Develop Reference

Confused on "pass by reference" in C and when to use an & or *

I'm not as knowledgeable in C as I thought I was, but can anyone explain to me what I'm doing wrong here ? I am writing a program for an embedded system using a Texas Instruments microcontroller using UARTS (an asynchronous receiver transmitter on the microcontroller). UART libraries are usually included when I'm building a project.
Anyway, here is my issue: I have 4 functions that just prints a string to the console and my code compiles, but it gives me warnings and not compilation errors.
void foward(unsigned char *command) {
UARTPutString(UART_BASE, &command);
}
void reverse(unsigned char *command) {
UARTPutString(UART_BASE, &command);
}
void left(unsigned char *command) {
UARTPutString(UART_BASE, &command);
}
void right(unsigned char *command) {
UARTPutString(UART_BASE, &command);
}
My issue mainly lines with when to use a pointer in the simplest sense. The reason why I used a pointer for char* command is because the imported library was written like that, but I have no idea why we have to use a char pointer. And what do you put as the second argument in:
UARTPutString(UART_BASE, &command);
When do I use &, or * ? I know pointers point to the memory address of something, but it's not clicking to me on when I need to use *, &, and so forth when using it as parameters for a function.
This warning is mentioned 21 times for some reason:
Description Resource Path Location Type
#169-D argument of type "unsigned char **" is incompatible with parameter of type "unsigned char *" uartconsole.c /Command_Line_Interface line 82 C/C++ Problem
Thank for the help !

The 2nd argument to UARTPutString() is supposed to be a string, which is a char * value -- a string is a pointer to a sequence of characters.
command is declared to be char *, so you should just pass that directly. Adding & creates a pointer to a pointer, which is char **, and incompatible with char *.
UARTPutString(UART_BASE, command);
You use & before a variable when you need to pass the variable by reference. This is usually done if the function needs to modify the variable's value. It may also be used for large structure variables, to avoid making a copy of the variable when passing it to the function.

You need to write:
UARTPutString(UART_BASE, command);
Your command is a pointer (i.e., a variable holding an address) to a character array.
When writing &command you take the address of command. The type of the &command expression is therefore the address of a pointer unsigned char **, which is what the compiler is complaining about.
So that warning is telling you the compiler is expecting just unsigned char * as the second argument of UARTPutString(), which is the type of command.
What is confusing about * in C is that its 'meaning' depends on the place where it's used. In a variable declaration it says that the variable is a pointer. While used in an expression, for example if you would write *command = 0;, it dereferences the pointer; the opposite of when * is used in a declaration.
There's a lot more to say about this and I suggest you read relevant sections of the C-FAQ.
Good luck. C is a very nice language and worth putting the effort in.

Why is the format in printf marked as restrict?

I just happened to look at the prototype of the printf (and other fprintf class of functions) -
int printf(const char * restrict format, ...);
The keyword restrict if I understand correctly disallows access to the same object through two pointers if one of them is marked restrict.
An example that cites the same from the C standard is here.
One benefit of marking the format as restrict I think is saving the function from the chance that the format string might get modified during the execution (say because of the %n format specifier).
But does this impose a bigger constraint? Does this make the following function call invalid?
char format[] = "%s";
printf(format, format);
Because there is clearly an aliasing here. Why was the restrict keyword added to the format argument of printf?

cppreference
During each execution of a block in which a restricted pointer P is declared (typically each execution of a function body in which P is a function parameter), if some object that is accessible through P (directly or indirectly) is modified, by any means, then all accesses to that object (both reads and writes) in that block must occur through P (directly or indirectly), otherwise the behavior is undefined.
(emphasis mine)
It means that:
char format[] = "%s";
printf(format, format);
Is well-defined because printf won't attempt to modify format.
The only thing that restrict makes undefined is 'writing to the format string using %…n while printf is running' (e.g. char f[] = "%hhn"; printf(f, (signed char *)f);).
Why was the restrict keyword added to the format argument of printf?
restrict is essentially a hint the compiler might use to optimize your code better.
Since restrict may or may not make code run faster, but it can never make it slower (assuming the compiler is sane), it should be used always, unless:
Using it would cause UB
It makes no significant performance improvement in this specific case

Why is the format in printf marked as restrict?
int printf(const char * restrict format, ...);
The restrict in some_type * restrict format is a "contract" between the calling code and the function printf(). It allows the printf() to assume the only possible changes to the data pointed to by format occur to what the function does directly and not a side effect of other pointers.
This allows printf() to consist of code that does not concern itself with a changing format string by such side effects.
Since format points to const data, printf() is not also allowed to change the data. Yet this is ancillary to the restrict feature.
Consider pathological code below. It violates the contract as printf() may certainly alter the state of *stdout, which in turn can alter .ubuf.
strcpy(stdout->ubuf, "%s");
printf(stdout->ubuf, "Hello World!\n");
#HolyBlackCat has a good "%n" example.
Key: restrict requires the calling code to not pass as format, any pointer to a string that may change due to printf() operation.

To const or not to const--What to declare when my code won't modify user code's string but third-party code I depend on forgot to declare const?

Think of the following code as a large project developed in an organization, where our_function() is developed in-house and we have all control over it. main() is written by our users who would link to our library and invoke our_function(). But third_party_function() was developed by another external company and we have no control over it; we can only use it as is.
#include <stdio.h>
void third_party_function(char *s)
{
// s[1] = 'E'; // We're sure that this function doesn't have code like this.
printf("third_party_function: s: %s\n", s);
}
void our_function(const char *s)
{
/* Do something with s but treat it as read-only. */
/* our_function depends on third_party_function. we know that
* third_party_function is never supposed to modify the string passed to it
* but the third party developer of third_party_function forgot to declare
* its argument as 'const char *', hence the type cast below. */
third_party_function((char *) s);
}
int main()
{
char *s = "hello, world";
/* Do something with s, but treat it as read-only. */
/* our_function is developed in-house; we are sure that our_function should
* never modify the string passed to it. */
our_function("hello, world");
/* Do something more with s. Here we just print it to make sure
* our_function() has not modified it. */
printf("main: s: %s\n", s);
return 0;
}
We are 100% sure that our_function() would never modify the string passed to it.
We are also 100% sure that third_party_function() would never modify the string passed to it.
But the third party developer forgot to qualify the argument of third_party_function() with const qualifier.
So now the dilemma I am facing is whether or not to qualify the argument of our_function() with const thereby telling our users that we will not modify your strings.
I have two opposing arguments:
Argument in favour of void our_function(const char *s): We want to tell our users that their strings are not going to be modified. So they are free to pass constant strings.
Argument against void our_function(const char *s): If a future ugprade of third party code causes third_party_function() to modify the string it gets (say they uncomment the s[1] = 'E' statement), the user would have no clue at compile-time that their code may crash with segmentation fault at run-time. Any useful diagnostics they could have got at compile time are suppressed with the forced (char *) type cast which was a direct result of declaring the argument as const char *.
Which one of these two arguments (yay! pun!) is the technically correct argument?
Note: To keep this question objective and prevent it from being opinion-based, I am looking for technical arguments (not opinion) that leads to the conclusion that one option is better than the other. If from a technical standpoint none of the options are good, then that is the correct answer. If there is a better alternative, please tell me that in your answer.

To be safe, copy the C-string you receive and use the copy to call the third party function and let your own function use the const qualifier (if it is its semantic).

const is not the only way of creating a contract. If the library function has a contract that it does not mutate data, then that's fine, pass it whatever you want, casting away const as appopriate.
Jean-Baptiste Yunes' answer is good, but it's not about passing to a method that "forgot" to declare const, it's just about passing to any untrusted dependency. If it did declare const, it is, of course, still allowed to internally ignore that and do whatever it wants. Should you protect your client data anyway? Arguably, yes.
One plausible situation: The method first lowercases the string it receives. Then it does non-mutating operations on it. So it certainly cannot declare const even though the contract often guarantees it is not const. If your method only accepts, const, lowercase strings, you should feel free to use the library method, casting away const.

Why do I get a warning about printf() with %s taking type void * as parameter?

I'm on programming project 4 from chapter 19 of C programming, A Modern Approach. My code works but I get this warning trying to pass a function returning a void * parameter to printf with conversion specifier %s.
format %s expects argument of type char *, but argument 2 has type void * [-Wformat=]
I can easily get rid of the warning by casting the return type of the function to char *, like
printf("%s\n", (char *) function(param));
but I just want to know why this necessary since type void * is casted to another pointer type automatically.

Compiler is very right to complain in this case.
As per your logic itself, the function returning void * could return a structure pointer casted to void *, but then, %s won't be able to print that, isn't it?
So, if you know what you're doing, you can cast the result, for this case.
Also, as others pointed out, maybe it's worthy to mention that, this warning has nothing to do with the standard specification, as in the standards, there is no restriction of the type of the arguments. (Borrowing Mr. #WhozCraig's words) This warning is basically due to an additional layer of type-checking entirely performed by compiler on it's own, enabled by -Wformat flag in gcc .

As far as the pure language is concerned (not the standard library and its expectations, the actual formal language) you can push anything you want on that argument list (including something utterly incoherent in relating to the requirements of a %s format specifier of some library routine). Of course, unless whatever you pushed ultimately is, in fact, the address of a nullchar terminated sequence of char, printf itself will trapes into undefined behavior at your behest.
The warning you're receiving is based on an additional layer of api-checking within the compiler, not some violation of the language itself. That api checking is matching format specs with types of presented arguments for frequently-used standard library apis such as printf, scanf, etc. Could the author of that warning-check been a little more forgiving and ignore void* arguments for specs expecting pointer-types? Certainly, but the point of the check-feature would dwindle pretty rapidly were that the case. Consider this:
int a = 0;
void *b = &a;
printf("%s\n", b);
If that api-check feature is going to be worth any salt at all it had better bark about that mismatched type, because as far as the language itself is concerned, there is nothing wrong with this code. And that has nothing to do with what evil I just requested it do. As far as the language is concerned, printf is simply this:
int printf(char *format ...);
And the call I setup certainly fulfills that (bad for me, and thankfully, the api-checks of my modern compiler will let me know soon enough there may be a problem).

A pointer is a variable which points to a single memory location.
The number of bytes pointed by the pointer depends on the type of the pointer. So if it is int* then it is interpreted as 4 bytes,if it is a char* it is interpreted as 1 byte.
A void* has no type. So the compiler cant dereference this pointer. So in order for the compiler to understand the memory to be dereferenced we need typecasting here.

The printf function is declared as something like this:
int printf(char *format ...);
Here ... denotes any additional arguments the caller supplied (that is, your string you wanted to print). When printf examines these additional parameters, it uses some low-level code, which has no type safety.
This code cannot determine that the parameter has type void*, and cast it to char* automatically. Instead, if the binary representation of void* and char* is the same, the parameter can be extracted from the ... part without regard to its actual type. If the representation is different, the low-level code will try to print an incorrect value (and probably crash).
Representation of void* and char* is the same for all platforms that I know of, so it's probably safe (if you trust me, that is - please don't!). However, if you compile with gcc -Wall, as some people recommend, all warnings are upgraded to errors, so you should do the casting, as the compiler indicates.

Why do I have to specify data type each time in C to printf() and scanf()?

As you can see from the code snippet below, I have declared one char variable and one int variable. When the code gets compiled, it must identify the data types of variables str and i.
Why do I need to tell again during scanning my variable that it's a string or integer variable by specifying %s or %d to scanf? Isn't the compiler mature enough to identify that when I declared my variables?
#include <stdio.h>
int main ()
{
char str [80];
int i;
printf ("Enter your family name: ");
scanf ("%s",str);
printf ("Enter your age: ");
scanf ("%d",&i);
return 0;
}

Because there's no portable way for a variable argument functions like scanf and printf to know the types of the variable arguments, not even how many arguments are passed.
See C FAQ: How can I discover how many arguments a function was actually called with?
This is the reason there must be at least one fixed argument to determine the number, and maybe the types, of the variable arguments. And this argument (the standard calls it parmN, see C11(ISO/IEC 9899:201x) §7.16 Variable arguments ) plays this special role, and will be passed to the macro va_start. In another word, you can't have a function with a prototype like this in standard C:
void foo(...);

The reason why the compiler can not provide the necessary information is simply, because the compiler is not involved here. The prototype of the functions doesn't specify the types, because these functions have variable types. So the actual data types are not determined at compile time, but at runtime.
The function then takes one argument from the stack, after the other. These values don't have any type information associated with it, so the only way, the function knows how to interpret the data is, by using the caller provided information, which is the format string.
The functions themselves don't know which data types are passed in, nor do they know the number of arguments passed, so there is no way that printf can decide this on it's own.
In C++ you can use operator overloading, but this is an entire different mechanism. Because here the compiler chooses the appropriate function based on the datatypes and available overloaded function.
To illustrate this, printf, when compiled looks like this:
push value1
...
push valueN
push format_string
call _printf
And the prototype of printf is this:
int printf ( const char * format, ... );
So there is no type information carried over, except what is provided in the format string.

printf is not an intrinsic function. It's not part of the C language per se. All the compiler does is generate code to call printf, passing whatever parameters. Now, because C does not provide reflection as a mechanism to figure out type information at run time, the programmer has to explicitly provide the needed info.

Compiler may be smart, but functions printf or scanf are stupid - they do not know what is the type of the parameter do you pass for every call. This is why you need to pass %s or %d every time.

The first parameter is a format string. If you're printing a decimal number, it may look like:
"%d" (decimal number)
"%5d" (decimal number padded to width 5 with spaces)
"%05d" (decimal number padded to width 5 with zeros)
"%+d" (decimal number, always with a sign)
"Value: %d\n" (some content before/after the number)
etc, see for example Format placeholders on Wikipedia to have an idea what format strings can contain.
Also there can be more than one parameter here:
"%s - %d" (a string, then some content, then a number)

Isn't the compiler matured enough to identify that when I declared my
variable?
No.
You're using a language specified decades ago. Don't expect modern design aesthetics from C, because it's not a modern language. Modern languages will tend to trade a small amount of efficiency in compilation, interpretation or execution for an improvement in usability or clarity. C hails from a time when computer processing time was expensive and in highly limited supply, and its design reflects this.
It's also why C and C++ remain the languages of choice when you really, really care about being fast, efficient or close to the metal.

scanf as prototype int scanf ( const char * format, ... ); says stores given data according to the parameter format into the locations pointed by the additional arguments.
It is not related with compiler, it is all about syntax defined for scanf.Parameter format is required to let scanf know about the size to reserve for data to be entered.

GCC (and possibly other C compilers) keep track of argument types, at least in some situations. But the language is not designed that way.
The printf function is an ordinary function which accepts variable arguments. Variable arguments require some kind of run-time-type identification scheme, but in the C language, values do not carry any run time type information. (Of course, C programmers can create run-time-typing schemes using structures or bit manipulation tricks, but these are not integrated into the language.)
When we develop a function like this:
void foo(int a, int b, ...);
we can pass "any" number of additional arguments after the second one, and it is up to us to determine how many there are and what are their types using some sort of protocol which is outside of the function passing mechanism.
For instance if we call this function like this:
foo(1, 2, 3.0);
foo(1, 2, "abc");
there is no way that the callee can distinguish the cases. There are just some bits in a parameter passing area, and we have no idea whether they represent a pointer to character data or a floating point number.
The possibilities for communicating this type of information are numerous. For example in POSIX, the exec family of functions use variable arguments which have all the same type, char *, and a null pointer is used to indicate the end of the list:
#include <stdarg.h>
void my_exec(char *progname, ...)
{
va_list variable_args;
va_start (variable_args, progname);
for (;;) {
char *arg = va_arg(variable_args, char *);
if (arg == 0)
break;
/* process arg */
}
va_end(variable_args);
/*...*/
}
If the caller forgets to pass a null pointer terminator, the behavior will be undefined because the function will keep invoking va_arg after it has consumed all of the arguments. Our my_exec function has to be called like this:
my_exec("foo", "bar", "xyzzy", (char *) 0);
The cast on the 0 is required because there is no context for it to be interpreted as a null pointer constant: the compiler has no idea that the intended type for that argument is a pointer type. Furthermore (void *) 0 isn't correct because it will simply be passed as the void * type and not char *, though the two are almost certainly compatible at the binary level so it will work in practice. A common mistake with that type of exec function is this:
my_exec("foo", "bar", "xyzzy", NULL);
where the compiler's NULL happens to be defined as 0 without any (void *) cast.
Another possible scheme is to require the caller to pass down a number which indicates how many arguments there are. Of course, that number could be incorrect.
In the case of printf, the format string describes the argument list. The function parses it and extracts the arguments accordingly.
As mentioned at the outset, some compilers, notably the GNU C Compiler, can parse format strings at compile time and perform static type checking against the number and types of arguments.
However, note that a format string can be other than a literal, and may be computed at run
time, which is impervious to such type checking schemes. Fictitious example:
char *fmt_string = message_lookup(current_language, message_code);
/* no type checking from gcc in this case: fmt_string could have
four conversion specifiers, or ones not matching the types of
arg1, arg2, arg3, without generating any diagnostic. */
snprintf(buffer, sizeof buffer, fmt_string, arg1, arg2, arg3);

It is because this is the only way to tell the functions (like printf scanf) that which type of value you are passing. for example-
int main()
{
int i=22;
printf("%c",i);
return 0;
}
this code will print character not integer 22. because you have told the printf function to treat the variable as char.

printf and scanf are I/O functions that are designed and defined in a way to receive a control string and a list of arguments.
The functions does not know the type of parameter passed to it , and Compiler also cant pass this information to it.

Because in the printf you're not specifying data type, you're specifying data format. This is an important distinction in any language, and it's doubly important in C.
When you scan in a string with with %s, you're not saying "parse a string input for my string variable." You can't say that in C because C doesn't have a string type. The closest thing C has to a string variable is a fixed-size character array that happens to contain a characters representing a string, with the end of string indicated by a null character. So what you're really saying is "here's an array to hold the string, I promise it's big enough for the string input I want you to parse."
Primitive? Of course. C was invented over 40 years ago, when a typical machine had at most 64K of RAM. In such an environment, conserving RAM had a higher priority than sophisticated string manipulation.
Still, the %s scanner persists in more advanced programming environments, where there are string data types. Because it's about scanning, not typing.