...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <float.h>
#include <math.h>
#include <stdio.h>
void f(void) {
float f = 0.0f;
f = nextafterf(f, FLT_MAX);
printf("float is %f\n", f);
}
|
Noncompliant Code Example
This noncompliant code example attempts to read from a different union member than the one most recently written to, which is known as type-punning.
| Code Block | ||||
|---|---|---|---|---|
| ||||
union a_union {
int i;
double d;
};
int f(void) {
union a_union t;
int *ip;
t.d = 3.0;
ip = &t.i;
return *ip;
}
|
However, instead of taking the address of the most-recently written member of the union, the code takes the address of a member that has not been written to. The compiler may determine that ip refers to some value other than the value stored by t.i and return a value other than the expected value.
Noncompliant Code Example
In this noncompliant code example, access by taking the address, casting the resulting pointer, and dereferencing the result has undefined behavior even if the cast uses a union type:
| Code Block | ||||
|---|---|---|---|---|
| ||||
union a_union {
int i;
double d;
};
int f(void) {
double d = 3.0;
return ((union a_union *)&d)->i;
}
|
Because of optimization, the function f() may return something other than the expected value.
Compliant Solution
Type-punning is allowed provided the memory is accessed through the union type. This compliant solution returns the expected value:
...
| bgColor | #ccccff |
|---|---|
| lang | c |
...
Noncompliant Code Example
In this noncompliant code example, an array of two shorts is treated as an integer and assigned an integer value. The resulting value of the two shorts is undefined.
...
When GCC 3.4.6 compiles this code with optimization, the assignment through the aliased pointer is effectively eliminated.
Compliant Solution
This compliant solution uses a union type that includes a type compatible with the effective type of the object:
...
This code example now reliably outputs "2222 2222."
Noncompliant Code Example
In this example, a gadget object is allocated, then realloc() is called to create a widget object using the memory from the gadget object. Although reusing memory to change types is acceptable, accessing the memory copied from the original object is undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
struct gadget {
int i;
double d;
char *p;
};
struct widget {
char *q;
int j;
double e;
};
struct gadget *gp;
struct widget *wp;
gp = (struct gadget *)malloc(sizeof (struct gadget));
if (!gp) {
/* Handle error */
}
/* ... */
wp = (struct widget *)realloc(gp, sizeof(struct widget));
if (!wp) {
free(gp);
/* Handle error */
}
if (wp->j == 12) {
/* ... */
} |
Compliant Solution
This compliant solution reuses the memory from the gadget object but reinitializes the memory to a consistent state before reading from it:
...