![The name of the picture]( "Creative")
Do I cast the result of malloc?
In this question, someone suggested in a comment that I should not cast the result of malloc, i.e.
malloc
int *sieve = malloc(sizeof(int) * length);
rather than:
int *sieve = (int *) malloc(sizeof(int) * length);
Why would this be the case?
sieve
malloc( sizeof *sieve * length );
malloc()
27 Answers
27
No; you don't cast the result, since:
void *
<stdlib.h>
int
As a clarification, note that I said "you don't cast", not "you don't need to cast". In my opinion, it's a failure to include the cast, even if you got it right. There are simply no benefits to doing it, but a bunch of potential risks, and including the cast indicates that you don't know about the risks.
Also note, as commentators point out, that the above talks about straight C, not C++. I very firmly believe in C and C++ as separate languages.
To add further, your code needlessly repeats the type information (int) which can cause errors. It's better to dereference the pointer being used to store the return value, to "lock" the two together:
int
int *sieve = malloc(length * sizeof *sieve);
This also moves the length to the front for increased visibility, and drops the redundant parentheses with sizeof; they are only needed when the argument is a type name. Many people seem to not know (or ignore) this, which makes their code more verbose. Remember: sizeof is not a function! :)
length
sizeof
sizeof
While moving length to the front may increase visibility in some rare cases, one should also pay attention that in the general case, it should be better to write the expression as:
length
int *sieve = malloc(sizeof *sieve * length);
Since keeping the sizeof first, in this case, ensures multiplication is done with at least size_t math.
sizeof
size_t
Compare: malloc(sizeof *sieve * length * width) vs. malloc(length * width * sizeof *sieve) the second may overflow the length * width when width and length are smaller types than size_t.
malloc(sizeof *sieve * length * width)
malloc(length * width * sizeof *sieve)
length * width
width
length
size_t
void*
malloc
void*
void*
int
void *
int x = (int) 12;
In C, you don't need to cast the return value of malloc. The pointer to void returned by malloc is automagically converted to the correct type. However, if you want your code to compile with a C++ compiler, a cast is needed. A preferred alternative among the community is to use the following:
malloc
malloc
int *sieve = malloc(sizeof *sieve * length);
which additionally frees you from having to worry about changing the right-hand side of the expression if ever you change the type of sieve.
sieve
Casts are bad, as people have pointed out. Specially pointer casts.
malloc(length * sizeof *sieve)
sizeof
malloc(length * sizeof(*sieve))
malloc(length * (sizeof *sieve))
()
length*width
sizeof
size_t
malloc(sizeof( *ptr) * length * width)
malloc(length * width * sizeof (*ptr))
length*width
width,length
size_t
malloc(sizeof *sieve * length)
static_cast>()
reinterpret_cast<>()
You do cast, because:
type *
type **
#include
malloc()
.c
.cpp
throw
return -1;
malloc
char **foo = malloc(3*sizeof(*foo));
foo[i] = calloc(101, sizeof(*(foo[i])));
unsigned char
struct Zebra *p; ... p=malloc(sizeof struct Zebra);
p=(struct Zebra*)malloc(sizeof struct Zebra);
p
As other stated, it is not needed for C, but for C++. If you think you are going to compile your C code with a C++ compiler, for which reasons ever, you can use a macro instead, like:
#ifdef __cplusplus
# define NEW(type, count) ((type *)calloc(count, sizeof(type)))
#else
# define NEW(type, count) (calloc(count, sizeof(type)))
#endif
That way you can still write it in a very compact way:
int *sieve = NEW(int, 1);
and it will compile for C and C++.
new
new
delete
malloc()
free()
NEW
delete
DELETE
MALLOC
CALLOC
In C you can implicitly convert a void pointer to any other kind of pointer, so a cast is not necessary. Using one may suggest to the casual observer that there is some reason why one is needed, which may be misleading.
From the Wikipedia
Advantages to casting
Including the cast may allow a C program or function to compile as C++.
The cast allows for pre-1989 versions of malloc that originally returned a char *.
Casting can help the developer identify inconsistencies in type sizing should the destination pointer type change, particularly if the pointer is declared far from the malloc() call (although modern compilers and static analyzers can warn on such behaviour without requiring the cast).
Disadvantages to casting
Under the ANSI C standard, the cast is redundant.
Adding the cast may mask failure to include the header stdlib.h, in
which the prototype for malloc is found. In the absence of a
prototype for malloc, the standard requires that the C compiler
assume malloc returns an int. If there is no cast, a warning is
issued when this integer is assigned to the pointer; however, with
the cast, this warning is not produced, hiding a bug. On certain
architectures and data models (such as LP64 on 64-bit systems, where
long and pointers are 64-bit and int is 32-bit), this error can
actually result in undefined behaviour, as the implicitly declared
malloc returns a 32-bit value whereas the actually defined function
returns a 64-bit value. Depending on calling conventions and memory
layout, this may result in stack smashing. This issue is less likely
to go unnoticed in modern compilers, as they uniformly produce
warnings that an undeclared function has been used, so a warning will
still appear. For example, GCC's default behaviour is to show a
warning that reads "incompatible implicit declaration of built-in
function" regardless of whether the cast is present or not.
If the type of the pointer is changed at its declaration, one may
also, need to change all lines where malloc is called and cast.
Although malloc without casting is preferred method and most experienced programmers choose it, you should use whichever you like having aware of the issues.
i.e: If you need to compile C program as C++(Although those are separate language) you should use malloc with casting.
malloc
malloc()
p = malloc(sizeof(*p) * count)
You don't cast the result of malloc, because doing so adds pointless clutter to your code.
The most common reason why people cast the result of malloc is because they are unsure about how the C language works. That's a warning sign: if you don't know how a particular language mechanism works, then don't take a guess. Look it up or ask on Stack Overflow.
Some comments:
A void pointer can be converted to/from any other pointer type without an explicit cast (C11 6.3.2.3 and 6.5.16.1).
C++ will however not allow an implicit cast between void* and another pointer type. So in C++, the cast would have been correct. But if you program in C++, you should use new and not malloc(). And you should never compile C code using a C++ compiler.
void*
new
If you need to support both C and C++ with the same source code, use compiler switches to mark the differences. Do not attempt to sate both language standards with the same code, because they are not compatible.
If a C compiler cannot find a function because you forgot to include the header, you will get a compiler/linker error about that. So if you forgot to include <stdlib.h> that's no biggie, you won't be able to build your program.
<stdlib.h>
On ancient compilers that follow a version of the standard which is more than 25 years old, forgetting to include <stdlib.h> would result in dangerous behavior. Because in that ancient standard, functions without a visible prototype implicitly converted the return type to int. Casting the result from malloc explicitly would then hide away this bug.
<stdlib.h>
int
But that is really a non-issue. You aren't using a 25 years old computer, so why would you use a 25 years old compiler?
In C you get an implicit conversion from void* to any other (data) pointer.
void*
Casting the value returned by malloc() is not necessary now, but I'd like to add one point that seems no one has pointed out:
malloc()
In the ancient days, that is, before ANSI C provides the void * as the generic type of pointers, char * is the type for such usage. In that case, the cast can shut down the compiler warnings.
void *
char *
Reference: C FAQ
It is not mandatory to cast the results of malloc, since it returns void* , and a void* can be pointed to any datatype.
malloc
void*
void*
Just adding my experience, studying computer engineering I see that the two or three professors that I have seen writing in C always cast malloc, however the one I asked (with an immense CV and understanding of C) told me that it is absolutely unnecessary but only used to be absolutely specific, and to get the students into the mentality of being absolutely specific. Essentially casting will not change anything in how it works, it does exactly what it says, allocates memory, and casting does not effect it, you get the same memory, and even if you cast it to something else by mistake (and somehow evade compiler errors) C will access it the same way.
Edit: Casting has a certain point. When you use array notation, the code generated has to know how many memory places it has to advance to reach the beginning of the next element, this is achieved through casting. This way you know that for a double you go 8 bytes ahead while for an int you go 4, and so on. Thus it has no effect if you use pointer notation, in array notation it becomes necessary.
p = malloc(sizeof *p * n);
The returned type is void*, which can be cast to the desired type of data pointer in order to be dereferenceable.
void*
A void pointer is a generic pointer and C supports implicit conversion from a void pointer type to other types, so there is no need of explicitly typecasting it.
However, if you want the same code work perfectly compatible on a C++ platform, which does not support implicit conversion, you need to do the typecasting, so it all depends on usability.
malloc
Adding to all the information here; this is what The GNU C Library Reference manual says:
You can store the result of malloc into any pointer variable without a
cast, because ISO C automatically converts the type void * to another
type of pointer when necessary. But the cast is necessary in contexts
other than assignment operators or if you might want your code to run
in traditional C.
malloc
void *
And indeed the ISO C11 standard (p347) says so:
The pointer returned if the allocation succeeds is suitably aligned so
that it may be assigned to a pointer to any type of object with a
fundamental alignment requirement and then used to access such an
object or an array of such objects in the space allocated (until the
space is explicitly deallocated)
It depends on the programming language and compiler. If you use malloc in C there is no need to type cast it, as it will automatically type cast, However if your using C++ then you should type cast because malloc will return a void* type.
malloc
malloc
void*
In the C language, a void pointer can be assigned to any pointer, which is why you should not use a type cast. If you want "type safe" allocation, I can recommend the following macro functions, which I always use in my C projects:
#include <stdlib.h>
#define NEW_ARRAY(ptr, n) (ptr) = malloc((n) * sizeof *(ptr))
#define NEW(ptr) NEW_ARRAY((ptr), 1)
With these in place you can simply say
NEW_ARRAY(sieve, length);
For non-dynamic arrays, the third must-have function macro is
#define LEN(arr) (sizeof (arr) / sizeof (arr)[0])
which makes array loops safer and more convenient:
int i, a[100];
for (i = 0; i < LEN(a); i++)
...
malloc()
void*
void*
malloc()
do
Casting is only for C++ not C.In case you are using a C++ compiler you better change it to C compiler.
People used to GCC and Clang are spoiled. It's not all that good out there.
I have been pretty horrified over the years by the staggeringly aged compilers I've been required to use. Often companies and managers adopt an ultra-conservative approach to changing compilers and will not even test if a new compiler ( with better standards compliance and code optimization ) will work in their system. The practical reality for working developers is that when you're coding you need to cover your bases and, unfortunately, casting mallocs is a good habit if you cannot control what compiler may be applied to your code.
I would also suggest that many organizations apply a coding standard of their own and that that should be the method people follow if it is defined. In the absence of explicit guidance I tend to go for most likely to compile everywhere, rather than slavish adherence to a standard.
The argument that it's not necessary under current standards is quite valid. But that argument omits the practicalities of the real world. We do not code in a world ruled exclusively by the standard of the day, but by the practicalities of what I like to call "local management's reality field". And that's bent and twisted more than space time ever was. :-)
YMMV.
I tend to think of casting malloc as a defensive operation. Not pretty, not perfect, but generally safe. ( Honestly, if you've not included stdlib.h then you've way more problems than casting malloc ! ).
I put in the cast simply to show disapproval of the ugly hole in the type system, which allows code such as the following snippet to compile without diagnostics, even though no casts are used to bring about the bad conversion:
double d;
void *p = &d;
int *q = p;
I wish that didn't exist (and it doesn't in C++) and so I cast. It represents my taste, and my programming politics. I'm not only casting a pointer, but effectively, casting a ballot, and casting out demons of stupidity. If I can't actually cast out stupidity, then at least let me express the wish to do so with a gesture of protest.
In fact, a good practice is to wrap malloc (and friends) with functions that return unsigned char *, and basically never to use void * in your code. If you need a generic pointer-to-any-object, use a char * or unsigned char *, and have casts in both directions. The one relaxation that can be indulged, perhaps, is using functions like memset and memcpy without casts.
malloc
unsigned char *
void *
char *
unsigned char *
memset
memcpy
On the topic of casting and C++ compatibility, if you write your code so that it compiles as both C and C++ (in which case you have to cast the return value of malloc when assigning it to something other than void *), you can do a very helpful thing for yourself: you can use macros for casting which translate to C++ style casts when compiling as C++, but reduce to a C cast when compiling as C:
malloc
void *
/* In a header somewhere */
#ifdef __cplusplus
#define strip_qual(TYPE, EXPR) (const_cast<TYPE>(EXPR))
#define convert(TYPE, EXPR) (static_cast<TYPE>(EXPR))
#define coerce(TYPE, EXPR) (reinterpret_cast<TYPE>(EXPR))
#else
#define strip_qual(TYPE, EXPR) ((TYPE) (EXPR))
#define convert(TYPE, EXPR) ((TYPE) (EXPR))
#define coerce(TYPE, EXPR) ((TYPE) (EXPR))
#endif
If you adhere to these macros, then a simple grep search of your code base for these identifiers will show you where all your casts are, so you can review whether any of them are incorrect.
grep
Then, going forward, if you regularly compile the code with C++, it will enforce the use of an appropriate cast. For instance, if you use strip_qual just to remove a const or volatile, but the program changes in such a way that a type conversion is now involved, you will get a diagnostic, and you will have to use a combination of casts to get the desired conversion.
strip_qual
const
volatile
To help you adhere to these macros, the the GNU C++ (not C!) compiler has a beautiful feature: an optional diagnostic which is produced for all occurrences of C style casts.
If your C code compiles as C++, you can use this -Wold-style-cast option to find out all occurrences of the (type) casting syntax that may creep into the code, and follow up on these diagnostics by replacing it with an appropriate choice from among the above macros (or a combination, if necessary).
-Wold-style-cast
(type)
This treatment of conversions is the single largest standalone technical justification for working in a "Clean C": the combined C and C++ dialect, which in turn technically justifies casting the return value of malloc.
malloc
The concept behind void pointer is that it can be casted to any data type that is why malloc returns void. Also you must be aware of automatic typecasting. So it is not mandatory to cast the pointer though you must do it. It helps in keeping the code clean and helps debugging
The best thing to do when programming in C whenever it is possible:
-Wall
auto
-Wall
-std=c++11
This procedure lets you take advantage of C++ strict type checking, thus reducing the number of bugs. In particular, this procedure forces you to include stdlib.hor you will get
stdlib.h
malloc was not declared within this scope
malloc
and also forces you to cast the result of malloc or you will get
malloc
invalid conversion from void* to T*
void*
T*
or what ever your target type is.
The only benefits from writing in C instead of C++ I can find are
Notice that the second cons should in the ideal case disappear when using the subset common to C together with the static polymorphic feature.
For those that finds C++ strict rules inconvenient, we can use the C++11 feature with inferred type
auto memblock=static_cast<T*>(malloc(n*sizeof(T))); //Mult may overflow...
gcc -c c_code.c
g++ -c cpp_code.cpp
gcc c_code.o cpp_code.o
p = malloc(sizeof(*p));
p
p
malloc()
In general, you don't cast to or from void *.
void *
A typical reason given for not doing so is that failure to #include <stdlib.h> could go unnoticed. This isn't an issue anymore for a long time now as C99 made implicit function declarations illegal, so if your compiler conforms to at least C99, you will get a diagnostic message.
#include <stdlib.h>
But there's a much stronger reason not to introduce unnecessary pointer casts:
In C, a pointer cast is almost always an error. This is because of the following rule (§6.5 p7 in N1570, the latest draft for C11):
An object shall have its stored value accessed only by an lvalue expression that has one of
the following types:
— a type compatible with the effective type of the object,
— a qualified version of a type compatible with the effective type of the object,
— a type that is the signed or unsigned type corresponding to the effective type of the
object,
— a type that is the signed or unsigned type corresponding to a qualified version of the
effective type of the object,
— an aggregate or union type that includes one of the aforementioned types among its
members (including, recursively, a member of a subaggregate or contained union), or
— a character type.
This is also known as the strict aliasing rule. So the following code is undefined behavior:
long x = 5;
double *p = (double *)&x;
double y = *p;
And, sometimes surprisingly, the following is as well:
struct foo int x; ;
struct bar int x; int y; ;
struct bar b = 1, 2;
struct foo *p = (struct foo *)&b;
int z = p->x;
Sometimes, you do need to cast pointers, but given the strict aliasing rule, you have to be very careful with it. So, any occurrence of a pointer cast in your code is a place you have to double-check for its validity. Therefore, you never write an unnecessary pointer cast.
In a nutshell: Because in C, any occurrence of a pointer cast should raise a red flag for code requiring special attention, you should never write unnecessary pointer casts.
Side notes:
There are cases where you actually need a cast to void *, e.g. if you want to print a pointer:
void *
int x = 5;
printf("%pn", (void *)&x);
The cast is necessary here, because printf() is a variadic function, so implicit conversions don't work.
printf()
In C++, the situation is different. Casting pointer types is somewhat common (and correct) when dealing with objects of derived classes. Therefore, it makes sense that in C++, the conversion to and from void * is not implicit. C++ has a whole set of different flavors of casting.
void *
I prefer to do the cast, but not manually. My favorite is using g_new and g_new0 macros from glib. If glib is not used, I would add similar macros. Those macros reduce code duplication without compromising type safety. If you get the type wrong, you would get an implicit cast between non-void pointers, which would cause a warning (error in C++). If you forget to include the header that defines g_new and g_new0, you would get an error. g_new and g_new0 both take the same arguments, unlike malloc that takes fewer arguments than calloc. Just add 0 to get zero-initialized memory. The code can be compiled with a C++ compiler without changes.
g_new
g_new0
g_new
g_new0
g_new
g_new0
malloc
calloc
0
A void pointer is a generic pointer and C supports implicit conversion from a void pointer type to other types, so there is no need of explicitly typecasting it.
However, if you want the same code work perfectly compatible on a C++ platform, which does not support implicit conversion, you need to do the typecasting, so it all depends on usability.
As other stated, it is not needed for C, but for C++.
Including the cast may allow a C program or function to compile as C++.
In C it is unnecessary, as void * is automatically and safely promoted to any other pointer type.
But if you cast then, it can hide an error if you forgot to include
stdlib.h. This can cause crashes (or, worse, not cause a crash
until way later in some totally different part of the code).
Because stdlib.h contains the prototype for malloc is found. In the
absence of a prototype for malloc, the standard requires that the C
compiler assumes malloc returns an int. If there is no cast, a
warning is issued when this integer is assigned to the pointer;
however, with the cast, this warning is not produced, hiding a bug.
The casting of malloc is unnecessary in C but mandatory in C++.
<stdlib.h>
Please do yourself a favor and more importantly a favor for the next person who will maintain your code, and provide as much information as possible about the data type of a program's variables.
Thus, cast the returned pointer from malloc. In the following code the compiler can be assured that sieve is in fact being assigned a point to an integer(s).
cast
malloc
int *sieve = (int *) malloc(sizeof(int) * length);
This reduces the chance for a human error when/if the data type for sieve is changed.
I would be interested in knowing if there are any "pure" C compilers that would flag this statement as being in error. If so, let me know, so that I can avoid them as their lack of type checking will increase the overall expense of maintaining software.
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Mixing
Also, it is more maintainable to write sieve = malloc( sizeof *sieve * length );
– William Pursell
Jul 29 '09 at 17:15