Pointer arithmetic must be performed only on pointers that reference elements of array objects.
The C Standard, 6.5.6 [ISO/IEC 9899:2011], states the following about pointer arithmetic:
When an expression that has integer type is added to or subtracted from a pointer, the result has the type of the pointer operand. If the pointer operand points to an element of an array object, and the array is large enough, the result points to an element offset from the original element such that the difference of the subscripts of the resulting and original array elements equals the integer expression.
Noncompliant Code Example
This noncompliant code example attempts to access structure members using pointer arithmetic. This practice is dangerous because structure members are not guaranteed to be contiguous.
It is possible to use the
-> operator to dereference each structure member:
However, this solution results in code that is hard to write and hard to maintain (especially if there are many more structure members), which is exactly what the author of the noncompliant code example was likely trying to avoid.
A better solution is to define the structure to contain an array member to store the numbers in an array rather than a structure, as in this compliant solution:
Array elements are guaranteed to be contiguous in memory, so this solution is completely portable.
ARR37-C-EX1: Any non-array object in memory can be considered an array consisting of one element. Adding one to a pointer for such an object yields a pointer one element past the array, and subtracting one from that pointer yields the original pointer. This allows for code such as the following:
A more general and safer solution to this problem is to use a flexible array member that guarantees the array that follows the structure is properly aligned by inserting padding, if necessary, between it and the member that immediately precedes it.
|Astrée||17.04i||Supported, but no explicit checker|
|LDRA tool suite||9.7.1||567 S||Partially implemented|
|Polyspace Bug Finder||R2016a||Invalid assumptions about memory organization|
Address is computed by adding or subtracting from address of a variable
|PRQA QA-C||9.3||2930, 2931, 2932,|
|PRQA QA-C++||4.1||3705, 3706, 3707|
|[Banahan 2003]||Section 5.3, "Pointers"|
Section 5.7, "Expressions Involving Pointers"
|[ISO/IEC 9899:2011]||6.5.6, "Additive Operators"|