I'd say best case it crashes and worst case is it just continues on its day. Imagine giving people millions of dollars because they forgot to fill out how much they were depositing and it passes an empty string. Since it is undefined behavior it might go into a segment of memory with data in it until it hits a zero.

@@actually_it_is_rocket_science you speak true !!! Best case if program stops with system knowledge of that, worst case your program is running with incorrect datas !! The second case is of course the worst, unreliable process... an unhandled exception is probably better. However, the real worst case is a handled exception leading to the program continuation with invalid but validated datas !!! Best for 1 function doesn't means best treatment ^^

Yess I got it!

I thought the order of evaluation (left to right or right to left) of operators with the same priority in C depended on the priority level. I think I've seen a table of priorities for C++ and some operations (e.g. + and -) were evaluated left to right. UPD: I've misread it.

"Late add" is wrong - first of all it's not statements - it's operators, and statements always evaluated left-to-right. Second, associativity of operators depends on operators - some of them left-to-right - multiplication and division for example.

Wouldn't return (end-str-1) return two more than needed because, as mentioned in another comment, operators of the same priority level are evaluated right to left in C so it returns (str-(end-1))? UPD: I've misread that comment; it says about statements. UPD2: According to a reply, the author of that comment was mistaken.

As a C programmer, I can say that this was the solution that I imagined. The other solution did not even occur to me.

Prefix increment has the same precedence as the dereferencing operator, so it's the associativity that matters. In this case it's right to left (in "reverse") so the precedence is correct and it's a defined behaviour

If you put ++*end it actually won't work. As you are dereferencing the pointer to a character then adding to that character. The solution would be to use the postfix operator so *(end++) where the pointer is incremented but returns the value pre increment. Then you dereference this. In this case for an empty string the null character will evaluate to false and the while will end while the length returned is 1.

Jup, what was just said by mathieu. Operator precedence is usually only defined as relevant with neighboring... "symbols", if it would instead be defined to allow what you suggest, that would not only break C but also all kinds of math. Solving it would make things much harder to parse. Atm to find out what happens you need to only remember 3 "symbols", with your suggestion, assuming you don't limit it in depth, that could be infinite symbols.

I don't think it makes sense to talk about precedence of unary operators that appear on the same side of expression. Expressions like "+-*x" should always be interpreted as "+(-(*x))", because there's no other way to put parentheses in a way that changes the order of operations. For that you need to change the expression itself. What precedence affect, are cases like "*x + 1", which can be interpreted as "(*x) + 1" or "*(x + 1)", depending on precedence of "*" and "+".

Ah yes, the president elected order of operations

@LastName Almaember For any software I am bound to write for myself, and we don't use C at my professional place,, frankly, I don't care, haha. But sure

Agreed. Currently pointers pretty much only use 48 bits on common platforms (x86_64). 64 bits of ram in one address space would be huge. The TLB is so large that's why x86 eschews even thinking about it.

Not checking for NULL isnt a bug. Strlen of the C lib doesn't do it as well, it's the caller responsability to check or not to check. If you can guarantee in your program its not NULL it would be an unnecessary check everytime, this way you have control (and responsability ;) )

@@tiagocerqueira9459 I see you only read the 1st word of my post and skipped the rest, if you had read the whole thing you would have realised your post is redundant.

Alternate solution: size_t stringlen(const char* str) { const char* end = str-1; while(*++end); return (size_t)(end-str); }

@@monochromeart7311 That's less noob friendly, frankly I would never use that kind of code since anyone looking at it has to think in order to understand it, the method I gave is understandable at a glance

@@zxuiji never was intended to be noob friendly, and a proper C developer would understand it. But in practice you'd use libc strlen anyways.

Strlen and a lot of C API's unfortunately assume that as well.

@Bio-Ethics Committee might be.

@Bio-Ethics Committee but what if somebody is "intermediate in trendy", and "basic in old school"?

while(*end) ++end;

Reading other people comments I came with 2 more bugs. Fivth: It works only with zero terminated strings. But I guess this is implicit and doesn't need to be mentioned in documentation. Sixth: It doesn't do what people expect with non ASCII encoded text. For example with Shift-JIS, Big5 or UTF-8. It reports number of bytes or number of code units which is not the same as number of code points nor characters nor grapheme clusters.

#include #include #include unsigned long stringlen(char *str) { char *end=str; while(*++end); return (end - str); //in that case difference will be greater than sizeof(unsigned long) } int main() { //allocate 33 bit size memory block - !!!(4 GB)!!! char *long_string = malloc(0x10000000f); //fill it with 'a' letter memset(long_string, 'a', 0x10000000e); //putt null terminator at the end long_string[0x10000000e] = 0; //test it //stringlen(long_string) should be 0x10000000e long printf("%llx", stringlen(long_string)); //dont forget to free the memory free(long_string); return 0; }

Depends on your environment. That applies to an 64-bit environment like Windows using the ILP32 data type model (int and long are 32 bits for compatibility, long long and pointers are 64 bits), but not most Unix-like systems with a LP64 model (long is 64 bit). In fact, size_t is a typedef for unsigned long there.

@@D0Samp so yeah, but i am still thinking that a bug, and in my opinion better to use size_t type instead of long (on Windows size_t is unsigned long long). Buuuuuuuttt.... string 4 GB length is kinda "брах"

And what a tease .... lemme run a countdown with that test function: testit ("Five!"); testit ("Four"); testit ("Three!"); testit ("Two!"); testit ("One!"); testit (""); // Rocket asplodes on launchpad

A correct "clever" construct could be: for (char *end = str; *end; ++end) {} return end - str; The readable, and by all means, my preferred code, would be: char *end = str; while (*end) ++end; return end - str; Keep Occam's razor in mind.

The reason is the size of char* or char maybe of different sizes in different systems. It is also mentioned in one of your previous video for #stdint_h

In C, strings are terminated by a zero byte. This is a convention that worked well in those days where ASCII was the all dominant character encoding scheme. The while loop is searching for that null byte and then the function returns the difference between the position of that byte and the position of the string's first byte. Not what you should do if handling Unicode but fine with ASCII. The only problem is the use of the pre-increment operator which will cause the end variable to point past the actual string end. The loop will then run until it finds a null byte whithout any warranty this will happen within the user's memory space. If it doesn't you'll get a memory fault and garbage in the other case.

@@PatrickIsbendjian oh yeah i didn’t think about the \0 (false) breaking the loop

It's pointer arithmetic. Subtracting two pointers will result in a number which can be interpreted as an array index.

@@SlideRSB Oh yeah. I see it now. That one was tricky.

It's not a buffer overflow, they cause the CPU to read from memory it shouldn't read from

This is especially dangerous if you have a fixed buffer length and you were copying data in. If you don't copy the null terminator in you get UB due to the fact that depending on what memory comes after your buffer you could overflow.

Beyond that it assumes that the length of the string is at least one non-null character.

Yeah. lldb has worked well for me. Some of the commands are even the same. Sadly, not all. So, there is a bit of a mental translation needed.

@@JacobSorber Alright that's what I was wondering.

I think both your points are incorrect. 1. As far as I can tell, the pre-increment is indeed the issue but it is essentially skipping the first character. So for an empty string you are not even guaranteed to get length 1 but (depending on a lot of factors) you are more likely to get a segmentation fault. 2. end-str subtracts two pointers (-> pointer arithmetic) which does not return a pointer but a number (not sure if it's int, long or something else).

@@JohnSmith-hf4kh if there isn't a null terminator it's undefined behavior since it'll just keep going in memory that it has access to until it finds a zero. Won't necessarily segfault depending on how memory is laid out especially in embedded systems.

"If the given string length exceeds 8 bytes (in a 64-bit system)." This is a non-issue. Any sort of array or buffer in C is guaranteed to have a size representable as an integer of type size_t, which on 64-bit systems will be 8 bytes. Because of this, "(end-str)" cannot meaningfully overflow.

​@@actually_it_is_rocket_science hmm, interesting. It is as you say. When I supplied ("") to the function, it gave 1 as output since there is '\0' at the end of it.

@@JohnSmith-hf4kh interesting to know that pointer arithmetic returns an integer type (different from the type of variables used). Is there any resource on this that I could refer to?

It won't. It will either give a garbage result or a segfault.

@@SlideRSB Correct. The code cannot handle the empty string. It will directly step to the right of the terminating NUL character.

you mean postincrement, preincrement is used in the example, or am I wrong?

theoretically it may segfault if the 'end' pointer escapes the program's memory and tries to dereference protected memory

What is there to refactor though? It's just 3 lines of code

Refactoring is not about lines of code. It is about structure, readability and understandability of the code. Sometimes proper refactoring actually adds lines.

@@JannePaalijarvi sure, but this code seems clear enough. The majority of people spotted the bug in a few seconds. Being able to understand what the code does constitutes to me readability and cleanliness. There are obviously many ways you could write the same functionality and every person has their own coding style, and this coding style seems understandable to me. What would you suggest to refactor, if I may ask?

@@stewartzayat7526 : I would start with something like this: 1. Declare function before the definition. 2. Modify code and function to use to get EXACTLY known variable lengths 3. Name all variables to have definitions affixed to them, for example uint16_t u16MaxSize, const char* csInputString 4. Modify function definition to return SUCCESS/FAIL via some semantic 5. Modify function definition to have parameter of maximum string length. You might use the same parameter to store the result length or create another parameter just for that. Maybe latter is cleaner. 6. const the parameter string variable if I did not make myself clear yet about that 7. For readability, separate distinctive areas with whitespace bordering: I) Local variables definition II) Loop III) Return statement decisions 8. Remove char *end. Most of the time it does not even mean end. It would be like sStringIterator, but it is actually not needed at all. 9. Use fail-safer for-loop in determining the length, check character at parameter string + loop-variable amount, start at 0, increment 1. Leave no theoretical place for looping forever. Character being 0 of course signifies that string has ended. 10. If u16MaxSize has been reached or - for some reason - exceeded, store 0 as string length via parameter pointer and return FAIL. If u16MaxSize has NOT been reached, store loop-variable as string length via parameter pointer and return SUCCESS. Caller is responsible for defining the maximum size.

It may return anything else, as well as segment fault, since you don't really know what is past the string

@@TopchetoEU yeah