logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Understanding-pointers.md (10272B)

    

  1. ---
  2. date: 2016-05-28
  3. # vim: tw=80
  4. layout: post
  5. title: Understanding pointers
  6. tags: [C, instructive]
  7. ---
  9. <style>
  10. table {
  11.   border-spacing: 0;
  12.   width: 100%;
  13. }
  15. th, td {
  16.   border-bottom: 1px solid black;
  17. }
  18. </style>
  20. I was recently chatting with a new contributor to Sway who is using the project
  21. as a means of learning C, and he had some questions about what `void**` meant
  22. when he found some in the code. It became apparent that this guy only has a
  23. basic grasp on pointers at this point in his learning curve, and I figured it
  24. was time for another blog post - so today, I'll explain pointers.
  26. To understand pointers, you must first understand how memory works. Your RAM is
  27. basically a flat array of
  28. [octets](https://en.wikipedia.org/wiki/Octet_(computing)). Your compiler
  29. describes every data structure you use as a series of octets. For the context of
  30. this article, let's consider the following memory:
  32. | 0x0000 | 0x0001 | 0x0002 | 0x0003 | 0x0004 | 0x0005 | 0x0006 | 0x0007 |
  33. |:-------|:-------|:-------|:-------|:-------|:-------|:-------|:-------|
  34. | 0x00   | 0x00   | 0x00   | 0x00   | 0x08   | 0x42   | 0x00   | 0x00   |
  36. We can refer to each element of this array by its index, or address. For
  37. example, the value at address 0x0004 is 0x08. On this system, we're using 16-bit
  38. addresses to refer to 8-bit values. On an i686 (32-bit) system, we use 32-bit
  39. addresses to refer to 8-bit values. On an amd64 (64-bit) system, we use 64-bit
  40. addresses to refer to 8-bit values. On Notch's imaginary DCPU-16 system, we use
  41. 16-bit addresses to refer to 16-bit values.
  43. To refer to the value at 0x0004, we can use a pointer. Let's declare it like so:
  45. ```c
  46. uint8_t *value = (uint8_t *)0x0004;
  47. ```
  49. Here we're declaring a variable named value, whose type is `uint8_t*`. The *
  50. indicates that it's a pointer. Now, because this is a 16-bit system, the size of
  51. a pointer is 16 bits. If we do this:
  53. ```c
  54. printf("%d\n", sizeof(value));
  55. ```
  57. It will print 2, because it takes 16-bits (or 2 bytes) to refer to an address on
  58. this system, even though the value there is 8 bits. On your system it would
  59. probably print 8, or maybe 4 if you're on a 32-bit system. We could also do this:
  61. ```c
  62. uint16_t address = 0x0004;
  63. uint8_t *ptr = (uint8_t *)address;
  64. ```
  66. In this case we're not casting the `uint16_t` value 0x0004 to a `uint8_t`, which
  67. would truncate the integer. No, instead, we're casting it to a `uint8_t*`, which
  68. is the size required to represent a pointer on this system. All pointers are the
  69. same size.
  71. ## Dereferencing pointers
  73. We can refer to the value at the other end of this pointer by *dereferencing* it.
  74. The pointer is said to contain a *reference* to a value in memory. By
  75. *dereferencing* it, we can obtain that value. For example:
  77. ```c
  78. uint8_t *value = (uint8_t *)0x0004;
  79. printf("%d\n", *value); // prints 8
  80. ```
  82. ## Working with multi-byte values
  84. Even though memory is basically a big array of `uint8_t`, thankfully we can work
  85. with other kinds of data structures inside of it. For example, say we wanted to
  86. store the value 0x1234 in memory. This doesn't fit in 8 bits, so we need to
  87. store it at two different addresses. For example, we could store it at 0x0006
  88. and 0x0007:
  90. | 0x0000 | 0x0001 | 0x0002 | 0x0003 | 0x0004 | 0x0005 | 0x0006 | 0x0007 |
  91. |:-------|:-------|:-------|:-------|:-------|:-------|:-------|:-------|
  92. | 0x00   | 0x00   | 0x00   | 0x00   | 0x08   | 0x42   | 0x34   | 0x12   |
  94. *0x0007 makes up the first byte of the value, and *0x0006 makes up the second
  95. byte of the value.
  97. <div class="well">
  98.     Why not the other way around? Well, most systems these days use the "little
  99.     endian" notation for storing multi-byte integers in memory, which stores the
  100.     least significant byte first. The least significant byte is the one with the
  101.     smallest order of magnitude (in base sixteen). To get the final number, we
  102.     use (0x12 * 0x100) + (0x34 * 0x1), which gives us 0x1234. Read more about
  103.     endianness <a href="https://en.wikipedia.org/wiki/Endianness">here</a>.
  104. </div>
  106. C allows us to use pointers that refer to these sorts of composite values, like
  107. so:
  109. ```c
  110. uint16_t *value = (uint16_t *)0x0006;
  111. printf("0x%X\n", *value); // Prints 0x1234
  112. ```
  114. Here, we've declared a pointer to a value whose type is `uint16_t`. Note that the
  115. size of this pointer is the same size of the `uint8_t*` pointer - 16 bits, or
  116. two bytes. The value it *references*, though, is a different type than 
  117. `uint8_t*` references.
  119. ## Indirect pointers
  121. Here comes the crazy part - you can work with pointers to pointers. The address
  122. of the `uint16_t` pointer we've been talking about is 0x0006, right? Well, we
  123. can store that number in memory as well. If we store it at 0x0002, our memory
  124. looks like this:
  126. | 0x0000 | 0x0001 | 0x0002 | 0x0003 | 0x0004 | 0x0005 | 0x0006 | 0x0007 |
  127. |:-------|:-------|:-------|:-------|:-------|:-------|:-------|:-------|
  128. | 0x00   | 0x00   | 0x06   | 0x00   | 0x08   | 0x42   | 0x34   | 0x12   |
  130. The question might then become, how do we get it out again? Well, we can use a
  131. pointer *to that pointer*! Check out this code:
  133. ```c
  134. uint16_t **pointer_to_a_pointer = (uint16_t**)0x0002;
  135. ```
  137. This code just declared a variable whose type is `uint16_t**`, which a pointer
  138. whose value is a `uint16_t*`, which itself points to a value that is a
  139. `uint16_t`. Pretty cool, huh?  We can dereference this too:
  141. ```c
  142. uint16_t **pointer_to_a_pointer = (uint16_t**)0x0002;
  143. uint16_t *pointer = *pointer_to_a_pointer;
  144. printf("0x%X\n", *pointer); // Prints 0x1234
  145. ```
  147. We don't actually even need the intermediate variable. This works too:
  149. ```c
  150. uint16_t **pointer_to_a_pointer = (uint16_t**)0x0002;
  151. printf("0x%X\n", **pointer_to_a_pointer); // Prints 0x1234
  152. ```
  154. ## Void pointers
  156. The next question that would come up to your average C programmer would be,
  157. "well, what is a `void*`?" Well, remember earlier when I said that all pointers,
  158. regardless of the type of value they reference, are just fixed size integers?
  159. In the imaginary system we've been talking about, pointers are 16-bit addresses,
  160. or indexes, that refer to places in RAM. On the system you're reading this
  161. article on, it's probably a 64-bit integer. Well, we don't actually need to
  162. specify the type to be able to manipulate pointers if they're just a fixed size
  163. integer - so we don't have to. A `void*` stores an arbitrary address without
  164. bringing along any type information. You can later *cast* this variable to a
  165. specific kind of pointer to dereference it. For example:
  167. ```c
  168. void *pointer = (void*)0x0006;
  169. uint8_t *uintptr = (uint8_t*)pointer;
  170. printf("0x%X", *uintptr); // prints 0x34
  171. ```
  173. Take a closer look at this code, and recall that 0x0006 refers to a 16-bit value
  174. from the previous section. Here, though, we're treating it as an 8-bit value -
  175. the `void*` contains no assumptions about what kind of data is there. The result
  176. is that we end up treating it like an 8-bit integer, which ends up being the
  177. least significant byte of 0x1234;
  179. ## Dereferencing structures
  181. In C, we often work with structs. Let's describe one to play with:
  183. ```c
  184. struct coordinates {
  185.     uint16_t x, y;
  186.     struct coordinates *next;
  187. };
  188. ```
  190. Our structure describes a linked list of coordinates. X and Y are the
  191. coordinates, and next is a pointer to the next set of coordinates in our list.
  192. I'm going to drop two of these in memory:
  194. | 0x0000 | 0x0001 | 0x0002 | 0x0003 | 0x0004 | 0x0005 | 0x0006 | 0x0007 |
  195. |:-------|:-------|:-------|:-------|:-------|:-------|:-------|:-------|
  196. | 0xAD   | 0xDE   | 0xEF   | 0xBE   | 0x06   | 0x00   | 0x34   | 0x12   |
  198. Let's write some C code to reason about this memory with:
  200. ```c
  201. struct coordinates *coords;
  202. coords = (struct coordinates*)0x0000;
  203. ```
  205. If we look at this structure in memory, you might already be able to pick out
  206. the values. C is going to store the fields of this struct in order. So, we can
  207. expect the following:
  209. ```c
  210. printf("0x%X, 0x%X", coords->x, coords->y);
  211. ```
  213. To print out "0xDEAD, 0xBEEF". Note that we're using the structure dereferencing
  214. operator here, `->`. This allows us to dereference values *inside* of a
  215. structure we have a pointer to. The other case is this:
  217. ```c
  218. printf("0x%X, 0x-X", coords.x, coords.y);
  219. ```
  221. Which only works if `coords` is not a pointer. We also have a pointer within
  222. this structure named next. You can see in the memory I included above that its
  223. address is 0x0004 and its value is 0x0006 - meaning that there's another `struct
  224. coordinates` that lives at 0x0006 in memory. If you look there, you can see the
  225. first part of it. It's X coordinate is 0x1234.
  227. ## Pointer arithmetic
  229. In C, we can use math on pointers. For example, we can do this:
  231. ```c
  232. uint8_t *addr = (uint8_t*)0x1000;
  233. addr++;
  234. ```
  236. Which would make the value of `addr` 0x1001. But this is only true for pointers
  237. whose type is 1 byte in size. Consider this:
  239. ```c
  240. uint16_t *addr = (uint16_t*)0x1000;
  241. addr++;
  242. ```
  244. Here, `addr` becomes 0x1002! This is because ++ on a pointer actually adds
  245. `sizeof(type)` to the actual address stored. The idea is that if we only added
  246. one, we'd be referring to an address that is *in the middle* of a uint16_t,
  247. rather than the next uint16_t in memory that we meant to refer to. This is also
  248. how arrays work. The following two code snippets are equivalent:
  250. ```c
  251. uint16_t *addr = (uint16_t*)0x1000;
  252. printf("%d\n", *(addr + 1));
  253. ```
  255. ```c
  256. uint16_t *addr = (uint16_t*)0x1000;
  257. printf("%d\n", addr[1]);
  258. ```
  260. ## NULL pointers
  262. Sometimes you need to work with a pointer that points to something that may not
  263. exist yet, or a resource that has been freed. In this case, we use a NULL
  264. pointer. In the examples you've seen so far, 0x0000 is a valid address. This is
  265. just for simplicity's sake. In practice, pretty much no modern computer has
  266. any reason to refer to the value at address 0. For that reason, we use NULL to
  267. refer to an uninitialized pointer. Dereferencing a NULL pointer is generally a
  268. Bad Thing and will lead to segfaults. As a fun side effect, since NULL is 0, we
  269. can use it in an if statement:
  271. ```c
  272. void *ptr = ...;
  273. if (ptr) {
  274.     // ptr is valid
  275. } else {
  276.     // ptr is not valid
  277. }
  278. ```
  280. I hope you found this article useful! If you'd
  281. like something fun to read next, read about ["three star
  282. programmers"](http://c2.com/cgi/wiki?ThreeStarProgrammer), or programmers who
  283. have variables like `void***`.