63

I've been having really freaky stuff happening in my code. I believe I have tracked it down to the part labeled "here" (code is simplified, of course):

std::string func() {
    char c;
    // Do stuff that will assign to c
    return "" + c; // Here
}

All sorts of stuff will happen when I try to cout the result of this function. I think I've even managed to get pieces of underlying C++ documentation, and many a segmentation fault. It's clear to me that this doesn't work in C++ (I've resorted to using stringstream to do conversions to string now), but I would like to know why. After using lots of C# for quite a while and no C++, this has caused me a lot of pain.

Improve this question
14
  • 44
    Arrays decay into pointers. chars get promoted to ints. Pointer arithmetic ensues. Commented Sep 12, 2014 at 16:07
  • 6
    That code is equivalent to const char *str=""; return &(str[(int)c]);. Undefined behavior (unless C is 0). Commented Sep 12, 2014 at 16:08
  • 7
    You might be interested in the C++14 s literal Commented Sep 12, 2014 at 16:10
  • 3
    You can return std::string(1, c); Commented Sep 12, 2014 at 16:20
  • 13
    "I've even managed to get pieces of underlying C++ documentation" that is a hilarious example for Undefined Behavior. Commented Sep 12, 2014 at 22:20

3 Answers 3

Reset to default
94

  • "" is a string literal. Those have the type array of N const char. This particular string literal is an array of 1 const char, the one element being the null terminator.

  • Arrays easily decay into pointers to their first element, e.g. in expressions where a pointer is required.

  • lhs + rhs is not defined for arrays as lhs and integers as rhs. But it is defined for pointers as the lhs and integers as the rhs, with the usual pointer arithmetic.

  • char is an integral data type in (i.e., treated as an integer by) the C++ core language.

==> string literal + character therefore is interpreted as pointer + integer.

The expression "" + c is roughly equivalent to:

static char const lit[1] = {'\0'};
char const* p = &lit[0];
p + c // "" + c is roughly equivalent to this expression

You return a std::string. The expression "" + c yields a pointer to const char. The constructor of std::string that expects a const char* expects it to be a pointer to a null-terminated character array.

If c != 0, then the expression "" + c leads to Undefined Behaviour:

  • For c > 1, the pointer arithmetic produces Undefined Behaviour. Pointer arithmetic is only defined on arrays, and if the result is an element of the same array.

  • If char is signed, then c < 0 produces Undefined Behaviour for the same reason.

  • For c == 1, the pointer arithmetic does not produce Undefined Behaviour. That's a special case; pointing to one element past the last element of an array is allowed (it is not allowed to use what it points to, though). It still leads to Undefined Behaviour since the std::string constructor called here requires its argument to be a pointer to a valid array (and a null-terminated string). The one-past-the-last element is not part of the array itself. Violating this requirement also leads to UB.

What probably now happens is that the constructor of std::string tries to determine the size of the null-terminated string you passed it, by searching the (first) character in the array that is equal to '\0':

string(char const* p)
{
    // simplified
    char const* end = p;
    while(*end != '\0') ++end;
    //...
}

this will either produce an access violation, or the string it creates contains "garbage". It is also possible that the compiler assumes this Undefined Behaviour will never happen, and does some funny optimizations that will result in weird behaviour.

By the way, clang++3.5 emits a nice warning for this snippet:

warning: adding 'char' to a string does not append to the string [-Wstring-plus-int]

return "" + c; // Here
       ~~~^~~

note: use array indexing to silence this warning

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

So essentially a bunch of implicit conversions then. Okay, thanks for the input!
"" + c is only undefined behavior for c > 1, because "" has a size of 1 and the standard explicitly allows pointers one element past the end of allocated memory to make iteration possible. Otherwise, even a simple for-loop over the entire length of an array would have UB. Still, dereferencing that pointer is UB, which is what happens in the constructor of std::string.
@SimonLehmann Yes, the UB in the case c == 1 comes from calling std::string's ctor with something that's not a pointer to a null-terminated string (which implies a pointer to a valid array). That is, for c > 1 there's another source of UB that applies earlier than the ctor call, but in any case there's UB for c > 0.
@Simon: also for c < 0, since char may be a signed type.
@boycy I think run time is too late. This odd expression can be found by static analysers, and in fact is caught by clang++3.5 (see edited answer).
|
28

There are a lot of explanations of how the compiler interprets this code, but what you probably wanted to know is what you did wrong.

You appear to be expecting the + behavior from std::string. The problem is that neither of the operands actually is a std::string. C++ looks at the types of the operands, not the final type of the expression (here the return type, std::string) to resolve overloading. It won't pick std::string's version of + if it doesn't see a std::string.

If you have special behavior for an operator (either you wrote it, or got a library that provides it), that behavior only applies when at least one of the operands has class type (or reference to class type, and user-defined enumerations count too).

If you wrote

std::string("") + c

or

std::string() + c

or

""s + c // requires C++14

then you would get the std::string behavior of operator +.

(Note that none of these are actually good solutions, because they all make short-lived std::string instances that can be avoided with std::string(1, c))

The same thing goes for functions. Here's an example:

std::complex<double> ipi = std::log(-1.0);

You'll get a runtime error, instead of the expected imaginary number. That's because the compiler has no clue that it should be using the complex logarithm here. Overloading looks only at the arguments, and the argument is a real number (type double, actually).

Operator overloads ARE functions and obey the same rules.

Improve this answer

3 Comments

@dyp: Thanks, fixed. I was probably thinking of the rules for overloading functions and operators in std... where a standard type can satisfy the "class or reference to class" requirement, and a pointer to custom type can satisfy the requirement pertaining to custom types.
Or ADL rules, which also include pointers. Not sure which rules you're referring to, overloading functions in namespace std is forbidden unless explicitly allowed.
@dyp: I guess it's 17.6.4.2.1/1, which isn't very specific... just "if the declaration depends on a user-defined type"
9

This return statement

return "" + c;

is valid. There is used so called the pointer arithmetic. String literal "" is converted to pointer to its first character (in this case to its terminating zero) and integer value stored in c is added to the pointer. So the result of expression

"" + c

has type const char *

Class std::string has conversion constructor that accepts argument of type const char *. The problem is that this pointer can points to beyond the string literal. So the function has undefined behaviour.

I do not see any sense in using this expression. If you want to build a string based on one character you could write for example

return std::string( 1, c );

the difference between C++ and C# is that in C# string literals have type System.String that has overloaded operator + for strings and characters (that are unicode characters in C#). In C++ string literals are constant character arrays and the semantic of operator + for arrays and integers are different. Arrays are converted to pointers to their first elements and there are used the pointer arithmetic.

It is standard class std::string that has overloaded operator + for characters. String literals in C++ are not objects of this class that is of type std::string.

Improve this answer

1 Comment

"This return statement return "" + c; is valid." -- Not if c > 1. And if c == 1, the return value isn't usable other than to subtract 1 from it.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.