In this question, someone suggested in a comment that I should not cast the result of malloc. i.e., I should do this:
int *sieve = malloc(sizeof(*sieve) * length);
rather than:
int *sieve = (int *) malloc(sizeof(*sieve) * length);
Why would this be the case?
No; you shouldn’t cast the result, since:
void * is automatically and safely promoted to any other pointer type in this case.<stdlib.h>. This can cause crashes (or, worse, not cause a crash until way later in some totally different part of the code). Consider what happens if pointers and integers are differently sized; then you're hiding a warning by casting and might lose bits of your returned address. Note: as of C99 implicit functions are gone from C, and this point is no longer relevant since there's no automatic assumption that undeclared functions return int.As a clarification, note that I said “you shouldn’t cast”, not “you don't need to cast”. In my opinion, it's a blunder to include the cast, even if you got it right. There are simply no benefits to doing it, but a bunch of potential risks, and including the cast indicates that you don't know about the risks.
Also note, as commentators point out, that the above talks about straight C, not C++. I very firmly believe in C and C++ as separate languages.
To add further, your code needlessly repeats the type information (int) which can cause errors. It's better to de-reference the pointer being used to store the return value, to "lock" the two together:
int *sieve = malloc(length * sizeof *sieve);
Some may say: “Well, previously the type was repeated, and now the variable name is repeated; isn’t this just as repetitive as before? How is that any better?” The difference is that if you one day change the type of the variable and forget to change the type under the sizeof to match, you will silently get an allocation of the wrong size and no warning about it; but if you change the name of the variable, but forget to change the name under sizeof to match, it is more probable that the old name no longer resolves to anything, so your code will stop compiling, prompting you to fix the mistake.
This also moves the length to the front for increased visibility, and drops the redundant parentheses with sizeof; they are only needed when the argument is a type name. Many people seem to not know (or ignore) this, which makes their code more verbose. Remember: sizeof is not a function! :)
While moving length to the front may increase visibility in some rare cases, one should also pay attention that in the general case, it should be better to write the expression as:
int *sieve = malloc(sizeof *sieve * length);
Since keeping the sizeof first, in this case, ensures multiplication is done with at least size_t math.
Compare: malloc(sizeof *sieve * length * width) vs. malloc(length * width * sizeof *sieve) the second may overflow the length * width when width and length are smaller types than size_t.
int x = (int) 12; just to make things clear? –
Chaucerian sizeof (int)) just to reinforce that the argument to sizeof is (int), not int –
Admix (int)12 is not comparable. 12 is an int, the cast does simply nothing. The retval of malloc() is void *, not the pointer type casted to. (If it is not void *. So the analogy to (int)12 would be (void*)malloc(…) what nobody is discussing.) –
Jezabella #include <stdlib.h> isn't included.Out of the 4 bullets, the first 3 are subjective (there's sufficient proof that some tend to favor it in this page) and the 4th has been "fixed" in C language about 10 years before this answer. While I am not advocating in favor of the cast, it's really a case of making a mountain out of a mole here. –
Molly double d = (double)12; or unsigned int u = (unsigned int)12; might make more sense. –
Tanked double a = 1 / 2; is 0 since it's an integer division. –
Chaucerian #include <stdlib.h> for malloc()'s prototype, thus making the compiler assume it returns int, which you can't assign to a pointer without a cast. The cast is not enough, in that case. –
Chaucerian extern "C"... setup. When compiler compiles .c file, will it work if there is no casting of malloc, because we are in C++ project? –
Shama extern "C" is for the C++ compiler, it just tells it not to name-mangle when looking for the C function. The C function is built by a C compiler and is written in C. –
Chaucerian extern "C" approach in every my C library so then it is allowed to not cast malloc and will still compile. Case closed for me then. I'm not casting it anymore then if this is really hidden error if you cast result. In general to me, your 4th point why not cast has no sense, or at least I don't get it. If non NULL is returned, memory is allocated, you can cast it how you want. –
Shama int. But int is often smaller than void * (32 vs 64 bits), so doing foo *x = (foo *) malloc(sizeof *x); might have hidden a warning caused by making the (undeclared, assumed int) return value from malloc() be treated as a pointer, when it in fact is not large enough and thus won't work. –
Chaucerian --std=c11 (as many do), you'll get but a mere warning... In fact, even when specifying --std=c11 I get "warning: implicit declaration of function ‘malloc’", when I've not included the standard library header for it. This isn't an uncommon implementation, either; gcc version 5.4.0 20160609... –
Euglena length and width are ints, where int has fewer bits than size_t, then length*width might be bigger than the largest int. This is less likely to be an issue if you use size_t math, which you can do by putting the sizeof part first (since the compiler “reads” multiplications from left to right) –
Copaiba malloc function takes a size_t as input. If the whole multiplication exceeds that, then you just can't do the allocation you want. This is unlikely in a bug-free program, because on most 64-bit systems that would be asking for 18 exabytes of memory, more than I think has actually been manufactured ever. On the other hand, the maximum int on such systems is often 2^31-1, or just over two gigabytes; a lot of programs would want to allocate that much. –
Copaiba int chosen as the type for length and width? We should take care in choosing types for our variables, and unless it absolutely makes sense for a length and/or width to be negative, all signed options should be discarded from the choices. After all, you wouldn't want a two-dimensional array where each dimension can have negative indices, right? That's just begging for undefined behaviour. Wouldn't you rather suggest that length and width be refactored as size_t, to avoid further complications? –
Euglena signed types anyway, and more often length might be unsigned but smaller than size_t for some reason. I agree that, all else being equal, it's better if length is a size_t. I was also answering savram's question about how an overflow could happen with length * width * sizeof *sieve, as mentioned in the question; just saying to always make length and width be of type size_t would not be an answer. –
Copaiba sizeof(*x), as mentioned in the answer. –
Bowman void foo(int n, int arr[n]), I realized C++ doesn't allow that, which I think is really stupid (tell me otherwise), and then I decided to do separate headers for C (.h) and for C++ (.hpp) (both referring to C code), even if that means repeating most of the code in the headers. –
Loraineloralee size_t math"? Pretty sure the standard arithmetic conversions are order-independent. I'll switch to +1 if you remove that claim or clarify that you mean something more nuanced or convince me I'm mistaken. –
Cutting sizeof foo * bar * qux vs bar * qux * sizeof foo, because the standard arithmetic conversions are local to each operator's arguments instead of being done across the entire expression. That's actually a very good point to warn people about, but we should do it with wording that accurately explains that, whereas the current wording suggests that order matters even in just size foo * bar vs bar * sizeof foo. –
Cutting arr = (Array *)malloc(sizeof(Array)) to arr = malloc(sizeof arr) my program started crashing, and changing it back fixed the problem, so I've decided to stick with the unpopular casting approach. –
Sapper sizeof(Array) to sizeof arr. The latter is the size of a pointer, not the size of your structure, so of course your program started crashing. –
Lisa int* sieve rather than int *sieve. When writing the sizeof *sieve part, would it be the same if I wrote sizeof* sieve? Am I even using a healthy convention? –
Notable int* a, b very confusing, basically you're trying to shape the syntax into something it is not which I find confusing. Of course you could also have a convention never to declare more than variable per declaration (and have another war around that) but I find that wasteful. :) Sorry for not being definitive. –
Chaucerian int *sieve = malloc(length * sizeof *sieve); you are "needlessly" repeating the name of the object (sieve) and violating the DRY principle. So why is this better than repeating the int? –
Rhyner sizeof(*sieve) * length is more readable, and not only is sizeof *sieve * length just plain silly, it is purely a subjective call to make. Also, you have a Black & White fallacy in your implied argument. Would you write a = b * 2 + c if you want a to equal b * (2 + c)? Is b * a function? Of course not. We don't use parentheses only for functions, they have many other uses. –
Upholsterer malloc(sizeof(int[length])) –
Ong sizeof first, in this case, ensures multiplication is done with at least size_t math" is completely bogus. The order of the operands of a * operator does not affect the result of applying the usual arithmetic conversions to them, and that's ultimately what determines the data type for the operation and result. Personally, I find it easier to read the version with the sizeof second. –
Gilbertegilbertian void* value) and an allocation of an object (to get a pointer value to an allocated object) as different intentional uses (like this answer), which cause serious confusion in resource management. –
Hummel new-expressions like in C++. Despite to interoperation to C++ or function prototyping (and irrelevant to the version of C), this lack of the expressive forms is a real defect of C (at least as a statically typed language), and it is occasionally hidden by coercion to void*, which is an instance of (obvious wrong use of) ad-hoc polymorphism. The ignorance in this point is widespread among C users (like in @Chaucerian 's reply) and probably leads to bad resource management code in productions implemented in C. –
Hummel sizeof), it is both applicable in C and C++, hence inconsistent to the claim of "that the above talks about straight C, not C++" in the answer. –
Hummel std::launder and relocatable objects), but this is another story which is also not yet addressed in C. –
Hummel bool *state = malloc(sizeof(bool) * count); then I used this and the warning is gone bool *state = (bool*) malloc(sizeof(bool) * count);, what you think ? –
Cerulean malloc won't work the same in C++ as in C, is that right ? –
Cerulean void *, but in C++ that is not true. They are different languages, with different rules. –
Chaucerian In C, you don't need to cast the return value of malloc. The pointer to void returned by malloc is automagically converted to the correct type. However, if you want your code to compile with a C++ compiler, a cast is needed. A preferred alternative among the community is to use the following:
int *sieve = malloc(sizeof *sieve * length);
which additionally frees you from having to worry about changing the right-hand side of the expression if ever you change the type of sieve.
Casts are bad, as people have pointed out. Especially pointer casts.
malloc(length * sizeof *sieve) makes it look like sizeof is a variable - so I think malloc(length * sizeof(*sieve)) is more readable. –
Mcavoy malloc(length * (sizeof *sieve)) more readable still. IMHO. –
Norling () issue aside, note that your suggested style switched the order., Consider when element count is computed like length*width, keeping the sizeof first in this case insures multiplication is done with at least size_t math. Compare malloc(sizeof( *ptr) * length * width) vs. malloc(length * width * sizeof (*ptr)) - the 2nd may overflow the length*width when width,length are smaller types that size_t. –
Tabithatablature malloc(sizeof *sieve * length) –
Mcavoy static_cast>() (or reinterpret_cast<>() )is not compatible with any dialect of C. –
Mahatma calloc(length, sizeof(*sieve)) is more readable than any of the alternatives I've seen proposed on this question. –
Suspire calloc and sizeof() –
Buell int *sieve = reinterpret_cast<int*>(malloc(sizeof(*sieve) * length)) is the best quality code one can write, it was written by the gods of C++. –
Nonmaterial Object* -> void* is implicitly allowed because of subtyping). Abuse of polymorphism seems most smelly among these implicit or explicit conversions; and casts, when really needed, are not that bad. –
Hummel malloc is smelly, but the problem still exists by replacing malloc to ::operator new. It is not that bad in C++ because ::operator new is more verbose than a plain new expression, so it looks like deliberated. (Using new expressions in C++ should be still blamed because they should be replaced by creations of plain objects/smart pointers/opaque pointers... as possible.) –
Hummel calloc()! –
Orr You do cast, because:
type * versus type **.#include an appropriate header file misses the forest for the trees. It's the same as saying "don't worry about the fact you failed to ask the compiler to complain about not seeing prototypes -- that pesky stdlib.h is the REAL important thing to remember!"malloc() bugs are caught much faster when there's a cast. As with assertions, annotations that reveal intent decrease bugs. .c/.cpp file to compile as both is not useful very often, but one case is adding C++ throw support when compiled with C++ compiler (but return -1; when compiled with C compiler, or whatever). –
Laritalariviere malloc call: char **foo = malloc(3*sizeof(*foo)); if quite full-proof: 3 pointers to char pointers. then loop, and do foo[i] = calloc(101, sizeof(*(foo[i])));. Allocate array of 101 chars, neatly initialized to zeroes. No cast needed. change the declaration to unsigned char or any other type, for that matter, and you're still good –
Eskill p = malloc(sizeof(gadget)) has little sense, as more idiomatic form would be just p = malloc(sizeof *p). They didn't mention, that cast may be dangerous, producing nasty bugs, when <stdlib.h> header is not present (and C89 compilers are not obligated for any diagnostic in this case), as malloc is assumed to return an int. –
Cassaundracassava free() to void *? –
Inseparable Object? –
Bulla struct Zebra *p; ... p=malloc(sizeof struct Zebra);, the malloc can't avoid duplciating information about p's type, but neither the compiler nor local code inspection would detect any problem if one type changed but the other didn't. Change the code to p=(struct Zebra*)malloc(sizeof struct Zebra); and the compiler will squawk if the cast type doesn't match p, and local inspection will reveal... –
Finalize sizeof type. Someone examining the version of code with the typecast can know that (if the code compiles cleanly) p is either void* or struct Zebra* without having to look at the actual declaration of p. To my mind that's a win. –
Finalize T *p = malloc(N * sizeof(T)). But you shouldn't do it this way in the first place. The proper idiomatic type-agnostic way to allocate memory calls for T *p = malloc(N * sizeof *p), i.e. the type names are not mentioned in size expression at all. This version is completely free of any issues the above answer tries to "solve". In other words, explicit cast on the result of memory allocation function is a classc "solution looking for a problem". A problem you yourself created. Don't create the problem, and you won't need the solution. –
Electrophysiology void* to an arbitrary but needed T*? –
Loot #include <stdlib.h> and then not figure it out when malloc isn't being called? It's like warning newbies of the pitfalls of forgetting to define a main function. "Whatever shall we do?! We cannot recover and it could remain a hidden bug for years!" Where do programmers pick up these absurd memes? –
Upholsterer As others stated, it is not needed for C, but necessary for C++. If you think you are going to compile your C code with a C++ compiler, for whatever reasons, you can use a macro instead, like:
#ifdef __cplusplus
# define MALLOC(type) ((type *)malloc(sizeof(type)))
# define CALLOC(count, type) ((type *)calloc(count, sizeof(type)))
#else
# define MALLOC(type) (malloc(sizeof(type)))
# define CALLOC(count, type) (calloc(count, sizeof(type)))
#endif
# define FREE(pointer) free(pointer)
That way you can still write it in a very compact way:
int *sieve = MALLOC(int); // allocate single int => compare to stack int sieve = ???;
int *sieve_arr = CALLOC(4, int); // allocate 4 times size of int => compare to stack (int sieve_arr[4] = {0, 0, 0, 0};
// do something with the ptr or the value
FREE(sieve);
FREE(sieve_arr);
and it will compile for C and C++.
new in the definition of C++? –
Preshrunk free() to free memory allocated with new? –
Preshrunk new you must use delete and if you use malloc() you must you free(). Never mix them. –
Euell CNEW(t, n) –
Tabithatablature new is not a keyword in C and in a real C++ program I wouldn't use this macro at all, so no confusion. –
Companionship NEW is probably a bad idea since the resource is never returned using delete (or DELETE) so you're mixing your vocabulary. Instead, naming it MALLOC, or rather CALLOC in this case, would make more sense. –
Bogoch #define critically? The macro does not alter any variable, the variable is only used once, it's a simple expression and not a sequence of statements. Plus, it cannot be done with a inline function. So I wonder what makes you worry. –
Companionship long array = NEW_INT(int, n); –
Evelinaeveline #define a new NEW if there is an old new operator in C++ ??? malloc(3) and free(3) are severely discouraged use functions from C in C++ (they are supported only for the claim of portability of C into C++). C++ encourages the use of new and delete operators instead. –
Seligmann calloc() instead of malloc(), just because of the sake of symmetry between the two definitions. malloc() isn´t calloc(). calloc() may be slower when it initialises the zeros. On the other hand, it could be also more benefitial. But this is another question, see https://mcmap.net/q/16203/-difference-between-malloc-and-calloc/12139179. But since the question is asked for malloc() I would rather do it like that: #else #define NEW(type, count) (malloc(sizeof(type) * count)) –
Brubaker long *sieve; ... ; sieve = NEW(int, 1); –
Evelinaeveline From the Wikipedia:
Advantages to casting
Including the cast may allow a C program or function to compile as C++.
The cast allows for pre-1989 versions of malloc that originally returned a char *.
Casting can help the developer identify inconsistencies in type sizing should the destination pointer type change, particularly if the pointer is declared far from the malloc() call (although modern compilers and static analyzers can warn on such behaviour without requiring the cast).
Disadvantages to casting
Under the ANSI C standard, the cast is redundant.
Adding the cast may mask failure to include the header stdlib.h, in which the prototype for malloc is found. In the absence of a prototype for malloc, the standard requires that the C compiler assume malloc returns an int. If there is no cast, a warning is issued when this integer is assigned to the pointer; however, with the cast, this warning is not produced, hiding a bug. On certain architectures and data models (such as LP64 on 64-bit systems, where long and pointers are 64-bit and int is 32-bit), this error can actually result in undefined behaviour, as the implicitly declared malloc returns a 32-bit value whereas the actually defined function returns a 64-bit value. Depending on calling conventions and memory layout, this may result in stack smashing. This issue is less likely to go unnoticed in modern compilers, as they uniformly produce warnings that an undeclared function has been used, so a warning will still appear. For example, GCC's default behaviour is to show a warning that reads "incompatible implicit declaration of built-in function" regardless of whether the cast is present or not.
If the type of the pointer is changed at its declaration, one may also, need to change all lines where malloc is called and cast.
Although malloc without casting is preferred method and most experienced programmers choose it, you should use whichever you like having aware of the issues.
i.e: If you need to compile C program as C++ (Although it is a separate language) you must cast the result of use malloc.
malloc() call" mean? Could you give an example? –
Hurling p = malloc(sizeof(*p) * count) idiom picks up changes in the type automatically, so you don't have to get warnings and go change anything. So this isn't a real advantage vs. the best alternative for not-casting. –
Poodle In C you can implicitly convert a void pointer to any other kind of pointer, so a cast is not necessary. Using one may suggest to the casual observer that there is some reason why one is needed, which may be misleading.
You don't cast the result of malloc, because doing so adds pointless clutter to your code.
The most common reason why people cast the result of malloc is because they are unsure about how the C language works. That's a warning sign: if you don't know how a particular language mechanism works, then don't take a guess. Look it up or ask on Stack Overflow.
Some comments:
A void pointer can be converted to/from any other pointer type without an explicit cast (C11 6.3.2.3 and 6.5.16.1).
C++ will however not allow an implicit cast between void* and another pointer type. So in C++, the cast would have been correct. But if you program in C++, you should use new and not malloc(). And you should never compile C code using a C++ compiler.
If you need to support both C and C++ with the same source code, use compiler switches to mark the differences. Do not attempt to sate both language standards with the same code, because they are not compatible.
If a C compiler cannot find a function because you forgot to include the header, you will get a compiler/linker error about that. So if you forgot to include <stdlib.h> that's no biggie, you won't be able to build your program.
On ancient compilers that follow a version of the standard which is more than 25 years old, forgetting to include <stdlib.h> would result in dangerous behavior. Because in that ancient standard, functions without a visible prototype implicitly converted the return type to int. Casting the result from malloc explicitly would then hide away this bug.
But that is really a non-issue. You aren't using a 25 years old computer, so why would you use a 25 years old compiler?
template<T> operator T*() const {...} to replace void* here, but C++ still incurs no such confusion due to the stricter rules. The answer is also incomplete in this sense. –
Hummel void* is from C89.) –
Hummel In C you get an implicit conversion from void * to any other (data) pointer.
void * to any other (data) pointer.” So? Yes or no? Is that a good or a bad thing? What is the conclusion? The post doesn’t say, it’s not an answer. –
Nagpur Casting the value returned by malloc() is not necessary now, but I'd like to add one point that seems no one has pointed out:
In the ancient days, that is, before ANSI C provides the void * as the generic type of pointers, char * is the type for such usage. In that case, the cast can shut down the compiler warnings.
Reference: C FAQ
void *? –
Nagpur Just adding my experience, studying computer engineering I see that the two or three professors that I have seen writing in C always cast malloc, however the one I asked (with an immense CV and understanding of C) told me that it is absolutely unnecessary but only used to be absolutely specific, and to get the students into the mentality of being absolutely specific. Essentially casting will not change anything in how it works, it does exactly what it says, allocates memory, and casting does not effect it, you get the same memory, and even if you cast it to something else by mistake (and somehow evade compiler errors) C will access it the same way.
Edit: Casting has a certain point. When you use array notation, the code generated has to know how many memory places it has to advance to reach the beginning of the next element, this is achieved through casting. This way you know that for a double you go 8 bytes ahead while for an int you go 4, and so on. Thus it has no effect if you use pointer notation, in array notation it becomes necessary.
p = malloc(sizeof *p * n); is so simple and better. –
Tabithatablature It is not mandatory to cast the results of malloc, since it returns void* , and a void* can be pointed to any datatype.
void* can point to anything that enables this; it's the fact that a void* can be implicitly converted to any other pointer type. To clarify the distinction, in C++ a void* can still point to anything, but implicit conversion was removed, so one must cast. –
Histology This is what The GNU C Library Reference manual says:
You can store the result of
mallocinto any pointer variable without a cast, because ISO C automatically converts the typevoid *to another type of pointer when necessary. But the cast is necessary in contexts other than assignment operators or if you might want your code to run in traditional C.
And indeed the ISO C11 standard (p347) says so:
The pointer returned if the allocation succeeds is suitably aligned so that it may be assigned to a pointer to any type of object with a fundamental alignment requirement and then used to access such an object or an array of such objects in the space allocated (until the space is explicitly deallocated)
A void pointer is a generic object pointer and C supports implicit conversion from a void pointer type to other types, so there is no need of explicitly typecasting it.
However, if you want the same code work perfectly compatible on a C++ platform, which does not support implicit conversion, you need to do the typecasting, so it all depends on usability.
malloc and friends in C++ is a good warning sign that it deserves special attention (or re-writing in C). –
Norling It depends on the programming language and compiler. If you use malloc in C, there is no need to type cast it, as it will automatically type cast. However, if you are using C++, then you should type cast because malloc will return a void* type.
The returned type is void*, which can be cast to the desired type of data pointer in order to be dereferenceable.
void* can be cast to the desired type, but there is no need to do so as it will be automatically converted. So the cast is not necessary, and in fact undesirable for the reasons mentioned in the high-scoring answers. –
Norling In the C language, a void pointer can be assigned to any pointer, which is why you should not use a type cast. If you want "type safe" allocation, I can recommend the following macro functions, which I always use in my C projects:
#include <stdlib.h>
#define NEW_ARRAY(ptr, n) (ptr) = malloc((n) * sizeof *(ptr))
#define NEW(ptr) NEW_ARRAY((ptr), 1)
With these in place you can simply say
NEW_ARRAY(sieve, length);
For non-dynamic arrays, the third must-have function macro is
#define LEN(arr) (sizeof (arr) / sizeof (arr)[0])
which makes array loops safer and more convenient:
int i, a[100];
for (i = 0; i < LEN(a); i++) {
...
}
malloc() one. –
Tabithatablature void* to/from a function pointer may lose information so "a void pointer can be assigned to any pointer," is a problem in those cases. Assigning a void*, from malloc() to any object pointer is not an issue though. –
Tabithatablature Sometimes I notice comments like that:
or
on questions where OP uses casting. The comments itself contain a hyperlink to this question.
That is in any possible manner inappropriate and incorrect as well. There is no right and no wrong when it is truly a matter of one's own coding-style.
It's based upon two reasons:
This question is indeed opinion-based. Technically, the question should have been closed as opinion-based years ago. A "Do I" or "Don't I" or equivalent "Should I" or "Shouldn't I" question, you just can't answer focused without an attitude of one's own opinion. One of the reason to close a question is because it "might lead to opinion-based answers" as it is well shown here.
Many answers (including the most apparent and accepted answer of @unwind) are either completely or almost entirely opinion-based (f.e. a mysterious "clutter" that would be added to your code if you do casting or repeating yourself would be bad) and show a clear and focused tendency to omit the cast. They argue about the redundancy of the cast on one side but also and even worse argue to solve a bug caused by a bug/failure of programming itself - to not #include <stdlib.h> if one want to use malloc().
I want to bring a true view of some points discussed, with less of my personal opinion. A few points need to be noted especially:
Such a very susceptible question to fall into one's own opinion needs an answer with neutral pros and cons. Not only cons or pros.
A good overview of pros and cons is listed in this answer:
https://mcmap.net/q/21631/-should-i-cast-the-result-of-malloc-in-c
(I personally consider this because of that reason the best answer, so far.)
One reason which is encountered at most to reason the omission of the cast is that the cast might hide a bug.
If someone uses an implicit declared malloc() that returns int (implicit functions are gone from the standard since C99) and sizeof(int) != sizeof(int*), as shown in this question
Why does this code segfault on 64-bit architecture but work fine on 32-bit?
the cast would hide a bug.
While this is true, it only shows half of the story as the omission of the cast would only be a forward-bringing solution to an even bigger bug - not including stdlib.h when using malloc().
This will never be a serious issue, If you,
Use a compiler compliant to C99 or above (which is recommended and should be mandatory), and
Aren't so absent to forgot to include stdlib.h, when you want to use malloc() in your code, which is a huge bug itself.
Some people argue about C++ compliance of C code, as the cast is obliged in C++.
First of all to say in general: Compiling C code with a C++ compiler is not a good practice.
C and C++ are in fact two completely different languages with different semantics.
But If you really want/need to make C code compliant to C++ and vice versa use compiler switches instead of any cast.
Since the cast is with tendency declared as redundant or even harmful, I want to take a focus on these questions, which give good reasons why casting can be useful or even necessary:
Fact is, that the cast is redundant per the C standard (already since ANSI-C (C89/C90)) if the assigned pointer point to an object of fundamental alignment requirement (which includes the most of all objects).
You don't need to do the cast as the pointer is automatically aligned in this case:
"The order and contiguity of storage allocated by successive calls to the aligned_alloc, calloc, malloc, and realloc functions is unspecified. The pointer returned if the allocation succeeds is suitably aligned so that it may be assigned to a pointer to any type of object with a fundamental alignment requirement and then used to access such an object or an array of such objects in the space allocated (until the space is explicitly deallocated)."
Source: C18, §7.22.3/1
"A fundamental alignment is a valid alignment less than or equal to
_Alignof (max_align_t). Fundamental alignments shall be supported by the implementation for objects of all storage durations. The alignment requirements of the following types shall be fundamental alignments:— all atomic, qualified, or unqualified basic types;
— all atomic, qualified, or unqualified enumerated types;
— all atomic, qualified, or unqualified pointer types;
— all array types whose element type has a fundamental alignment requirement;57)
— all types specified in Clause 7 as complete object types;
— all structure or union types all of whose elements have types with fundamental alignment requirements and none of whose elements have an alignment specifier specifying an alignment that is not a fundamental alignment.
- As specified in 6.2.1, the later declaration might hide the prior declaration."
Source: C18, §6.2.8/2
However, if you allocate memory for an implementation-defined object of extended alignment requirement, the cast would be needed.
An extended alignment is represented by an alignment greater than
_Alignof (max_align_t). It is implementation-defined whether any extended alignments are supported and the storage durations for which they are supported. A type having an extended alignment requirement is an over-aligned type.58)Source. C18, §6.2.8/3
Everything else is a matter of the specific use case and one's own opinion.
Please be careful how you educate yourself.
I recommend you to read all of the answers made so far carefully first (as well as their comments which may point at a failure) and then build your own opinion if you or if you not cast the result of malloc() at a specific case.
Please note:
There is no right and wrong answer to that question. It is a matter of style and you yourself decide which way you choose (if you aren't forced to by education or job of course). Please be aware of that and don't let trick you.
Last note: I voted to lately close this question as opinion-based, which is indeed needed since years. If you got the close/reopen privilege I would like to invite you to do so, too.
int x, y; x = (int)y; then? A matter of subjective coding style? –
Seftton volatile). –
Peaslee People used to GCC and Clang are spoiled. It's not all that good out there.
I have been pretty horrified over the years by the staggeringly aged compilers I've been required to use. Often companies and managers adopt an ultra-conservative approach to changing compilers and will not even test if a new compiler ( with better standards compliance and code optimization ) will work in their system. The practical reality for working developers is that when you're coding you need to cover your bases and, unfortunately, casting mallocs is a good habit if you cannot control what compiler may be applied to your code.
I would also suggest that many organizations apply a coding standard of their own and that that should be the method people follow if it is defined. In the absence of explicit guidance I tend to go for most likely to compile everywhere, rather than slavish adherence to a standard.
The argument that it's not necessary under current standards is quite valid. But that argument omits the practicalities of the real world. We do not code in a world ruled exclusively by the standard of the day, but by the practicalities of what I like to call "local management's reality field". And that's bent and twisted more than space time ever was. :-)
YMMV.
I tend to think of casting malloc as a defensive operation. Not pretty, not perfect, but generally safe. ( Honestly, if you've not included stdlib.h then you've way more problems than casting malloc ! ).
malloc().In general, you don't cast to or from void *.
A typical reason given for not doing so is that failure to #include <stdlib.h> could go unnoticed. This isn't an issue anymore for a long time now as C99 made implicit function declarations illegal, so if your compiler conforms to at least C99, you will get a diagnostic message.
But there's a much stronger reason not to introduce unnecessary pointer casts:
In C, a pointer cast is almost always an error. This is because of the following rule (§6.5 p7 in N1570, the latest draft for C11):
An object shall have its stored value accessed only by an lvalue expression that has one of the following types:
— a type compatible with the effective type of the object,
— a qualified version of a type compatible with the effective type of the object,
— a type that is the signed or unsigned type corresponding to the effective type of the object,
— a type that is the signed or unsigned type corresponding to a qualified version of the effective type of the object,
— an aggregate or union type that includes one of the aforementioned types among its members (including, recursively, a member of a subaggregate or contained union), or
— a character type.
This is also known as the strict aliasing rule. So the following code is undefined behavior:
long x = 5;
double *p = (double *)&x;
double y = *p;
And, sometimes surprisingly, the following is as well:
struct foo { int x; };
struct bar { int x; int y; };
struct bar b = { 1, 2};
struct foo *p = (struct foo *)&b;
int z = p->x;
Sometimes, you do need to cast pointers, but given the strict aliasing rule, you have to be very careful with it. So, any occurrence of a pointer cast in your code is a place you have to double-check for its validity. Therefore, you never write an unnecessary pointer cast.
In a nutshell: Because in C, any occurrence of a pointer cast should raise a red flag for code requiring special attention, you should never write unnecessary pointer casts.
Side notes:
There are cases where you actually need a cast to void *, e.g. if you want to print a pointer:
int x = 5;
printf("%p\n", (void *)&x);
The cast is necessary here, because printf() is a variadic function, so implicit conversions don't work.
In C++, the situation is different. Casting pointer types is somewhat common (and correct) when dealing with objects of derived classes. Therefore, it makes sense that in C++, the conversion to and from void * is not implicit. C++ has a whole set of different flavors of casting.
I put in the cast simply to show disapproval of the ugly hole in the type system, which allows code such as the following snippet to compile without diagnostics, even though no casts are used to bring about the bad conversion:
double d;
void *p = &d;
int *q = p;
I wish that didn't exist (and it doesn't in C++) and so I cast. It represents my taste, and my programming politics. I'm not only casting a pointer, but effectively, casting a ballot, and casting out demons of stupidity. If I can't actually cast out stupidity, then at least let me express the wish to do so with a gesture of protest.
In fact, a good practice is to wrap malloc (and friends) with functions that return unsigned char *, and basically never to use void * in your code. If you need a generic pointer-to-any-object, use a char * or unsigned char *, and have casts in both directions. The one relaxation that can be indulged, perhaps, is using functions like memset and memcpy without casts.
On the topic of casting and C++ compatibility, if you write your code so that it compiles as both C and C++ (in which case you have to cast the return value of malloc when assigning it to something other than void *), you can do a very helpful thing for yourself: you can use macros for casting which translate to C++ style casts when compiling as C++, but reduce to a C cast when compiling as C:
/* In a header somewhere */
#ifdef __cplusplus
#define strip_qual(TYPE, EXPR) (const_cast<TYPE>(EXPR))
#define convert(TYPE, EXPR) (static_cast<TYPE>(EXPR))
#define coerce(TYPE, EXPR) (reinterpret_cast<TYPE>(EXPR))
#else
#define strip_qual(TYPE, EXPR) ((TYPE) (EXPR))
#define convert(TYPE, EXPR) ((TYPE) (EXPR))
#define coerce(TYPE, EXPR) ((TYPE) (EXPR))
#endif
If you adhere to these macros, then a simple grep search of your code base for these identifiers will show you where all your casts are, so you can review whether any of them are incorrect.
Then, going forward, if you regularly compile the code with C++, it will enforce the use of an appropriate cast. For instance, if you use strip_qual just to remove a const or volatile, but the program changes in such a way that a type conversion is now involved, you will get a diagnostic, and you will have to use a combination of casts to get the desired conversion.
To help you adhere to these macros, the the GNU C++ (not C!) compiler has a beautiful feature: an optional diagnostic which is produced for all occurrences of C style casts.
-Wold-style-cast (C++ and Objective-C++ only)
Warn if an old-style (C-style) cast to a non-void type is used
within a C++ program. The new-style casts (dynamic_cast,
static_cast, reinterpret_cast, and const_cast) are less vulnerable
to unintended effects and much easier to search for.
If your C code compiles as C++, you can use this -Wold-style-cast option to find out all occurrences of the (type) casting syntax that may creep into the code, and follow up on these diagnostics by replacing it with an appropriate choice from among the above macros (or a combination, if necessary).
This treatment of conversions is the single largest standalone technical justification for working in a "Clean C": the combined C and C++ dialect, which in turn technically justifies casting the return value of malloc.
I prefer to do the cast, but not manually. My favorite is using g_new and g_new0 macros from glib. If glib is not used, I would add similar macros. Those macros reduce code duplication without compromising type safety. If you get the type wrong, you would get an implicit cast between non-void pointers, which would cause a warning (error in C++). If you forget to include the header that defines g_new and g_new0, you would get an error. g_new and g_new0 both take the same arguments, unlike malloc that takes fewer arguments than calloc. Just add 0 to get zero-initialized memory. The code can be compiled with a C++ compiler without changes.
The best thing to do when programming in C whenever it is possible:
-Wall and fix all errors and warningsauto-Wall and -std=c++11. Fix all errors and warnings.This procedure lets you take advantage of C++ strict type checking, thus reducing the number of bugs. In particular, this procedure forces you to include stdlib.hor you will get
mallocwas not declared within this scope
and also forces you to cast the result of malloc or you will get
invalid conversion from
void*toT*
or what ever your target type is.
The only benefits from writing in C instead of C++ I can find are
Notice that the second cons should in the ideal case disappear when using the subset common to C together with the static polymorphic feature.
For those that finds C++ strict rules inconvenient, we can use the C++11 feature with inferred type
auto memblock=static_cast<T*>(malloc(n*sizeof(T))); //Mult may overflow...
gcc -c c_code.c), the C++ code as C++ (e.g. g++ -c cpp_code.cpp), and then link them together (e.g. gcc c_code.o cpp_code.o or vice-versa depending upon the project dependencies). Now there should be no reason to deprive yourself of any nice features of either language... –
Euglena static const __m128 ones = _mm_set1_ps(1.0f); at the global scope so multiple functions could share a constant, the fact that constructors aren't a thing in C stops you from generating worse code. (This is really finding a silver lining to a C limitation...)) –
Poodle p = malloc(sizeof(*p));, which doesn't need changing in the first place if p changes to a different type name. The proposed "advantage" of casting is that you get a compile error if p is the wrong type, but it's even better if it Just Works. –
Poodle Casting is only for C++ not C.In case you are using a C++ compiler you better change it to C compiler.
The casting of malloc is unnecessary in C but mandatory in C++.
Casting is unnecessary in C because of:
void * is automatically and safely promoted to any other pointer type in the case of C.<stdlib.h>. This can cause crashes.malloc is called and cast.On the other hand, casting may increase the portability of your program. i.e, it allows a C program or function to compile as C++.
A void pointer is a generic pointer and C supports implicit conversion from a void pointer type to other types, so there is no need of explicitly typecasting it.
However, if you want the same code work perfectly compatible on a C++ platform, which does not support implicit conversion, you need to do the typecasting, so it all depends on usability.
As other stated, it is not needed for C, but for C++.
Including the cast may allow a C program or function to compile as C++.
In C it is unnecessary, as void * is automatically and safely promoted to any other pointer type.
But if you cast then, it can hide an error if you forgot to include stdlib.h. This can cause crashes (or, worse, not cause a crash until way later in some totally different part of the code).
Because stdlib.h contains the prototype for malloc is found. In the absence of a prototype for malloc, the standard requires that the C compiler assumes malloc returns an int. If there is no cast, a warning is issued when this integer is assigned to the pointer; however, with the cast, this warning is not produced, hiding a bug.
The concept behind void pointer is that it can be casted to any data type that is why malloc returns void. Also you must be aware of automatic typecasting. So it is not mandatory to cast the pointer though you must do it. It helps in keeping the code clean and helps debugging
The main issue with malloc is to get the right size.
The memory returned form malloc() is untyped, and it will not magically gain an effective type due to a simple cast.
I guess that both approaches are fine and the choice should depend on programmer intention.
ptr = (T*)malloc(sizeof(T));
ptr = malloc(sizeof *ptr);
The first method assures the correct size by allocating memory for a given type, and then casting it to assure that it is assigned to the right pointer. If incorrect type of ptr is used then the compiler will issue a warning/error. If the type of ptr is changed, then the compiler will point the places where the code needs refactoring.
Moreover, the first method can be combined into a macro similar to new operator in C++.
#define NEW(T) ((T*)malloc(sizeof(T)))
...
ptr = NEW(T);
Moreover this method works if ptr is void*.
The second methods does not care about the types, it assures the correct size by taking it from the pointer's type. The main advantage of this method is the automatic adjustment of storage size whenever the type of ptr is changed.
It can save some time (or errors) when refactoring.
The disadvantage is that the method does not work if ptr is void* but it may be perceived as a good thing. And that it does not work with C++ so it should not be used in inlined functions in headers that are going to be used by C++ programs.
Personally, I prefer the second option.
For me, the take home and conclusion here is that casting malloc in C is totally NOT necessary but if you however cast, it wont affect malloc as malloc will still allocate to you your requested blessed memory space.
Another take home is the reason or one of the reasons people do casting and this is to enable them compile same program either in C or C++.
There may be other reasons but other reasons, almost certainly, would land you in serious trouble sooner or later.
© 2022 - 2024 — McMap. All rights reserved.