Thread: Splint

Originally Posted by bithub

I've never used splint before, but I can say you won't get far in C if you keep avoiding explicit type casts. In anything but the most basic of programs, type casts become absolutely necessary.

I'd say that over 90% of the time such explicit casts are either unnecessary or used incorrectly in C. That is what makes them dangerous. Where is it that you find such tremendous use of such conversions?

Originally Posted by bithub

Window procedure parameters.
Any Windows API function which uses a long to hold parameter values (there's a ton).
Getting DLL exported functions.
socket functions.
Any mathematical expression which requires a floating point value to be assigned to an integer.

M'kay. The most likely incorrect usages.

Originally Posted by Dave_Sinkula

I'd say that over 90% of the time such explicit casts are either unnecessary or used incorrectly in C. That is what makes them dangerous. Where is it that you find such tremendous use of such conversions?

In my current job, the C programming standard requires the use of casts when a type promotion/conversion is taking place, even if it's not an unsafe one. The standard was developed by ADA programmers. You'd be amazed at the number of casts that show up in the code... Casts between unsigned char and unsigned int, void * and anything, you name it. At one code review that I attended, I saw the following construct:

Code:

struct somestruct *blah = (struct somestruct *)NULL;

and everywhere in that code module that a comparison against NULL was done, a cast to the pointer type was made. This was lauded by the SQA auditor as being how it should be done all the time.

Originally Posted by filker0

This was lauded by the SQA auditor as being how it should be done all the time.

Yikes! Turn off error checking so everything's kosher!

Originally Posted by bithub

Wow, do I need to go down the list one by one, and show how each one of these requires a cast? Maybe then, you can show me how in each instance I am doing it incorrectly?

Sure.

ITHKT INTWODHTHAPCJONTDA

YU

B

*cough*If it takes a man two days to walk a fortnight, why does technology wait for no man?*cough*

^ KEY? ^? MAKE NO SENSE?

Boredom is a .........., don't you agree, gentle reader?

Originally Posted by bithub

- Window procedure parameters.
Window messages come in the form of (HWND,UINT,WPARAM,LPARAM).
Take the WM_CREATE message:
The LPARAM parameter points to a CREATESTRUCT structure. In order to access that structure, a cast is necessary.

Code:

CREATESTRUCT *cs = (LPCREATESTRUCT)lParam;

- Any Windows API function which uses a long to hold parameter values (there's a ton).

Code:

struct mystrdata *mydata = (struct mystrdata*)GetWindowLongPtr(hwnd, GWLP_USERDATA);

or

Code:

struct mystrdata* mydata = (struct mystrdata*)SendMessage(hwndList, LB_GETITEMDATA,index,0);

Ah, yes, Windows. Gotta give you that. Screwed up from the start by the masters, one is forced to write bad code.

Originally Posted by bithub

- Getting DLL exported functions.

Code:

typedef void (*somefn)(int);
somefn myfunction = (somefn)GetProcAddress(hMod,"somefn");

Function pointers do often break many guidelines, but Microsoft may assist in making it too easy.

Originally Posted by bithub

- socket functions.

Code:

struct sockaddr_in addr;
/* Fill addr with bind information */
bind(s,(struct sockaddr*)&addr,sizeof(addr));

Well, bind does have a prototype that I'll assume has a reason. It's a convenience here, not a necessity.

Originally Posted by bithub

Code:

struct binarystruct *data = malloc(sizeof(*data));
/* Fill data with useful information */
send(socket,(char*)data,sizeof(data),0);

And here it would depend on the quality of implementation.

Originally Posted by bithub

- Any mathematical expression which requires a floating point value to be assigned to an integer.

Code:

float numberOfHours = 2.5f;
int numberOfMinutes = numberOfHours * 60;

A necessity, no. Silencing a diagnostic might be the goal here, but the implicit conversion works just fine.

So that mostly leaves us the WinAPI.