safe to return a pointer to static storage?

In 'comp.lang.c', "Jim Showalter" <ji***********@hotmail.com> wrote:

I always thought that it is safe for a function to return a pointer to
static storage.
It is, but using a static can have strange side effects and is not
recommended as an all-purpose solution.

what are the strange side effects ?

[snip]

--
-ed- em**********@noos.fr [remove YOURBRA before answering me]
The C-language FAQ: http://www.eskimo.com/~scs/C-faq/top.html
<blank line>
FAQ de f.c.l.c : http://www.isty-info.uvsq.fr/~rumeau/fclc/

It is, but using a static can have strange side effects and is not
recommended as an all-purpose solution.

what are the strange side effects ?

I always thought that it is safe for a function to return a pointer to
static storage. And the following code does compile quietly with:

gcc -pedantic -Wall -o foo foo.c

#include <stdio.h>

static char *foo (int y)
{
static char s[10];
sprintf(s, "%d", y);
return s;
}

int main(void)
{
int y = 999;
printf("y = %s\n", foo(y));
return 0;
}

But 'splint' (the 'lint' program supplied with RedHat Linux)
gives the following complaints:

Splint 3.0.1.6 --- 27 May 2002

foo.c: (in function foo)
foo.c:7:12: Unqualified static storage s returned as implicitly only: s
Static storage is transferred in an inconsistent way. (Use -statictrans to
inhibit warning)
foo.c: (in function main)
foo.c:13:21: New fresh storage (type char *) passed as implicitly temp (not
released): foo(y)
Amemory leak has been detected. Storage allocated locally is not released
before the last reference to it is lost. (Use -mustfreefresh to inhibit
warning)

Finished checking --- 2 code warnings

Is this _really_ a memory leak? Or is splint overly paranoid?

droid

a static storage structure "tm".

I always thought that it is safe for a function to return a pointer to
static storage.
It is safe, but it can lead to program bugs, if you're not extremely
careful. Consider the following example:

printf("y = %s, z = %s\n", foo(y), foo(z));

The bug is far from obvious to the non-experienced C programmer.
And the following code does compile quietly with:

gcc -pedantic -Wall -o foo foo.c
As it should. You may also want to add -ansi and -O (-Wall is not
complete without -O), especially for code you intend to post to
this newsgroup :-)
#include <stdio.h>

static char *foo (int y)
{
static char s[10];
sprintf(s, "%d", y);
return s;
}

int main(void)
{
int y = 999;
printf("y = %s\n", foo(y));
return 0;
}

But 'splint' (the 'lint' program supplied with RedHat Linux)
gives the following complaints:

Splint 3.0.1.6 --- 27 May 2002

foo.c: (in function foo)
foo.c:7:12: Unqualified static storage s returned as implicitly only: s
Static storage is transferred in an inconsistent way. (Use -statictrans to
inhibit warning)
Nonsensical diagnostic.
foo.c: (in function main)
foo.c:13:21: New fresh storage (type char *) passed as implicitly temp (not
released): foo(y)
Idiotic diagnostic.
Amemory leak has been detected. Storage allocated locally is not released
before the last reference to it is lost. (Use -mustfreefresh to inhibit
warning)
Bullshit.
Finished checking --- 2 code warnings

Is this _really_ a memory leak?
Obviously NOT. Whoever implemented these checks should have his own head
checked.
Or is splint overly paranoid?

"Jim Showalter" <ji***********@hotmail.com> writes:

[snip]

Or is splint overly paranoid?

Brain dead.

If you want to keep using splint (or any other form of lint), you'll have
to learn how to disable all the checks that only produce garbage output.

In my opinion, a properly invoked gcc removes the need for lint checks.

make a good point. I think I'll just stick to using gcc (with the switches
you and others suggested) and save myself the agro. :)