You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
__DATE__ and __TIME__ are string constants with 11 characters and 8 characters, respectively. But C uses null-terminated strings, so the storage space needs 12 characters and 9 characters, respectively. Also, a char and a uint8_t are not necessarily synonymous. The correct application-level declaration and use should be:
The library is welcome to define its own internal type that has a non-null-terminated array of uint8 to store the content (assuming sizeof char == sizeof uint8_t, which is true on most embedded processors but not all -- notably TI C2800 DSP which has a 16-bit char), but initializing a uint8_t[11] with __DATE__ is problematic.
The const in const uint16_t appVersion is useless for callers as a function signature; C passes all arguments by value. It does mean that the implementation of initVersionInfo cannot change the value in its implementation, but that is of questionable value. The const keyword has its primary use when defining storage for a variable (const SOMETYPE x = ...) and when using in a function signature that accepts pointers (void somefunc(const SOMETYPE *px);) to prevent the compiler from modifying the content.
compilationDate_t is passed by value rather than by pointers when it's not necessary to do so, and it is stored as a pointer when it is not safe to do so.
The compiler is free to allocate storage on the stack for the function argument compilationDate in both X2Cscope_Initialise() and initVersionInfo(), and copy the 19-byte data structure twice, once for each function call. (It may be able to optimize this out, but I am not sure of this.)
Furthermore, it is stored in framePrgCompDateTime as a uint8_t * based on &compilationDate in initVersionInfo(), which may be on the stack. Safe programming practices should copy this structure into an internal buffer, rather than depend on storing a typecast pointer to an external struct.
If framePrgCompDateTime is going to use a pointer rather than an internal buffer, it should at least be a const uint8_t * (or const compilationDate_t *) so that the compiler knows it is not safe to modify the pointer data.
The use of
compilationDate_tis handled incorrectly in several ways. This is a typedef:This is a 19-byte structure containing date and time info. It is used by application code as follows (
X2Cscope_library_make/interface/X2Cscope.c
Line 61 in 6bac2d8
and internally the implementation does this:
X2Cscope_library_wrapper.c:
and in VersionInfo.c
where
tTableStructis defined in CommonFcts.h:This implementation has several problems.
__DATE__and__TIME__are string constants with 11 characters and 8 characters, respectively. But C uses null-terminated strings, so the storage space needs 12 characters and 9 characters, respectively. Also, acharand auint8_tare not necessarily synonymous. The correct application-level declaration and use should be:The library is welcome to define its own internal type that has a non-null-terminated array of
uint8to store the content (assumingsizeof char == sizeof uint8_t, which is true on most embedded processors but not all -- notably TI C2800 DSP which has a 16-bit char), but initializing auint8_t[11]with__DATE__is problematic.uint8anduint16are not standard data types. Code should useuint8_tanduint16_tas declared in<stdint.h>. Adding additional types and mixing/matching use ofuint8_t/uint8has the potential to cause confusion. (Entered as Use stdint.h types such as uint8_t, and do not create nonstandard aliases; X2cDataTypes.h does not exist #10.)The
constinconst uint16_t appVersionis useless for callers as a function signature; C passes all arguments by value. It does mean that the implementation ofinitVersionInfocannot change the value in its implementation, but that is of questionable value. Theconstkeyword has its primary use when defining storage for a variable (const SOMETYPE x = ...) and when using in a function signature that accepts pointers (void somefunc(const SOMETYPE *px);) to prevent the compiler from modifying the content.compilationDate_tis passed by value rather than by pointers when it's not necessary to do so, and it is stored as a pointer when it is not safe to do so.compilationDatein bothX2Cscope_Initialise()andinitVersionInfo(), and copy the 19-byte data structure twice, once for each function call. (It may be able to optimize this out, but I am not sure of this.)framePrgCompDateTimeas auint8_t *based on&compilationDateininitVersionInfo(), which may be on the stack. Safe programming practices should copy this structure into an internal buffer, rather than depend on storing a typecast pointer to an external struct.If
framePrgCompDateTimeis going to use a pointer rather than an internal buffer, it should at least be aconst uint8_t *(orconst compilationDate_t *) so that the compiler knows it is not safe to modify the pointer data.