Fixing C Strings

<p><pre><code> struct str { char *dat; sz len; }; </code></pre> It&#x27;s the same solution D uses, except that it&#x27;s a builtin type, and works for all arrays. I proposed this solution for C:<p><a href="https:&#x2F;&#x2F;www.digitalmars.com&#x2F;articles&#x2F;C-biggest-mistake.html" rel="nofollow">https:&#x2F;&#x2F;www.digitalmars.com&#x2F;articles&#x2F;C-biggest-mistake.html</a><p>It&#x27;s hard to overstate what a <i>huge</i> win this is. D has had 23 years of experience with it, and the virtual elimination of array overflow bugs is just win, win, win.<p>I will never understand why C keeps adding extensions consisting of marginal features, and ignores this foundational fix. I guess they still aren&#x27;t tired of buffer overflow bugs always being the #1 security vulnerability of shipped C code (and C++, too!).

&gt; Current compilers warn you if the format string doesn’t match its arguments. But this only works on functions that have the same signature as printf so it doesn’t work on my implementation.<p>GCC has the format attribute that lets you have printf type checking on your own variadic functions:<p><a href="https:&#x2F;&#x2F;gcc.gnu.org&#x2F;onlinedocs&#x2F;gcc-14.2.0&#x2F;gcc&#x2F;Common-Function-Attributes.html#index-Wformat-3" rel="nofollow">https:&#x2F;&#x2F;gcc.gnu.org&#x2F;onlinedocs&#x2F;gcc-14.2.0&#x2F;gcc&#x2F;Common-Functio...</a>

There are quite a few of these &quot;better C string&quot; idioms floating around.<p>Another one to consider is e.g. <a href="https:&#x2F;&#x2F;github.com&#x2F;antirez&#x2F;sds">https:&#x2F;&#x2F;github.com&#x2F;antirez&#x2F;sds</a> (used by Redis), which instead stores the string contents in-line with the metadata.

Two people have already mentioned things like storing the length inline or including a null-terminator to be backwards-compatible. What&#x27;s described there is basically the same as std::string_view or &amp;str, and to me one of the biggest reasons to use these structures is that your particular view of the string doesn&#x27;t interfere with someone else&#x27;s. You can slice your string in the middle and just look at it piecewise without bothering anyone else.<p>Choosing between these trade-offs just depends on what you&#x27;re doing. I&#x27;d definitely choose this pattern if I were to write a parser for instance.

I&#x27;ve done something similar, but unlike the author, I always reserved one extra byte and I always null terminated the string. This was so I could use existing string output functions.

Why not have the null terminator so you can pass to normal printf?<p>You could even do something crazy with packing a null byte with sz on 64-bit systems (since you will never have a string that long anyway...)

For all the complaints ,all you need to do is to include an another .h files from some string lib and that’s it.<p>But I would say for 95% percent using a fixed length char array with strncpy will work just fine.

The bstring library[0] has been around a _long_ time.<p>[0]: <a href="https:&#x2F;&#x2F;bstring.sourceforge.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;bstring.sourceforge.net&#x2F;</a>

I would consider putting the buffer last in the structure and making it flexible to allow skipping one allocation.

&gt; I liked this kind of pattern at the bottom of OpenAI&#x27;s site :)<p>Where on OpenAI&#x27;s site do I find a footer like that?

Sorry, but there is a significant misunderstanding: There is no such thing as a string in C. What you call a string is a pointer to char (typically &quot;int8&quot;) - nothing more nothing less. The \0 termination is just a convention&#x2F;convenience to avoid passing the bounds of the memory segment, resp. when to stop processing earlier.<p>Once you go down the route proposed by many of the comments here - why not enhance it to deal with UTF8... Or rather implement a proper &quot;array&quot; type? What about the lack of multidimensional arrays instead of the pointer to pointer to ... approach? Idiosyncracies such as &quot;int a[2][3];&quot; being of type &quot;int *&quot; and not &quot;int **&quot;?<p>C was never intended to shield you from mistakes, but rather replace a macro assembler. ANSI C addressed some of the issues in the original K&amp;R C, but that is about it.<p>If your use case would benefit from all of these protections, there are plenty of higher level language alternatives...

Good attempt at a topic that annoys many programmers.<p>I see a problem with the separation between str and str_buf, though: you create new strings with the latter, but most functions take the former as arguments. Do you convert them every time? Isn&#x27;t your code littered with str_from_buf()?<p>Put it in another way, it&#x27;s like the mess with const that you mention in your article. If str is the type you use for a const read-only string, and str_buf for a non-const mutable string, you would like to pass a non-const even to those functions that &quot;only&quot; require a const. (I say &quot;only&quot; because being const is a weaker requirement than being mutable; the fact that it&#x27;s more wordy is another thing that C&#x27;s syntax makes confusing, but this is an entirely different topic!)<p>It would be nice if the compiler could be instructed to automatically cast str_buf into str and not vice versa, just like it does for non-const to const.<p>The only way out I can think of, would be to get rid of the two types and only use the one with the cap field, with the convention that if cap is zero, then the string is read-only. The drawback is that certain mistakes are only detected at run-time and not enforced by the compiler. For example, a function than takes a string s and replaces every substring s1 with s2 could have the following prototype in the two-type system:<p><pre><code> replace(str_buf s, str s1, str s2); </code></pre> And it would be immediate to recognize that you cannot pass a read-only string as the first argument. With a one-type system you loose this ability.<p>Oh well, I guess if a perfect solution existed, it would have been adopted by the C committee, wouldn&#x27;t it? &#x2F;s

Never had a string related bug in any programming language in 4 years. I sincerely don&#x27;t know what people talk about when they claim strings are buggy? What kinda tasks do these happen in?

I have been using null terminated strings since the mid 1970s - before using C, and have never had any problems with them.I have never seen an explanation from someone that has that makes any sense.