|
程序员犯错的机会很多,从简单的错误拼写变量名到对复杂算法的误解.编程语言自身的特点对这种情况有一定的责任. 首先语言本身的风格与表达方式能对程序员起到帮助的同时也会引起一些理解阻碍.其次语言本身会导致错误拼写更容易发生.最后编程语言本身并非能完全侦测到这种错误.
由于C语言的风格与表达方式较为自由, 程序员可以设计出结构清晰,表达生动的代码, 也可以写出晦涩难懂的代码. 如果将功能安全作为重要的设计目标,
后者显然是不能接受的风格.
C语言的语法使得程序员能够写出合乎规则但是完全与设计目标背道而驰的代码. 比如:
if(a==1)
...
if(a=1)
...
又比如:
if(bFlag)
doSomeThing();
if(bFlag);
doSomeThing();
即是语法灵活所导致的经常性的编程错误.
C语言的哲学在于:程序员都是聪明的,能够明白自己在做什么. 所以语言本身侦测错误的能力较弱. 比较突出的一点是C语言在类型检测上基本上不做任何努力. 比如将浮点数赋值给整型变量. 大多数此类错误会被语言使用强制转换的手段隐藏. 如果给C编译器一个方形的插件和一个圆形过孔, 它也不会抱怨,只会默默地使之彼此兼容!
程序员会对语言本身的一些特点发生误解, 而C语言本身的特点导致非常容易被误解. 被误解的高发区之一就是运算符的优先级. 规则上定义得无可挑剔, 但是又非常复杂. 因此程序员经常会以自己理解的方式来假定运算优先级.
比如:
#define TEST_MACRO(a,b) a * b
Result
= TEST_MACRO(3+2, 1);
如果语言的某特性并未完全定义,或者有歧义. 那么程序员与编译器理解的方式很可能无法达成一致.
此类情况有很多,而且编译器在此种情况下的表现也非常多样化. 有时同种编译器在处理同种情况, 仅仅因为上下文的变化,
而得出不同的结果. 此类特性包括但不限于以下所列举:
本来想把此类情况贴在这里, 但是列表太长, 影响阅读, 故此放在文末. 另外可以参考ISO C标准的原文.
编译器与其配套的连接器等等也是软件写就的工具, 也有着所有软件产品不可避免的缺陷可能. 具体表现上就是其有可能在解释程序员的代码时输出错误结果. 因为某些C语言的特性本身较为难以理解, 故此编译器的作者在实现编译器时也就难以保证不出错. 更有甚者,由于观点上不同, 一些编译器的作者故意选择与语言标准不同的做法.
代码写的没问题, 但是在运行时因为输入了非意料中的数据而导致出错.
此种情况下程序员应该考虑运行时错误检查. C语言本身提供的运行时检查功能非常有限, 这也主要是从性能角度考虑的.编译器本身一般不会为常见的运算异常提供异常处理: 除以0, 溢出, 指针地址范围有效性以及世人皆知的数组下标越界等等.
正因为以上所述的出错原因, 所以在使用C语言开发功能安全应用时, 必须采用严格/自动化的规则检测. 但是相比类似的语言来说,C语言在开发功能安全应用时依旧是较好的选择, 原因有:
1.
C语言经过多年的迭代, 已经趋于成熟,标准化高;
2.
性能上除了手工优化的汇编代码, C语言没有其他对手. 但是除了绝对的性能之外,汇编语言在其他方面都不如C语言, 已经不是开发功能安全应用的适用编程语言了. 如果一定要使用汇编语言, 必须施加比C语言更加严格的检查手段.
3.
C语言因为应用广泛,即使有着本身的各种缺陷, 但是这些缺陷已经逐渐被人们所熟知.市场上有很多软件工具产品可以提供尽可能的避免这些缺陷的手段.
附录:C语言标准中的移植性问题列表, 也就是容易引起误解与混淆的特性与规范.但是因为此列表较长,此处仅仅列出一部分, 完整部分请参阅C语言的ISO标准.
Annex J
(informative)
Portability issues
1 This annex collects some information
about portability that appears in this International
Standard.
J.1 Unspecified behavior
The following are unspecified:
—
The manner and timing of static initialization (5.1.2).
—
The termination status returned to the hosted environment if the return type of
main
is not compatible with int (5.1.2.2.3).
—
The values of objects that are neither lock-free atomic objects nor of type volatile
sig_atomic_t and the state of the floating-point
environment, when the
processing
of the abstract machine is interrupted by receipt of a signal (5.1.2.3).
—
The behavior of the display device if a printing character is written when the
active
position
is at the final position of a line (5.2.2).
—
The behavior of the display device if a backspace character is written when the
active
position
is at the initial position of a line (5.2.2).
—
The behavior of the display device if a horizontal tab character is written
when the
active
position is at or past the last defined horizontal tabulation position (5.2.2).
—
The behavior of the display device if a vertical tab character is written when
the active
position
is at or past the last defined vertical tabulation position (5.2.2).
—
How an extended source character that does not correspond to a universal
character
name
counts toward the significant initial characters in an external identifier
(5.2.4.1).
—
Many aspects of the representations of types (6.2.6).
—
The value of padding bytes when storing values in structures or unions
(6.2.6.1).
—
The values of bytes that correspond to union members other than the one last
stored
into
(6.2.6.1).
—
The representation used when storing a value in an object that has more than
one
object
representation for that value (6.2.6.1).
—
The values of any padding bits in integer representations (6.2.6.2).
—
Whether certain operators can generate negative zeros and whether a negative
zero
becomes
a normal zero when stored in an object (6.2.6.2) The following
are unspecified:
—
The manner and timing of static initialization (5.1.2).
—
The termination status returned to the hosted environment if the return type of
main
is not compatible with int (5.1.2.2.3).
—
The values of objects that are neither lock-free atomic objects nor of type volatile
sig_atomic_t and the state of the floating-point environment,
when the
processing
of the abstract machine is interrupted by receipt of a signal (5.1.2.3).
—
The behavior of the display device if a printing character is written when the
active
position
is at the final position of a line (5.2.2).
—
The behavior of the display device if a backspace character is written when the
active
position
is at the initial position of a line (5.2.2).
—
The behavior of the display device if a horizontal tab character is written
when the
active
position is at or past the last defined horizontal tabulation position (5.2.2).
—
The behavior of the display device if a vertical tab character is written when
the active
position
is at or past the last defined vertical tabulation position (5.2.2).
—
How an extended source character that does not correspond to a universal
character
name
counts toward the significant initial characters in an external identifier
(5.2.4.1).
—
Many aspects of the representations of types (6.2.6).
—
The value of padding bytes when storing values in structures or unions
(6.2.6.1).
—
The values of bytes that correspond to union members other than the one last
stored
into
(6.2.6.1).
—
The representation used when storing a value in an object that has more than
one
object
representation for that value (6.2.6.1).
—
The values of any padding bits in integer representations (6.2.6.2).
—
Whether certain operators can generate negative zeros and whether a negative
zero
becomes
a normal zero when stored in an object (6.2.6.2).
— Whether two string literals result in distinct arrays
(6.4.5).
—
The order in which subexpressions are evaluated and the order in which side
effects
take
place, except as specified for the function-call (), &&, ||, ? :, and comma
operators
(6.5).
—
The order in which the function designator, arguments, and subexpressions
within the
arguments
are evaluated in a function call (6.5.2.2).
—
The order of side effects among compound literal initialization list
expressions
(6.5.2.5).
—
The order in which the operands of an assignment operator are evaluated
(6.5.16).
—
The alignment of the addressable storage unit allocated to hold a bit-field
(6.7.2.1).
—
Whether a call to an inline function uses the inline definition or the external
definition
of
the function (6.7.4).
—
Whether or not a size expression is evaluated when it is part of the operand of
a
sizeof
operator and changing the value of the size expression would not affect
the
result
of the operator (6.7.6.2).
—
The order in which any side effects occur among the initialization list
expressions in
an
initializer (6.7.9).
—
The layout of storage for function parameters (6.9.1).
—
When a fully expanded macro replacement list contains a function-like macro
name
as
its last preprocessing token and the next preprocessing token from the source
file is
a
(, and the fully expanded replacement of that macro ends with
the name of the first
macro
and the next preprocessing token from the source file is again a (, whether
that
is
considered a nested replacement (6.10.3).
—
The order in which # and ## operations
are evaluated during macro substitution
(6.10.3.2,
6.10.3.3).
—
The state of the floating-point status flags when execution passes from a part
of the
program
translated with FENV_ACCESS ‘‘off’’ to a part translated with
FENV_ACCESS
‘‘on’’ (7.6.1).
—
The order in which feraiseexcept raises
floating-point exceptions, except as
stated
in F.8.6 (7.6.2.3).
—
Whether math_errhandling is a macro or an identifier with
external linkage
(7.12).
—
The results of the frexp functions
when the specified value is not a floating-point
number
(7.12.6.4).
— The numeric result of the ilogb functions
when the correct value is outside the
range
of the return type (7.12.6.5, F.10.3.5).
—
The result of rounding when the value is out of range (7.12.9.5, 7.12.9.7,
F.10.6.5).
—
The value stored by the remquo functions in
the object pointed to by quo when y is
zero
(7.12.10.3).
—
Whether a comparison macro argument that is represented in a format wider than
its
semantic
type is converted to the semantic type (7.12.14).
—
Whether setjmp is a macro or an identifier with
external linkage (7.13).
—
Whether va_copy and va_end are macros or
identifiers with external linkage
(7.16.1).
—
The hexadecimal digit before the decimal point when a non-normalized
floating-point
number
is printed with an a or A conversion
specifier (7.21.6.1, 7.29.2.1).
—
The value of the file position indicator after a successful call to the ungetc function
for
a text stream, or the ungetwc function for
any stream, until all pushed-back
characters
are read or discarded (7.21.7.10, 7.29.3.10).
—
The details of the value stored by the fgetpos function
(7.21.9.1).
—
The details of the value returned by the ftell function for
a text stream (7.21.9.4).
—
Whether the strtod, strtof, strtold, wcstod, wcstof, and wcstold
functions convert a minus-signed sequence to a negative number directly
or by
negating
the value resulting from converting the corresponding unsigned sequence
(7.22.1.3,
7.29.4.1.1).
— The order and contiguity of storage allocated by successive
calls to the calloc,
malloc, and realloc functions
(7.22.3).
—
The amount of storage allocated by a successful call to the calloc, malloc, or
realloc
function when 0 bytes was requested (7.22.3).
—
Whether a call to the atexit function that
does not happen before the exit
function is called will succeed (7.22.4.2).
—
Whether a call to the at_quick_exit function that
does not happen before the
quick_exit
function is called will succeed (7.22.4.3).
—
Which of two elements that compare as equal is matched by the bsearch function
(7.22.5.1).
—
The order of two elements that compare as equal in an array sorted by the qsort
function (7.22.5.2).
— The encoding of the calendar time returned by the time function
(7.27.2.4).
—
The characters stored by the strftime or wcsftime function if
any of the time
values
being converted is outside the normal range (7.27.3.5, 7.29.5.1).
—
Whether an encoding error occurs if a wchar_t value that
does not correspond to a
member
of the extended character set appears in the format string for a function in
7.29.2
or 7.29.5 and the specified semantics do not require that value to be processed
by
wcrtomb (7.29.1).
—
The conversion state after an encoding error occurs (7.29.6.3.2, 7.29.6.3.3,
7.29.6.4.1,
7.29.6.4.2,
—
The resulting value when the ‘‘invalid’’ floating-point exception is raised
during
IEC
60559 floating to integer conversion (F.4).
—
Whether conversion of non-integer IEC 60559 floating values to integer raises
the
‘‘inexact’’
floating-point exception (F.4).
—
Whether or when library functions in <math.h> raise the
‘‘inexact’’ floating-point
exception
in an IEC 60559 conformant implementation (F.10).
—
Whether or when library functions in <math.h> raise an
undeserved ‘‘underflow’’
floating-point
exception in an IEC 60559 conformant implementation (F.10).
—
The exponent value stored by frexp for a NaN or
infinity (F.10.3.4).
—
The numeric result returned by the lrint, llrint, lround, and llround
functions if the rounded value is outside the range of the return type
(F.10.6.5,
F.10.6.7).
— The sign of one part of the complex result of
several math functions for certain
special
cases in IEC 60559 compatible implementations (G.6.1.1, G.6.2.2, G.6.2.3,
G.6.2.4,
G.6.2.5, G.6.2.6, G.6.3.1, G.6.4.2).
J.2
Undefined behavior
1 The behavior is undefined in the following circumstances:
—
A ‘‘shall’’ or ‘‘shall not’’ requirement that appears outside of a constraint
is violated
(clause
4).
—
A nonempty source file does not end in a new-line character which is not
immediately
preceded
by a backslash character or ends in a partial preprocessing token or
comment
(5.1.1.2).
—
Token concatenation produces a character sequence matching the syntax of a
universal
character name (5.1.1.2).
—
A program in a hosted environment does not define a function named main using one
of
the specified forms (5.1.2.2.1).
— The execution of a program contains a data race (5.1.2.4).
—
A character not in the basic source character set is encountered in a source
file, except
in
an identifier, a character constant, a string literal, a header name, a
comment, or a
preprocessing
token that is never converted to a token (5.2.1).
—
An identifier, comment, string literal, character constant, or header name
contains an
invalid
multibyte character or does not begin and end in the initial shift state
(5.2.1.2).
—
The same identifier has both internal and external linkage in the same
translation unit
(6.2.2).
—
An object is referred to outside of its lifetime (6.2.4).
—
The value of a pointer to an object whose lifetime has ended is used (6.2.4).
—
The value of an object with automatic storage duration is used while it is
indeterminate
(6.2.4, 6.7.9, 6.8).
—
A trap representation is read by an lvalue expression that does not have
character type
(6.2.6.1).
—
A trap representation is produced by a side effect that modifies any part of
the object
using
an lvalue expression that does not have character type (6.2.6.1).
—
The operands to certain operators are such that they could produce a negative
zero
result,
but the implementation does not support negative zeros (6.2.6.2).
—
Two declarations of the same object or function specify types that are not
compatible
(6.2.7).
— A program requires the formation of a composite type from a
variable length array
type
whose size is specified by an expression that is not evaluated (6.2.7).
—
Conversion to or from an integer type produces a value outside the range that
can be
represented
(6.3.1.4).
—
Demotion of one real floating type to another produces a value outside the
range that
can
be represented (6.3.1.5).
—
An lvalue does not designate an object when evaluated (6.3.2.1).
—
A non-array lvalue with an incomplete type is used in a context that requires
the value
of
the designated object (6.3.2.1).
—
An lvalue designating an object of automatic storage duration that could have
been
declared
with the register storage class is used in a context
that requires the value
of
the designated object, but the object is uninitialized. (6.3.2.1).
—
An lvalue having array type is converted to a pointer to the initial element of
the
array,
and the array object has register storage class (6.3.2.1).
— An attempt is made to use the value of a void expression,
or an implicit or explicit
conversion
(except to void) is applied to a void expression
(6.3.2.2).
—
Conversion of a pointer to an integer type produces a value outside the range
that can
be
represented (6.3.2.3).
—
Conversion between two pointer types produces a result that is incorrectly
aligned
(6.3.2.3).
—
A pointer is used to call a function whose type is not compatible with the
referenced
type
(6.3.2.3).
—
An unmatched ' or " character is
encountered on a logical source line during
tokenization
(6.4).
—
A reserved keyword token is used in translation phase 7 or 8 for some purpose
other
than
as a keyword (6.4.1).
—
A universal character name in an identifier does not designate a character
whose
encoding
falls into one of the specified ranges (6.4.2.1).
—
The initial character of an identifier is a universal character name
designating a digit
(6.4.2.1).
—
Two identifiers differ only in nonsignificant characters (6.4.2.1).
—
The identifier _ _func_ _ is explicitly declared (6.4.2.2).
—
The program attempts to modify a string literal (6.4.5).
— The characters ', \, ", //, or /* occur in the
sequence between the < and >
delimiters, or the characters ', \, //, or /* occur in the
sequence between the "
delimiters, in a header name preprocessing token (6.4.7).
—
A side effect on a scalar object is unsequenced relative to either a different
side effect
on
the same scalar object or a value computation using the value of the same
scalar
object
(6.5).
—
An exceptional condition occurs during the evaluation of an expression (6.5).
—
An object has its stored value accessed other than by an lvalue of an allowable
type
(6.5).
—
For a call to a function without a function prototype in scope, the number of
arguments
does not equal the number of parameters (6.5.2.2).
—
For call to a function without a function prototype in scope where the function
is
defined
with a function prototype, either the prototype ends with an ellipsis or the
types
of the arguments after promotion are not compatible with the types of the
parameters
(6.5.2.2).
— For a call to a function without a function prototype in scope
where the function is not
defined
with a function prototype, the types of the arguments after promotion are not
compatible
with those of the parameters after promotion (with certain exceptions)
(6.5.2.2).
—
A function is defined with a type that is not compatible with the type (of the
expression)
pointed to by the expression that denotes the called function (6.5.2.2).
—
A member of an atomic structure or union is accessed (6.5.2.3).
—
The operand of the unary * operator has
an invalid value (6.5.3.2).
—
A pointer is converted to other than an integer or pointer type (6.5.4).
—
The value of the second operand of the / or % operator is
zero (6.5.5).
—
Addition or subtraction of a pointer into, or just beyond, an array object and
an
integer
type produces a result that does not point into, or just beyond, the same array
object
(6.5.6).
—
Addition or subtraction of a pointer into, or just beyond, an array object and
an
integer
type produces a result that points just beyond the array object and is used as
the
operand of a unary * operator that
is evaluated (6.5.6).
—
Pointers that do not point into, or just beyond, the same array object are
subtracted
(6.5.6).
—
An array subscript is out of range, even if an object is apparently accessible
with the
given
subscript (as in the lvalue expression a[1][7] given the
declaration int
a[4][5]) (6.5.6).
— The result of subtracting two pointers is not representable
in an object of type
ptrdiff_t
(6.5.6).
—
An expression is shifted by a negative number or by an amount greater than or
equal
to
the width of the promoted expression (6.5.7).
—
An expression having signed promoted type is left-shifted and either the value
of the
expression
is negative or the result of shifting would be not be representable in the
promoted
type (6.5.7).
—
Pointers that do not point to the same aggregate or union (nor just beyond the
same
array
object) are compared using relational operators (6.5.8).
—
An object is assigned to an inexactly overlapping object or to an exactly
overlapping
object
with incompatible type (6.5.16.1).
—
An expression that is required to be an integer constant expression does not
have an
integer
type; has operands that are not integer constants, enumeration constants,
character
constants, sizeof expressions whose results are integer
constants, _Alignof
expressions, or
immediately-cast floating constants; or contains casts
(outside operands to sizeof and _Alignof
operators) other than
conversions of
arithmetic types to integer
types (6.6).
— A constant expression in
an initializer is not, or does not evaluate to, one of the
following: an arithmetic
constant expression, a null pointer constant, an address
constant, or an address
constant for a complete object type plus or minus an integer
constant expression (6.6).
— An arithmetic constant
expression does not have arithmetic type; has operands that
are not integer constants,
floating constants, enumeration constants, character
constants, sizeof expressions whose results are integer constants, or _Alignof
expressions; or contains
casts (outside operands to sizeof or _Alignof operators)
other than conversions of
arithmetic types to arithmetic types (6.6).
— The value of an object is
accessed by an array-subscript [],
member-access . or ->,
address &, or indirection * operator
or a pointer cast in creating an address constant
(6.6).
— An identifier for an
object is declared with no linkage and the type of the object is
incomplete after its
declarator, or after its init-declarator if it has an initializer (6.7).
— A function is declared at
block scope with an explicit storage-class specifier other
than extern (6.7.1).
— A structure or union is
defined without any named members (including those
specified indirectly via
anonymous structures and unions) (6.7.2.1).
— An attempt is made to access, or generate a pointer to just
past, a flexible array
member
of a structure when the referenced object provides no elements for that array
(6.7.2.1).
—
When the complete type is needed, an incomplete structure or union type is not
completed
in the same scope by another declaration of the tag that defines the content
(6.7.2.3).
—
An attempt is made to modify an object defined with a const-qualified type
through
use
of an lvalue with non-const-qualified type (6.7.3).
—
An attempt is made to refer to an object defined with a volatile-qualified type
through
use
of an lvalue with non-volatile-qualified type (6.7.3).
—
The specification of a function type includes any type qualifiers (6.7.3).
—
Two qualified types that are required to be compatible do not have the
identically
qualified
version of a compatible type (6.7.3).
—
An object which has been modified is accessed through a restrict-qualified
pointer to
a
const-qualified type, or through a restrict-qualified pointer and another
pointer that
are not both based on the same object (6.7.3.1).
—
A restrict-qualified pointer is assigned a value based on another restricted
pointer
whose
associated block neither began execution before the block associated with this
pointer,
nor ended before the assignment (6.7.3.1).
—
A function with external linkage is declared with an inline function
specifier, but is
not
also defined in the same translation unit (6.7.4).
—
A function declared with a _Noreturn function
specifier returns to its caller (6.7.4).
—
The definition of an object has an alignment specifier and another declaration
of that
object
has a different alignment specifier (6.7.5).
—
Declarations of an object in different translation units have different
alignment
specifiers
(6.7.5).
—
Two pointer types that are required to be compatible are not identically
qualified, or
are
not pointers to compatible types (6.7.6.1).
—
The size expression in an array declaration is not a constant expression and
evaluates
at
program execution time to a nonpositive value (6.7.6.2).
—
In a context requiring two array types to be compatible, they do not have
compatible
element
types, or their size specifiers evaluate to unequal values (6.7.6.2).
—
A declaration of an array parameter includes the keyword static within the [ and
]
and the corresponding argument does not provide access to the first
element of an
array
with at least the specified number of elements (6.7.6.3).
— A storage-class specifier or type qualifier modifies the
keyword void as a function
parameter
type list (6.7.6.3).
—
In a context requiring two function types to be compatible, they do not have
compatible
return types, or their parameters disagree in use of the ellipsis terminator
or
the number and type of parameters (after default argument promotion, when there
is
no parameter type list or when one type is specified by a function definition
with an
identifier
list) (6.7.6.3).
—
The value of an unnamed member of a structure or union is used (6.7.9).
—
The initializer for a scalar is neither a single expression nor a single
expression
enclosed
in braces (6.7.9).
—
The initializer for a structure or union object that has automatic storage
duration is
neither
an initializer list nor a single expression that has compatible structure or
union
type
(6.7.9).
—
The initializer for an aggregate or union, other than an array initialized by a
string
literal,
is not a brace-enclosed list of initializers for its elements or members
(6.7.9).
— An identifier with external linkage is used, but in the
program there does not exist
exactly
one external definition for the identifier, or the identifier is not used and
there
exist
multiple external definitions for the identifier (6.9).
—
A function definition includes an identifier list, but the types of the
parameters are not
declared
in a following declaration list (6.9.1).
—
An adjusted parameter type in a function definition is not a complete object
type
(6.9.1).
—
A function that accepts a variable number of arguments is defined without a
parameter
type list that ends with the ellipsis notation (6.9.1).
—
The } that terminates a function is
reached, and the value of the function call is used
by
the caller (6.9.1).
—
An identifier for an object with internal linkage and an incomplete type is
declared
with
a tentative definition (6.9.2).
—
The token defined is generated during the expansion of
a #if or #elif
preprocessing directive, or the use of the defined unary
operator does not match
one
of the two specified forms prior to macro replacement (6.10.1).
—
The #include preprocessing directive that results
after expansion does not match
one
of the two header name forms (6.10.2).
—
The character sequence in an #include preprocessing
directive does not start with a
letter
(6.10.2).
—
There are sequences of preprocessing tokens within the list of macro arguments
that
would
otherwise act as preprocessing directives (6.10.3).
— The result of the preprocessing operator # is not a
valid character string literal
(6.10.3.2).
—
The result of the preprocessing operator ## is not a
valid preprocessing token
(6.10.3.3).
—
The #line preprocessing directive that results
after expansion does not match one of
the
two well-defined forms, or its digit sequence specifies zero or a number
greater
than
2147483647 (6.10.4).
—
A non-STDC #pragma preprocessing directive that is
documented as causing
translation
failure or some other form of undefined behavior is encountered (6.10.6).
—
A #pragma STDC preprocessing directive does not
match one of the well-defined
forms
(6.10.6).
—
The name of a predefined macro, or the identifier defined, is the
subject of a
#define
or #undef preprocessing directive (6.10.8).
— An attempt is made to copy an object to an overlapping
object by use of a library
function,
other than as explicitly allowed (e.g., memmove) (clause 7).
—
A file with the same name as one of the standard headers, not provided as part
of the
implementation,
is placed in any of the standard places that are searched for included
source
files (7.1.2).
—
A header is included within an external declaration or definition (7.1.2).
—
A function, object, type, or macro that is specified as being declared or
defined by
some
standard header is used before any header that declares or defines it is
included
(7.1.2).
—
A standard header is included while a macro is defined with the same name as a
keyword
(7.1.2).
—
The program attempts to declare a library function itself, rather than via a
standard
header,
but the declaration does not have external linkage (7.1.2).
—
The program declares or defines a reserved identifier, other than as allowed by
7.1.4
(7.1.3).
—
The program removes the definition of a macro whose name begins with an
underscore
and either an uppercase letter or another underscore (7.1.3).
—
An argument to a library function has an invalid value or a type not expected
by a
function
with variable number of arguments (7.1.4).
— The pointer passed to a library function array parameter
does not have a value such
that
all address computations and object accesses are valid (7.1.4).
—
The macro definition of assert is suppressed
in order to access an actual function
(7.2).
—
The argument to the assert macro does
not have a scalar type (7.2).
—
The CX_LIMITED_RANGE, FENV_ACCESS, or FP_CONTRACT pragma is
used in
any
context other than outside all external declarations or preceding all explicit
declarations
and statements inside a compound statement (7.3.4, 7.6.1, 7.12.2).
—
The value of an argument to a character handling function is neither equal to
the value
of
EOF nor representable as an unsigned char
(7.4).
—
A macro definition of errno is suppressed
in order to access an actual object, or the
program
defines an identifier with the name errno (7.5).
—
Part of the program tests floating-point status flags, sets floating-point
control modes,
or
runs under non-default mode settings, but was translated with the state for the
FENV_ACCESS
pragma ‘‘off’’ (7.6.1).
— The exception-mask argument for one of the functions that
provide access to the
floating-point
status flags has a nonzero value not obtained by bitwise OR of the
floating-point
exception macros (7.6.2).
—
The fesetexceptflag function is used to set
floating-point status flags that were
not
specified in the call to the fegetexceptflag function that
provided the value
of
the corresponding fexcept_t object (7.6.2.4).
—
The argument to fesetenv or feupdateenv is neither an
object set by a call to
fegetenv
or feholdexcept, nor is it an environment macro
(7.6.4.3, 7.6.4.4).
—
The value of the result of an integer arithmetic or conversion function cannot
be
represented
(7.8.2.1, 7.8.2.2, 7.8.2.3, 7.8.2.4, 7.22.6.1, 7.22.6.2, 7.22.1).
—
The program modifies the string pointed to by the value returned by the setlocale
function (7.11.1.1).
—
The program modifies the structure pointed to by the value returned by the
localeconv
function (7.11.2.1).
—
A macro definition of math_errhandling is suppressed
or the program defines
an
identifier with the name math_errhandling (7.12).
—
An argument to a floating-point classification or comparison macro is not of
real
floating
type (7.12.3, 7.12.14).
—
A macro definition of setjmp is suppressed
in order to access an actual function, or
the
program defines an external identifier with the name setjmp (7.13).
—
An inv ocation of the setjmp macro occurs
other than in an allowed context
(7.13.2.1).
— The longjmp function is
invoked to restore a nonexistent environment (7.13.2.1).
—
After a longjmp, there is an attempt to access the
value of an object of automatic
storage
duration that does not have volatile-qualified type, local to the function
containing
the invocation of the corresponding setjmp macro, that
was changed
between
the setjmp invocation and longjmp call
(7.13.2.1).
—
The program specifies an invalid pointer to a signal handler function
(7.14.1.1).
—
A signal handler returns when the signal corresponded to a computational
exception
(7.14.1.1).
—
A signal handler called in response to SIGFPE, SIGILL, SIGSEGV, or any
other
implementation-defined
value corresponding to a computational exception returns
(7.14.1.1).
—
A signal occurs as the result of calling the abort or raise function, and
the signal
handler
calls the raise function (7.14.1.1).
— A signal occurs other than as the result of calling the abort or raise function, and
the
signal handler refers to an object with static or thread storage duration that
is not a
lock-free
atomic object other than by assigning a value to an object declared as
volatile
sig_atomic_t, or calls any function in the standard library other
than
the abort function, the _Exit function, the
quick_exit function, or the
signal
function (for the same signal number) (7.14.1.1).
—
The value of errno is referred to after a signal
occurred other than as the result of
calling
the abort or raise function and
the corresponding signal handler obtained
a
SIG_ERR return from a call to the signal function
(7.14.1.1).
—
A signal is generated by an asynchronous signal handler (7.14.1.1).
—
The signal function is used in a multi-threaded
program (7.14.1.1).
—
A function with a variable number of arguments attempts to access its varying
arguments
other than through a properly declared and initialized va_list object, or
before
the va_start macro is invoked (7.16, 7.16.1.1,
7.16.1.4).
—
The macro va_arg is invoked using the parameter ap that was
passed to a function
that
invoked the macro va_arg with the same parameter (7.16).
—
A macro definition of va_start, va_arg, va_copy, or va_end is suppressed
in
order
to access an actual function, or the program defines an external identifier
with
the
name va_copy or va_end (7.16.1).
—
The va_start or va_copy macro is
invoked without a corresponding invocation
of
the va_end macro in the same function, or vice
versa (7.16.1, 7.16.1.2, 7.16.1.3,
7.16.1.4).
— The type
parameter to the va_arg macro is not such that a pointer to an
object of
that type can be obtained
simply by postfixing a * (7.16.1.1).
— The va_arg macro is invoked when there is no actual next argument, or with a
specified type that is not
compatible with the promoted type of the actual next
argument, with certain
exceptions (7.16.1.1).
— The va_copy or va_start
macro is called to
initialize a va_list that was
previously initialized by
either macro without an intervening invocation of the
va_end macro for the same va_list (7.16.1.2, 7.16.1.4).
— The parameter parmN of a va_start macro is declared with the register
storage class, with a
function or array type, or with a type that is not compatible with
the type that results after
application of the default argument promotions (7.16.1.4).
— The member designator
parameter of an offsetof
macro is an invalid right
operand of the . operator for the type parameter, or designates a bit-field (7.19).
— The argument in an instance of one of the integer-constant
macros is not a decimal,
octal,
or hexadecimal constant, or it has a value that exceeds the limits for the
corresponding
type (7.20.4).
—
A byte input/output function is applied to a wide-oriented stream, or a wide
character
input/output
function is applied to a byte-oriented stream (7.21.2).
—
Use is made of any portion of a file beyond the most recent wide character
written to
a
wide-oriented stream (7.21.2).
—
The value of a pointer to a FILE object is
used after the associated file is closed
(7.21.3).
—
The stream for the fflush function
points to an input stream or to an update stream
in
which the most recent operation was input (7.21.5.2).
—
The string pointed to by the mode argument in a
call to the fopen function does not
exactly
match one of the specified character sequences (7.21.5.3).
—
An output operation on an update stream is followed by an input operation
without an
intervening
call to the fflush function or a file positioning
function, or an input
operation
on an update stream is followed by an output operation with an intervening
call
to a file positioning function (7.21.5.3).
—
An attempt is made to use the contents of the array that was supplied in a call
to the
setvbuf
function (7.21.5.6).
—
There are insufficient arguments for the format in a call to one of the
formatted
input/output
functions, or an argument does not have an appropriate type (7.21.6.1,
7.21.6.2,
7.29.2.1, 7.29.2.2).
— The format in a call to one of the formatted input/output
functions or to the
strftime
or wcsftime function is not a valid multibyte
character sequence that
begins
and ends in its initial shift state (7.21.6.1, 7.21.6.2, 7.27.3.5, 7.29.2.1,
7.29.2.2,
7.29.5.1).
—
In a call to one of the formatted output functions, a precision appears with a
conversion
specifier other than those described (7.21.6.1, 7.29.2.1).
—
A conversion specification for a formatted output function uses an asterisk to
denote
an
argument-supplied field width or precision, but the corresponding argument is
not
provided
(7.21.6.1, 7.29.2.1).
—
A conversion specification for a formatted output function uses a # or 0 flag with a
conversion
specifier other than those described (7.21.6.1, 7.29.2.1).
—
A conversion specification for one of the formatted input/output functions uses
a
length
modifier with a conversion specifier other than those described (7.21.6.1,
7.21.6.2,
7.29.2.1, 7.29.2.2).
— An s conversion
specifier is encountered by one of the formatted output functions,
and
the argument is missing the null terminator (unless a precision is specified
that
does
not require null termination) (7.21.6.1, 7.29.2.1).
—
An n conversion specification for one of
the formatted input/output functions includes
any
flags, an assignment-suppressing character, a field width, or a precision
(7.21.6.1,
7.21.6.2,
7.29.2.1, 7.29.2.2).
—
A % conversion specifier is encountered
by one of the formatted input/output
functions,
but the complete conversion specification is not exactly %% (7.21.6.1,
7.21.6.2,
7.29.2.1, 7.29.2.2).
—
An inv alid conversion specification is found in the format for one of the
formatted
input/output
functions, or the strftime or wcsftime function
(7.21.6.1, 7.21.6.2,
7.27.3.5,
7.29.2.1, 7.29.2.2, 7.29.5.1).
—
The number of characters or wide characters transmitted by a formatted output
function
(or written to an array, or that would have been written to an array) is
greater
than
INT_MAX (7.21.6.1, 7.29.2.1).
—
The number of input items assigned by a formatted input function is greater
than
INT_MAX
(7.21.6.2, 7.29.2.2).
—
The result of a conversion by one of the formatted input functions cannot be
represented
in the corresponding object, or the receiving object does not have an
appropriate
type (7.21.6.2, 7.29.2.2).
—
A c, s, or [ conversion
specifier is encountered by one of the formatted input
functions,
and the array pointed to by the corresponding argument is not large enough
to
accept the input sequence (and a null terminator if the conversion specifier is
s or
[) (7.21.6.2,
7.29.2.2).
— A c, s, or [ conversion
specifier with an l qualifier is encountered by one of
the
formatted
input functions, but the input is not a valid multibyte character sequence
that
begins in the initial shift state (7.21.6.2, 7.29.2.2).
—
The input item for a %p conversion by
one of the formatted input functions is not a
value
converted earlier during the same program execution (7.21.6.2, 7.29.2.2).
—
The vfprintf, vfscanf, vprintf, vscanf, vsnprintf, vsprintf,
vsscanf, vfwprintf, vfwscanf, vswprintf, vswscanf, vwprintf, or
vwscanf
function is called with an improperly initialized va_list argument, or
the
argument is used (other than in an invocation of va_end) after the
function
returns
(7.21.6.8, 7.21.6.9, 7.21.6.10, 7.21.6.11, 7.21.6.12, 7.21.6.13, 7.21.6.14,
7.29.2.5,
7.29.2.6, 7.29.2.7, 7.29.2.8, 7.29.2.9, 7.29.2.10).
—
The contents of the array supplied in a call to the fgets or fgetws function are
used
after a read error occurred (7.21.7.2, 7.29.3.2).
— The file position indicator for a binary stream is used
after a call to the ungetc
function where its value was zero before the call (7.21.7.10).
—
The file position indicator for a stream is used after an error occurred during
a call to
the
fread or fwrite function
(7.21.8.1, 7.21.8.2).
—
A partial element read by a call to the fread function is
used (7.21.8.1).
—
The fseek function is called for a text stream
with a nonzero offset and either the
offset
was not returned by a previous successful call to the ftell function on a
stream
associated with the same file or whence is not SEEK_SET (7.21.9.2).
—
The fsetpos function is called to set a position
that was not returned by a previous
successful
call to the fgetpos function on a stream associated with
the same file
(7.21.9.3).
—
A non-null pointer returned by a call to the calloc, malloc, or realloc function
with
a zero requested size is used to access an object (7.22.3).
—
The value of a pointer that refers to space deallocated by a call to the free or
realloc
function is used (7.22.3).
—
The alignment requested of the aligned_alloc function is
not valid or not
supported
by the implementation, or the size requested is not an integral multiple of
the
alignment (7.22.3.1).
—
The pointer argument to the free or realloc function does
not match a pointer
earlier
returned by a memory management function, or the space has been deallocated
by
a call to free or realloc (7.22.3.3,
7.22.3.5).
—
The value of the object allocated by the malloc function is
used (7.22.3.4).
—
The value of any bytes in a new object allocated by the realloc function
beyond
the
size of the old object are used (7.22.3.5).
—
The program calls the exit or quick_exit function more
than once, or calls both
functions
(7.22.4.4, 7.22.4.7).
—
During the call to a function registered with the atexit or at_quick_exit
function, a call is made to the longjmp function that
would terminate the call to the
registered
function (7.22.4.4, 7.22.4.7).
—
The string set up by the getenv or strerror function is
modified by the program
(7.22.4.6,
7.24.6.2).
—
A signal is raised while the quick_exit function is
executing (7.22.4.7).
—
A command is executed through the system function in a
way that is documented as
causing
termination or some other form of undefined behavior (7.22.4.8).
— A searching or sorting utility function is called with an
invalid pointer argument, even
if
the number of elements is zero (7.22.5).
—
The comparison function called by a searching or sorting utility function
alters the
contents
of the array being searched or sorted, or returns ordering values
inconsistently
(7.22.5).
—
The array being searched by the bsearch function does
not have its elements in
proper
order (7.22.5.1).
—
The current conversion state is used by a multibyte/wide character conversion
function
after changing the LC_CTYPE category
(7.22.7).
—
A string or wide string utility function is instructed to access an array
beyond the end
of
an object (7.24.1, 7.29.4).
—
A string or wide string utility function is called with an invalid pointer
argument, even
if
the length is zero (7.24.1, 7.29.4).
—
The contents of the destination array are used after a call to the strxfrm,
strftime, wcsxfrm, or wcsftime function in
which the specified length was
too
small to hold the entire null-terminated result (7.24.4.5, 7.27.3.5,
7.29.4.4.4,
7.29.5.1).
—
The first argument in the very first call to the strtok or wcstok is a null
pointer
(7.24.5.8,
7.29.4.5.7).
—
The type of an argument to a type-generic macro is not compatible with the type
of
the
corresponding parameter of the selected function (7.25).
— A complex argument is supplied for a generic parameter of a
type-generic macro that
has
no corresponding complex function (7.25).
—
At least one member of the broken-down time passed to asctime contains a
value
outside
its normal range, or the calculated year exceeds four digits or is less than
the
year
1000 (7.27.3.1).
—
The argument corresponding to an s specifier
without an l qualifier in a call to the
fwprintf
function does not point to a valid multibyte character sequence that
begins
in the initial shift state (7.29.2.11).
—
In a call to the wcstok function, the object pointed to by ptr does not have
the
value
stored by the previous call for the same wide string (7.29.4.5.7).
—
An mbstate_t object is used inappropriately
(7.29.6).
—
The value of an argument of type wint_t to a wide
character classification or case
mapping
function is neither equal to the value of WEOF nor
representable as a
wchar_t
(7.30.1).
— The iswctype function is
called using a different LC_CTYPE category from
the
one
in effect for the call to the wctype function that
returned the description
(7.30.2.2.1).
—
The towctrans function is called using a different LC_CTYPE category from
the
one
in effect for the call to the wctrans function that
returned the description
(7.30.3.2.1).
J.3
Implementation-defined behavior
1 A conforming implementation is required to document its choice of
behavior in each of
the
areas listed in this subclause. The following are implementation-defined:
J.3.1 Translation
1 — How a diagnostic is
identified (3.10, 5.1.1.3).
— Whether each nonempty
sequence of white-space characters other than new-line is
retained or replaced by one
space character in translation phase 3 (5.1.1.2).
J.3.2 Environment
1 — The mapping between
physical source file multibyte characters and the source
character set in
translation phase 1 (5.1.1.2).
— The name and type of the
function called at program startup in a freestanding
environment (5.1.2.1).
— The effect of program
termination in a freestanding environment (5.1.2.1).
— An alternative manner in
which the main function may be defined (5.1.2.2.1).
— The values given to the
strings pointed to by the argv argument to main (5.1.2.2.1).
— What constitutes an
interactive device (5.1.2.3).
— Whether a program can
have more than one thread of execution in a freestanding
environment (5.1.2.4).
— The set of signals, their
semantics, and their default handling (7.14).
— Signal values other than SIGFPE, SIGILL, and SIGSEGV that
correspond to a
computational exception
(7.14.1.1).
— Signals for which the
equivalent of signal(sig, SIG_IGN); is executed at
program startup (7.14.1.1).
— The set of environment names and the method for altering
the environment list used
by
the getenv function (7.22.4.6).
—
The manner of execution of the string by the system function
(7.22.4.8).
J.3.3 Identifiers
1 — Which additional
multibyte characters may appear in identifiers and their
correspondence to universal
character names (6.4.2).
— The number of significant
initial characters in an identifier (5.2.4.1, 6.4.2).
J.3.4 Characters
1 — The number of bits in a
byte (3.6).
— The values of the members
of the execution character set (5.2.1).
— The unique value of the
member of the execution character set produced for each of
the standard alphabetic
escape sequences (5.2.2).
— The value of a char object
into which has been stored any character other than a
member of the basic
execution character set (6.2.5).
— Which of signed char or unsigned char has the
same range, representation,
and behavior as ‘‘plain’’ char (6.2.5,
6.3.1.1).
— The mapping of members of
the source character set (in character constants and string
literals) to members of the
execution character set (6.4.4.4, 5.1.1.2).
— The value of an integer
character constant containing more than one character or
containing a character or
escape sequence that does not map to a single-byte
execution character
(6.4.4.4).
— The value of a wide character constant containing more than
one multibyte character
or
a single multibyte character that maps to multiple members of the extended
execution
character set, or containing a multibyte character or escape sequence not
represented
in the extended execution character set (6.4.4.4).
—
The current locale used to convert a wide character constant consisting of a
single
multibyte
character that maps to a member of the extended execution character set
into
a corresponding wide character code (6.4.4.4).
—
Whether differently-prefixed wide string literal tokens can be concatenated
and, if so,
the
treatment of the resulting multibyte character sequence (6.4.5).
—
The current locale used to convert a wide string literal into corresponding
wide
character
codes (6.4.5).
—
The value of a string literal containing a multibyte character or escape
sequence not
represented
in the execution character set (6.4.5).
—
The encoding of any of wchar_t, char16_t, and char32_t where the
corresponding
standard encoding macro (_ _STDC_ISO_10646_ _,
_
_STDC_UTF_16_ _, or _ _STDC_UTF_32_ _) is not
defined (6.10.8.2).
J.3.5 Integers
1 — Any extended integer
types that exist in the implementation (6.2.5).
— Whether signed integer
types are represented using sign and magnitude, two’s
complement, or ones’
complement, and whether the extraordinary value is a trap
representation or an
ordinary value (6.2.6.2).
— The rank of any extended
integer type relative to another extended integer type with
the same precision
(6.3.1.1).
— The result of, or the
signal raised by, converting an integer to a signed integer type
when the value cannot be
represented in an object of that type (6.3.1.3).
— The results of some
bitwise operations on signed integers (6.5).
J.3.6 Floating point
1 — The accuracy of the
floating-point operations and of the library functions in
<math.h> and <complex.h> that return floating-point results
(5.2.4.2.2).
— The accuracy of the
conversions between floating-point internal representations and
string representations
performed by the library functions in <stdio.h>,
<stdlib.h>, and <wchar.h> (5.2.4.2.2).
— The rounding behaviors
characterized by non-standard values of FLT_ROUNDS
(5.2.4.2.2).
— The evaluation methods
characterized by non-standard negative values of
FLT_EVAL_METHOD (5.2.4.2.2).
— The direction of rounding
when an integer is converted to a floating-point number that
cannot exactly represent
the original value (6.3.1.4).
— The direction of rounding when a floating-point number is
converted to a narrower
floating-point
number (6.3.1.5).
—
How the nearest representable value or the larger or smaller representable
value
immediately
adjacent to the nearest representable value is chosen for certain floating
constants
(6.4.4.2).
—
Whether and how floating expressions are contracted when not disallowed by the
FP_CONTRACT
pragma (6.5).
—
The default state for the FENV_ACCESS pragma
(7.6.1).
—
Additional floating-point exceptions, rounding modes, environments, and
classifications,
and their macro names (7.6, 7.12).
—
The default state for the FP_CONTRACT pragma
(7.12.2)
J.3.7 Arrays and pointers
1 — The result of
converting a pointer to an integer or vice versa (6.3.2.3).
— The size of the result of
subtracting two pointers to elements of the same array
(6.5.6).
J.3.8 Hints
1 — The extent to which
suggestions made by using the register storage-class
specifier are effective
(6.7.1).
— The extent to which suggestions
made by using the inline function specifier are
effective (6.7.4).
J.3.9 Structures, unions, enumerations, and bit-fields
1 — Whether a ‘‘plain’’ int bit-field
is treated as a signed int bit-field or as an
unsigned int bit-field
(6.7.2, 6.7.2.1).
— Allowable bit-field types
other than _Bool, signed int, and unsigned int
(6.7.2.1).
— Whether atomic types are
permitted for bit-fields (6.7.2.1).
— Whether a bit-field can
straddle a storage-unit boundary (6.7.2.1).
— The order of allocation
of bit-fields within a unit (6.7.2.1).
— The alignment of
non-bit-field members of structures (6.7.2.1). This should present
no problem unless binary
data written by one implementation is read by another.
— The integer type
compatible with each enumerated type (6.7.2.2).
J.3.10 Qualifiers
1 — What constitutes an
access to an object that has volatile-qualified type (6.7.3).
J.3.11 Preprocessing directives
1 — The locations within #pragma directives
where header name preprocessing tokens
are recognized (6.4, 6.4.7).
— How sequences in both
forms of header names are mapped to headers or external
source file names (6.4.7).
— Whether the value of a
character constant in a constant expression that controls
conditional inclusion
matches the value of the same character constant in the
execution character set
(6.10.1).
— Whether the value of a
single-character character constant in a constant expression
that controls conditional
inclusion may have a neg ative value (6.10.1).
— The places that are searched for an included < > delimited
header, and how the places
are
specified or the header is identified (6.10.2).
—
How the named source file is searched for in an included " "
delimited header
(6.10.2).
—
The method by which preprocessing tokens (possibly resulting from macro
expansion)
in a #include directive are combined into a header
name (6.10.2).
—
The nesting limit for #include processing
(6.10.2).
—
Whether the # operator inserts a \ character
before the \ character that begins a
universal
character name in a character constant or string literal (6.10.3.2).
—
The behavior on each recognized non-STDC #pragma directive
(6.10.6).
—
The definitions for _ _DATE_ _ and _ _TIME_ _ when
respectively, the date and
time
of translation are not available (6.10.8.1).
J.3.12
Library functions
1 — Any library facilities available to a freestanding program, other
than the minimal set
required
by clause 4 (5.1.2.1).
—
The format of the diagnostic printed by the assert macro
(7.2.1.1).
—
The representation of the floating-point status flags stored by the
fegetexceptflag
function (7.6.2.2).
—
Whether the feraiseexcept function raises the ‘‘inexact’’
floating-point
exception
in addition to the ‘‘overflow’’ or ‘‘underflow’’ floating-point exception
(7.6.2.3).
— Strings other than "C" and "" that may be
passed as the second argument to the
setlocale
function (7.11.1.1).
—
The types defined for float_t and double_t when the
value of the
FLT_EVAL_METHOD
macro is less than 0 (7.12).
—
Domain errors for the mathematics functions, other than those required by this
International
Standard (7.12.1).
—
The values returned by the mathematics functions on domain errors or pole
errors
(7.12.1).
—
The values returned by the mathematics functions on underflow range errors,
whether
errno
is set to the value of the macro ERANGE when the
integer expression
math_errhandling
& MATH_ERRNO is nonzero, and whether the ‘‘underflow’’
floating-point
exception is raised when the integer expression math_errhandling
& MATH_ERREXCEPT is nonzero. (7.12.1).
— Whether a domain error occurs or zero is returned when an fmod function has
a
second
argument of zero (7.12.10.1).
—
Whether a domain error occurs or zero is returned when a remainder function has
a
second argument of zero (7.12.10.2).
—
The base-2 logarithm of the modulus used by the remquo functions in
reducing the
quotient
(7.12.10.3).
—
Whether a domain error occurs or zero is returned when a remquo function has
a
second
argument of zero (7.12.10.3).
—
Whether the equivalent of signal(sig, SIG_DFL); is executed prior
to the call
of
a signal handler, and, if not, the blocking of signals that is performed
(7.14.1.1).
—
The null pointer constant to which the macro NULL expands
(7.19).
—
Whether the last line of a text stream requires a terminating new-line
character
(7.21.2).
—
Whether space characters that are written out to a text stream immediately
before a
new-line
character appear when read in (7.21.2).
—
The number of null characters that may be appended to data written to a binary
stream
(7.21.2).
—
Whether the file position indicator of an append-mode stream is initially
positioned at
the
beginning or end of the file (7.21.3).
—
Whether a write on a text stream causes the associated file to be truncated
beyond that
point
(7.21.3).
—
The characteristics of file buffering (7.21.3).
—
Whether a zero-length file actually exists (7.21.3).
—
The rules for composing valid file names (7.21.3).
—
Whether the same file can be simultaneously open multiple times (7.21.3).
—
The nature and choice of encodings used for multibyte characters in files
(7.21.3).
—
The effect of the remove function on an open file (7.21.4.1).
—
The effect if a file with the new name exists prior to a call to the rename function
(7.21.4.2).
—
Whether an open temporary file is removed upon abnormal program termination
(7.21.4.3).
—
Which changes of mode are permitted (if any), and under what circumstances
(7.21.5.4).
— The style used to print an infinity or NaN, and the meaning
of any n-char or n-wchar
sequence
printed for a NaN (7.21.6.1, 7.29.2.1).
—
The output for %p conversion in the fprintf or fwprintf function
(7.21.6.1,
7.29.2.1).
—
The interpretation of a - character
that is neither the first nor the last character, nor
the
second where a ^ character is the first, in the
scanlist for %[ conversion in the
fscanf
or fwscanf function (7.21.6.2, 7.29.2.1).
—
The set of sequences matched by a %p conversion
and the interpretation of the
corresponding
input item in the fscanf or fwscanf function
(7.21.6.2, 7.29.2.2).
—
The value to which the macro errno is set by the
fgetpos, fsetpos, or ftell
functions on failure (7.21.9.1, 7.21.9.3, 7.21.9.4).
—
The meaning of any n-char or n-wchar sequence in a string representing a NaN
that is
converted
by the strtod, strtof, strtold, wcstod, wcstof, or wcstold
function (7.22.1.3, 7.29.4.1.1).
—
Whether or not the strtod, strtof, strtold, wcstod, wcstof, or wcstold
function sets errno to ERANGE when
underflow occurs (7.22.1.3, 7.29.4.1.1).
—
Whether the calloc, malloc, and realloc functions
return a null pointer or a
pointer
to an allocated object when the size requested is zero (7.22.3).
—
Whether open streams with unwritten buffered data are flushed, open streams are
closed,
or temporary files are removed when the abort or _Exit function is
called
(7.22.4.1,
7.22.4.5).
— The
termination status returned to the host environment by the abort, exit,
_Exit, or quick_exit function
(7.22.4.1, 7.22.4.4, 7.22.4.5, 7.22.4.7).
— The value returned by the
system function when its argument is not a null
pointer
(7.22.4.8).
— The range and precision
of times representable in clock_t
and time_t (7.27). ∗
— The local time zone and
Daylight Saving Time (7.27.1).
— The era for the clock function (7.27.2.1).
— The TIME_UTC epoch (7.27.2.5).
— The replacement string
for the %Z specifier to the strftime, and wcsftime
functions in the "C" locale (7.27.3.5, 7.29.5.1).
— Whether the functions in <math.h> honor the rounding direction mode in an
IEC 60559 conformant
implementation, unless explicitly specified otherwise (F.10).
J.3.13 Architecture
1 — The values or
expressions assigned to the macros specified in the headers
<float.h>, <limits.h>, and <stdint.h>
(5.2.4.2, 7.20.2, 7.20.3).
— The result of attempting
to indirectly access an object with automatic or thread
storage duration from a
thread other than the one with which it is associated (6.2.4).
— The number, order, and
encoding of bytes in any object (when not explicitly specified
in this International
Standard) (6.2.6.1).
— Whether any extended
alignments are supported and the contexts in which they are
supported (6.2.8).
— Valid alignment values
other than those returned by an _Alignof expression for
fundamental types, if any
(6.2.8).
— The value of the result
of the sizeof and _Alignof operators (6.5.3.4).
J.4 Locale-specific behavior
1 The following
characteristics of a hosted environment are locale-specific and are required
to be documented by the
implementation:
— Additional members of the
source and execution character sets beyond the basic
character set (5.2.1).
— The presence, meaning,
and representation of additional multibyte characters in the
execution character set
beyond the basic character set (5.2.1.2).
— The shift states used for
the encoding of multibyte characters (5.2.1.2).
— The direction of writing
of successive printing characters (5.2.2).
— The decimal-point character (7.1.1).
—
The set of printing characters (7.4, 7.30.2).
—
The set of control characters (7.4, 7.30.2).
—
The sets of characters tested for by the isalpha, isblank, islower, ispunct,
isspace, isupper, iswalpha, iswblank, iswlower, iswpunct,
iswspace, or iswupper functions
(7.4.1.2, 7.4.1.3, 7.4.1.7, 7.4.1.9, 7.4.1.10,
7.4.1.11,
7.30.2.1.2, 7.30.2.1.3, 7.30.2.1.7, 7.30.2.1.9, 7.30.2.1.10, 7.30.2.1.11).
—
The native environment (7.11.1.1).
—
Additional subject sequences accepted by the numeric conversion functions
(7.22.1,
7.29.4.1).
—
The collation sequence of the execution character set (7.24.4.3, 7.29.4.4.2).
— The contents of the error message strings set up by the strerror function
(7.24.6.2).
—
The formats for time and date (7.27.3.5, 7.29.5.1).
—
Character mappings that are supported by the towctrans function
(7.30.1).
—
Character classifications that are supported by the iswctype function
(7.30.1).
J.5
Common extensions
1 The following extensions are widely used in many systems, but are not
portable to all
implementations.
The inclusion of any extension that may cause a strictly conforming
program
to become invalid renders an implementation nonconforming. Examples of such
extensions
are new keywords, extra library functions declared in standard headers, or
predefined
macros with names that do not begin with an underscore.
J.5.1
Environment arguments
1 In a hosted environment, the main function
receives a third argument, char *envp[],
that
points to a null-terminated array of pointers to char, each of
which points to a string
that
provides information about the environment for this execution of the program
(5.1.2.2.1).
J.5.2
Specialized identifiers
1 Characters other than the underscore _, letters,
and digits, that are not part of the basic
source
character set (such as the dollar sign $, or
characters in national character sets)
may
appear in an identifier (6.4.2).
J.5.3
Lengths and cases of identifiers
1 All
characters in identifiers (with or without external linkage) are significant
(6.4.2).
J.5.4 Scopes of identifiers
1 A function identifier, or
the identifier of an object the declaration of which contains the
keyword extern, has
file scope (6.2.1).
J.5.5 Writable string literals
1 String literals are
modifiable (in which case, identical string literals should denote distinct
objects) (6.4.5).
J.5.6 Other arithmetic types
1 Additional arithmetic
types, such as _ _int128 or double double, and their
appropriate conversions are
defined (6.2.5, 6.3.1). Additional floating types may have
more range or precision
than long double, may be
used for evaluating expressions of
other floating types, and
may be used to define float_t or double_t. Additional
floating types may also
have less range or precision than float.
J.5.7 Function pointer casts
1 A pointer to an object or
to void may be
cast to a pointer to a function, allowing data to
be invoked as a function
(6.5.4).
2 A pointer to a function
may be cast to a pointer to an object or to void, allowing a
function to be inspected or
modified (for example, by a debugger) (6.5.4).
J.5.8 Extended bit-field types
1 A bit-field may be
declared with a type other than _Bool, unsigned int, or
signed int, with
an appropriate maximum width (6.7.2.1).
J.5.9 The fortran
keyword
1 The fortran function
specifier may be used in a function declaration to indicate that
calls suitable for FORTRAN
should be generated, or that a different representation for the
external name is to be
generated (6.7.4).
J.5.10 The asm keyword
1 The asm keyword may be used to insert assembly language directly into the
translator
output (6.8). The most
common implementation is via a statement of the form:
asm ( character-string-literal );
J.5.11 Multiple
external definitions
1 There may be more than
one external definition for the identifier of an object, with or
without the explicit use of
the keyword extern; if the definitions disagree, or more than
one is initialized, the
behavior is undefined (6.9.2).
J.5.12 Predefined macro names
1 Macro names that do not
begin with an underscore, describing the translation and
execution environments, are
defined by the implementation before translation begins
(6.10.8).
J.5.13 Floating-point status flags
1 If any floating-point
status flags are set on normal termination after all calls to functions
registered by the atexit function
have been made (see 7.22.4.4), the implementation
writes some diagnostics
indicating the fact to the stderr stream, if it is still open,
J.5.14 Extra arguments for signal handlers
1 Handlers for specific
signals are called with extra arguments in addition to the signal
number (7.14.1.1).
J.5.15 Additional stream types and file-opening modes
1 Additional mappings from
files to streams are supported (7.21.2).
2 Additional file-opening
modes may be specified by characters appended to the mode
argument of the fopen function
(7.21.5.3).
J.5.16 Defined file position indicator
1 The file position
indicator is decremented by each successful call to the ungetc or
ungetwc function
for a text stream, except if its value was zero before a call (7.21.7.10,
7.29.3.10).
J.5.17 Math error reporting
1 Functions declared in <complex.h>
and <math.h> raise SIGFPE to report
errors
instead
of, or in addition to, setting errno or raising
floating-point exceptions (7.3,
7.12).