and all programs using the library will work on the
new system.

hp

 

[Flash Gordon]

Malcolm McLean wrote, On 02/09/07 20:35:

Yes.
It the standards problem. As long as every nut will fit every bolt,
everything is simple. Engineer one says "give me a nut", engineer two
supplies it.

Once you allow for more than one standard, there is always trouble.
Engineer one says "give me a quarter inch nut". Engineer two "I can't,
I've only got a nut-making machine that does centimetres". Engineer one,
"oh never mind, I just need to fiddle with this design to make the holes
centimetres rather than quarter inch. Hardly matters. Back to you
tomorrow".

As discussed last time you used this analogy. Nuts come in multiple
sizes. So if anything it is an argument for having multiple types for
multiple purposes rather than a single type for all purposes. BTW, some
nuts are not hexagonal, for example wing nuts.

sizes and counts are extremely common.
Yes.

Integers that don't ultimately
end up being used in index calculations are maybe a bit rarer,

Or maybe more common. This has not been established.

but not
so uncommon either. The function, as supplied, is positively inviting
someone to use an int for an index or size value, if for some reason he
needs to add five to every one of an array of indexes or sizes.

A very contrived example. Most of my integer code has been doing things
you would not want to do to sizes or counts. Most of what I have wanted
to do to sizes and counts has been too simple and obvious to want to use
a function.

We can
fix that, by providing a version that takes size_ts. But now we've just
doubled the amount of code in our system. If it turns out there is some
error in the logic, can we guarantee that both functions will be kept in
synch? Maybe in some super, on the ball, formal methods for eveything
shop, but not in any place I've ever worked.

As pointed out, you have the same problem if you want to use the
function with double, float, short or char or any other type.

If you want a language that allows you to avoid it try C++ where you can
use templates.

 

[Martin Wells]

Malcolm:

Once you allow for more than one standard, there is always trouble.
Engineer one says "give me a quarter inch nut". Engineer two "I can't, I've
only got a nut-making machine that does centimetres". Engineer one, "oh
never mind, I just need to fiddle with this design to make the holes
centimetres rather than quarter inch. Hardly matters. Back to you tomorrow".

If I want to store a number, I use "unsigned". If the number can be
bigger than 65535, I use "long unsigned".

If the number can be negative, I use "int". If it can be outside the
bounds of -32767 to 32767, I use "long int".

That's pretty much it. No need to go delving through a Microsoft
manual, or a Linux manual, or an 8086 manual.

sizes and counts are extremely common. Integers that don't ultimately end up
being used in index calculations are maybe a bit rarer, but not so uncommon
either.

Unsigned integers are the default for me. I only use signed integers
when I want to be able to store negative numbers. "Int syndrome" is to
blame for the prevalence of signed integer types.

The function, as supplied, is positively inviting someone to use an
int for an index or size value, if for some reason he needs to add five to
every one of an array of indexes or sizes.

No, it's not. It's inviting the programmer to supply the function with
a positive number (even 0) indicating how many elements to modify. If
the type of the argument supplied is anything other than "size_t",
then a conversion takes place. If the programmer doesn't know how C
handles conversions, then they should either:

a) Consult a reference guide
or
b) Start drinking

Consistently, the people who are against size_t are putting across the
"incompetence" argument. Don't bitch at the author of the function
just because you missed the day in playschool where they talked about
unsigned integers.

We can fix that, by providing a
version that takes size_ts. But now we've just doubled the amount of code in
our system.

HAVEN'T GOT A CLUE WHAT YOU'RE TALKING ABOUT.

One function is all we need, whose parameter is a size_t. If you use
int instead, then you're a crap programmer, you're shit, you're
incompetant, and you don't know what you're doing.

If it turns out there is some error in the logic, can we
guarantee that both functions will be kept in synch? Maybe in some super, on
the ball, formal methods for eveything shop, but not in any place I've ever
worked.

No we can't guarantee they'll be in sync, especially since one of them
shouldn't even exist.

Martin

 

[Ed Jensen]

So what? Writing portable C code /is/ straightforward. If you can be
bothered.

I would like to start this response with an apology.

With the exception of Martin, and now Mark, everyone has been very
reasonable in admitting that writing 100% portable C code is
difficult. My apologies.

However I suspect you're being just as religious as those you're
attacking, and this isn't about being right, is it?

I would like to see C evolve to better meet the needs of the modern
developer. I think the first step in that process is to recognize
some of the weaknesses of C.

 

[CBFalconer]

Isn't that where this whole silly debate falls down? If I were
to write a 100K line application in "standard C" and then add a
20 line file in a library to give me access a serial port, you
are saying the program isn't standard C. While at the same time,
people advocate putting system dependent code in a library, so
the wheel goes round...

What do you want for nothing? The overall program is
non-standard. Porting elsewhere requires rewriting the portion in
the external file. The library doesn't affect the issue. Somehow,
in your example, I suspect that rewriting a defined 20 line file is
easier than rewriting a 100k application.

 

[ian-news]

Isn't that the same argument? You put the system dependent code in a
library to get a clean distinction between "standard C code" and "system
dependent code". When porting to a different system, you only need to
port the library, and all programs using the library will work on the
new system.

Yes, but they appear to be arguing that once you call your system
dependent library, your program is no longer standard C. Catch 22.

Ian.

 

[Joe Wright]

I would like to start this response with an apology.

With the exception of Martin, and now Mark, everyone has been very
reasonable in admitting that writing 100% portable C code is
difficult. My apologies.


I would like to see C evolve to better meet the needs of the modern
developer. I think the first step in that process is to recognize
some of the weaknesses of C.

You're in the wrong group. We don't want to make C better here. We want
to take the C we've got and help each other write better programs with it.

Changes to the language are better discussed in comp.std.c I think.

 

[jacob navia]

I would like to start this response with an apology.

With the exception of Martin, and now Mark, everyone has been very
reasonable in admitting that writing 100% portable C code is
difficult. My apologies.


I would like to see C evolve to better meet the needs of the modern
developer. I think the first step in that process is to recognize
some of the weaknesses of C.

This is a very good attitude.

> I would like to see C evolve to better meet the needs of the modern
> developer. I think the first step in that process is to recognize
> some of the weaknesses of C.

I can only second that.

 

[CBFalconer]

.... snip ...

What you not uncommonly find is that the actual processing that
the app performs is trivial - maybe it adds a few columns of
numbers together and produces a report. However the GUI to allow
the user to enter these numbers, check them, specify which columns
to add up, and format the report might be very non-trivial. So in
fact the portable bit of the code is a sum() function and maybe a
few histogram or pie chart generators, without the graphical part.

Apparently you never write anything computationally complex.

 

[Keith Thompson]

Yes, but they appear to be arguing that once you call your system
dependent library, your program is no longer standard C. Catch 22.

It's not *entirely* standard C if it uses non-standard features.

If the program were entirely standard C, then you could recompile the
source on any other conforming implementation and expect it to work.
Few large programs are like that.

But there's nothing wrong with that. Not all programs *have* to be
100% portable.

We just don't discuss the non-portable parts here, that's all.

 

[Kelsey Bjarnason]

[snips]

You really are quite a nasty person.

No, he's not.

Schildt, as just one example, wrote The Annotated ANSI C Standard, a book
ostensibly intended to make the ANSI standard clearer and more
approachable. It did so by presenting excerpts from the standard on one
page, then discussing each on the facing page.

Despite this - despite having the relevant portion of the standard staring
him straight in the face while writing the discussion of it - he produced
things which are in some cases simply oversights and the like, but in
other cases actually flat-out wrong, in no way derivable from what he's
supposedly annotating.

For example, in 5.1.2.2, he claims that you can define main as required
for your program, giving the example of void main(void), despite the
facing page - the standard - explicitly stating that no, sorry, this is
not valid.

The book is rampant with such flaws; it is a *bad* book, plain and simple.

Now take Malcolm's book. In terms of explaining algorithms, it might be
perfectly well and good. In terms of doing so _in C_, however, it falls
flat on its face, repeatedly.

He notes, in one place (see his page) "The prefix “str†is reserved by
ANSI". So he *knows* that he's not supposed to use this prefix. He then
proceeds, on the same page (on the web, at least) to define a function
strcount, in direct violation of the rule he, himself, has just explained.

On the same page, he writes " Firstly, the ANSI standard specifies that
strlen() must return a size_t, rather than an integer, to guard against
being passed a string longer than the range of an integer."

Er, no, actually, this does not guard against anything; rather, it simply
allows strlen to return a correct size for a string, if that size exceeds
that which can be stored in an int. However, that aside, he has explained
exactly why the str functions use size_t - because ints simply can't cut
it.

So what does he do? Right; his strcount function returns an int, which he
has already explicitly pointed out is the wrong type, and why.


Any technical book can contain errors. Any can contain mistakes. People
are human, we don't expect perfection from them. Authors, in particular,
walk a fine line between presenting things which are "correct" in the
nit-picking sense, and things which are actually comprehensible to mere
mortals, and they will, at times, likely find themselves sacrificing
absolute strict correctness for clarity and vice versa.

This book, however, presents - in two separate instances in a single
chapter - not simply giving up strict correctness, but going out of its
way to explain a requirement or restriction, then promptly ignoring it
entirely, as if such things simply did not matter when writing code.

The author is obviously well aware of the issues involved; he explicitly
points them out. "str" is reserved. int can't handle the maximum lengths
involved. He documents these... then ignores them.

This is a *bad* book, there are no two ways about it. The flaws in it are
not mere oversights or errors; the author himself admits the code (and
thus the book) is written with his own personal anti-size_t view in mind,
which wouldn't be so bad if he had actually contemplated the effects of
that choice, but it is readily apparent he didn't, nor did he, apparently,
make the risks involved in that decision explicit to the reader.

The result is code that is actively dangerous. Code which discards data,
code which fails in strange and unpredictable ways, code which simply
cannot be used as is, yet which is both sufficiently appealing to
appeal to a novice and sufficiently broken to screw up said novice's
application, without so much as a warning such as "This function can only
handle N bytes of data or corruption will occur" or "your data doesn't
actually matter, so using this function will simply discard it if it feels
like."

It is bad *by design*, because it is not merely a book on algorithms, but
a book on algorithms *and* the author's weird take on proper types,
violation of standard requirements and the like. The author simply
doesn't give a toss about such things and presents this lack of concern as
if it were acceptable practise for a professional - i.e. someone qualified
to write such a book.

It is, in exactly one sense, a good book; it is a good example of how
*not* to do such things. Unfortunately, it seems to lack the appropriate
cover sticker warning the reader of the dangers contained within.

 

[Ed Jensen]

You're in the wrong group. We don't want to make C better here. We want
to take the C we've got and help each other write better programs with it.

For some limited definition of "we", perhaps.

 

[Mark McIntyre]

So to be "standard C", every function has to be in the same file?

To be guaranteed standard, every function has to be either from the
Standard library, or visible to the programmer so they can verify it
is standard.

To quote someone you might know "or they practice good progamming(sic)
technique and isolate interface code into different (and replaceable)
libraries".

Nongermane.
--
Mark McIntyre

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it."
--Brian Kernighan

 

[Mark McIntyre]

Isn't that where this whole silly debate falls down?

Nope.

If I were to write
a 100K line application in "standard C" and then add a 20 line file in a
library to give me access a serial port, you are saying the program
isn't standard C.

Correct. The programme as a whole isn't standard C, since it relies on
features not standardised.

While at the same time, people advocate putting
system dependent code in a library, so the wheel goes round...

The two points are not contradictory, they're complementary.
I'm surprised you can't understand these simple concepts.
--
Mark McIntyre

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it."
--Brian Kernighan

 

[Mark McIntyre]

Harald van Dijk wrote:

Quite. The function read would be in a library.

Sorry but being contained in a library is *not* "defined in the
program".
--
Mark McIntyre

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it."
--Brian Kernighan

 

[Joe Wright]

For some limited definition of "we", perhaps.

Indeed. I didn't mean to exclude anyone or to include myself imperiously
into "we". I believe comp.lang.c is properly about how to use the C
language, not how to change it.

 

[Richard Heathfield]

Joe Wright said:

Indeed. I didn't mean to exclude anyone or to include myself
imperiously into "we". I believe comp.lang.c is properly about how to
use the C language, not how to change it.

You are by no means the only one. There is a separate newsgroup for
discussing proposed language changes - comp.std.c - and those who want
to make C better can discuss it in that group.

If I may restate your claim with very slightly different emphasis:

"You're in the wrong group. We don't want to make C better *here*. We
want to take the C we've got and help each other write better programs
with it."

That doesn't mean we don't want to make C better. It just means that we
don't want to make C better *here*. We are perfectly happy to make it
better over in comp.std.c.

And for the record, in this reply "we" means "at the very least, Joe
Wright and myself, and quite probably a fair few others as well".