[SystemSafety] A small taste of what we're up against

Tue Oct 30 19:09:31 CET 2018

I know I said I wouldn't, but this one I can't resist. Below are a C 
program and an account of the diagnostics produced for it by gcc, clang, 
tcc and cppcheck:

/* test-cppcheck-7.c : tests order of evaluation of function designator 
and argument list in a function call*/

#include <stdio.h>

static void f0(int n) { printf("\ncall was f0(%i) - func. designator 
evaluated first\n", n); return; }
static void f1(int n) { printf("\ncall was f1(%i) - argument list is 
evaluated first\n", n); return; }

int main(void)
{
     int i = 1;

     /* declare and initialise an array of pointers pointing to f0 and 
f1 respectively */

     void (*fpa[2])(int n) = { f0, f1 };

     /* now make a function call to check the order of evaluation of the 
func. designator and the arg. list    */
     /* f0(1) occurs if func. designator is evaluated first, f1(0) 
occurs if argument list is evaluated first  */

     (*fpa[i=(1-i)])(i=(1-i));    /* note the symmetric multiple side 
effect here */

     return 0;
}

Both gcc and clang warn of the multiple side effect at the function call 
just before the return statement. Tcc gives no warning. In this case 
cppcheck gives the diagnostic:

"test-ccpcheck-7.c:20: error: Uninitialized variable: fpa" when, in 
fact, the array of function pointers *is* initialised and by an explicit 
C initialiser!

If you move the declaration of the function array to outside and just 
before the main function, cppcheck gives no diagnostic.

When the code is run, the output for each of those three compilers is: 
"call was f0(1) - func. designator evaluated first". You can check that 
it is in fact possible for f1 to be called simply by changing the 
initialiser for i to 0;

Whereas I previously said that cppcheck stood for "Can't Perform Proper 
CHECKing", I now submit that it stands for "Crude P!ss-Poor CHECKer. :-0

The world is full of deadhicks and alehorses and some of them write code 
checkers.

Olwen