471,086 Members | 1,215 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,086 software developers and data experts.

safe to return a pointer to static storage?

I always thought that it is safe for a function to return a pointer to
static storage. And the following code does compile quietly with:

gcc -pedantic -Wall -o foo foo.c

#include <stdio.h>

static char *foo (int y)
{
static char s[10];
sprintf(s, "%d", y);
return s;
}

int main(void)
{
int y = 999;
printf("y = %s\n", foo(y));
return 0;
}

But 'splint' (the 'lint' program supplied with RedHat Linux)
gives the following complaints:

Splint 3.0.1.6 --- 27 May 2002

foo.c: (in function foo)
foo.c:7:12: Unqualified static storage s returned as implicitly only: s
Static storage is transferred in an inconsistent way. (Use -statictrans to
inhibit warning)
foo.c: (in function main)
foo.c:13:21: New fresh storage (type char *) passed as implicitly temp (not
released): foo(y)
Amemory leak has been detected. Storage allocated locally is not released
before the last reference to it is lost. (Use -mustfreefresh to inhibit
warning)

Finished checking --- 2 code warnings

Is this _really_ a memory leak? Or is splint overly paranoid?

droid
Nov 13 '05 #1
7 5978

"Emmanuel Delahaye" <em**********@noos.fr> wrote in message
news:Xn***************************@130.133.1.4...
In 'comp.lang.c', "Jim Showalter" <ji***********@hotmail.com> wrote:
I always thought that it is safe for a function to return a pointer to
static storage.
It is, but using a static can have strange side effects and is not
recommended as an all-purpose solution.


what are the strange side effects ?

[snip]

--
-ed- em**********@noos.fr [remove YOURBRA before answering me]
The C-language FAQ: http://www.eskimo.com/~scs/C-faq/top.html
<blank line>
FAQ de f.c.l.c : http://www.isty-info.uvsq.fr/~rumeau/fclc/

--
Jeff
Nov 13 '05 #2
In 'comp.lang.c', "Jeff" <no****@notexist.com> wrote:
It is, but using a static can have strange side effects and is not
recommended as an all-purpose solution.


what are the strange side effects ?


int inc (void)
{
static S_i = 0;

S_i++;

return S_i;
}

include <stdio.h>

int main (void)
{
/* the output is unpredictable */
printf ("%d %d\n", inc(), inc());

return 0;
}

even worst with static strings. See strftime() for example.

Not to mention unwanted recursive calls or multithreading.

--
-ed- em**********@noos.fr [remove YOURBRA before answering me]
The C-language FAQ: http://www.eskimo.com/~scs/C-faq/top.html
<blank line>
FAQ de f.c.l.c : http://www.isty-info.uvsq.fr/~rumeau/fclc/
Nov 13 '05 #3

"Jim Showalter" <ji***********@hotmail.com> wrote in message
news:pa****************************@hotmail.com...
I always thought that it is safe for a function to return a pointer to
static storage. And the following code does compile quietly with:

gcc -pedantic -Wall -o foo foo.c

#include <stdio.h>

static char *foo (int y)
{
static char s[10];
sprintf(s, "%d", y);
return s;
}

int main(void)
{
int y = 999;
printf("y = %s\n", foo(y));
return 0;
}

But 'splint' (the 'lint' program supplied with RedHat Linux)
gives the following complaints:

Splint 3.0.1.6 --- 27 May 2002

foo.c: (in function foo)
foo.c:7:12: Unqualified static storage s returned as implicitly only: s
Static storage is transferred in an inconsistent way. (Use -statictrans to
inhibit warning)
foo.c: (in function main)
foo.c:13:21: New fresh storage (type char *) passed as implicitly temp (not
released): foo(y)
Amemory leak has been detected. Storage allocated locally is not released
before the last reference to it is lost. (Use -mustfreefresh to inhibit
warning)

Finished checking --- 2 code warnings

Is this _really_ a memory leak? Or is splint overly paranoid?

droid


I found that the ANSI time function localtime( ), gmtime( ) and mktime( ) also return a pointer to
a static storage structure "tm". I think you are right, it is safe to return a pointer to static
storage.

--
Jeff
Nov 13 '05 #4
> I found that the ANSI time function localtime( ), gmtime( ) and mktime( ) also return a pointer
to
a static storage structure "tm".


I have made a mistake, the function mktime( ) do not return structure tm, it returns time_t.

--
Jeff
Nov 13 '05 #5
In <pa****************************@hotmail.com> "Jim Showalter" <ji***********@hotmail.com> writes:
I always thought that it is safe for a function to return a pointer to
static storage.
It is safe, but it can lead to program bugs, if you're not extremely
careful. Consider the following example:

printf("y = %s, z = %s\n", foo(y), foo(z));

The bug is far from obvious to the non-experienced C programmer.
And the following code does compile quietly with:

gcc -pedantic -Wall -o foo foo.c
As it should. You may also want to add -ansi and -O (-Wall is not
complete without -O), especially for code you intend to post to
this newsgroup :-)
#include <stdio.h>

static char *foo (int y)
{
static char s[10];
sprintf(s, "%d", y);
return s;
}

int main(void)
{
int y = 999;
printf("y = %s\n", foo(y));
return 0;
}

But 'splint' (the 'lint' program supplied with RedHat Linux)
gives the following complaints:

Splint 3.0.1.6 --- 27 May 2002

foo.c: (in function foo)
foo.c:7:12: Unqualified static storage s returned as implicitly only: s
Static storage is transferred in an inconsistent way. (Use -statictrans to
inhibit warning)
Nonsensical diagnostic.
foo.c: (in function main)
foo.c:13:21: New fresh storage (type char *) passed as implicitly temp (not
released): foo(y)
Idiotic diagnostic.
Amemory leak has been detected. Storage allocated locally is not released
before the last reference to it is lost. (Use -mustfreefresh to inhibit
warning)
Bullshit.
Finished checking --- 2 code warnings

Is this _really_ a memory leak?
Obviously NOT. Whoever implemented these checks should have his own head
checked.
Or is splint overly paranoid?


Brain dead.

If you want to keep using splint (or any other form of lint), you'll have
to learn how to disable all the checks that only produce garbage output.

In my opinion, a properly invoked gcc removes the need for lint checks.

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de
Nov 13 '05 #6
On Mon, 04 Aug 2003 14:13:32 +0000, Dan Pop wrote:
"Jim Showalter" <ji***********@hotmail.com> writes:

[snip]
Or is splint overly paranoid?


Brain dead.

If you want to keep using splint (or any other form of lint), you'll have
to learn how to disable all the checks that only produce garbage output.

In my opinion, a properly invoked gcc removes the need for lint checks.


Well, as I said, I _just_ started using splint and I'm not impressed. You
make a good point. I think I'll just stick to using gcc (with the switches
you and others suggested) and save myself the agro. :)
Thanks again Dan!

Jim Showalter
Nov 13 '05 #7
>Well, as I said, I _just_ started using splint and I'm not impressed. You
make a good point. I think I'll just stick to using gcc (with the switches
you and others suggested) and save myself the agro. :)


Well, I just started playing with it myself. If you add the -weak switch, it
turns off some of its more pedantic stuff. (It appears that -weak enables the
stort of thing that can be checked for without you marking up your code, while
leaving it out makes Splint do all the checks that assume you've marked up your
code.)

E.g.,
splint -weak *.c

I also like the various bool switches: -booltype, -boolfalse and -booltrue,
that make it understand that my BOOL typedef type really means boolean.

Grant D. Watson
gr**********@yahoo.pleasedontspamme.com (Use this one!)
Nov 13 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by JoeC | last post: by
1 post views Thread by kiluyar | last post: by
3 posts views Thread by Chris Forone | last post: by
reply views Thread by Anthony Williams | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.