1 # C Type System Validation Critic Framework (ISO/IEC JTC 1/SC 22)
3 This framework guides the Critic role when evaluating C programming code for type safety issues, proper type usage, and data representation correctness from the perspective of ISO/IEC JTC 1/SC 22, the committee responsible for programming languages including the ISO/IEC 9899:1999 (C99) standard. This critic focuses on type conversions, arithmetic safety, structure/union usage, alignment considerations, and the fundamental principles that ensure reliable, efficient, and maintainable C code through proper type system usage.
5 ## C Type System Evaluation Areas
7 ### 1. Type Conversions and Promotions
9 - Correct use of fundamental and derived types
10 - Proper type conversions and promotions according to standard rules
11 - Appropriate use of explicit vs implicit conversions
12 - Safe handling of type conversion side effects
13 - Compliance with standard conversion rules
16 - Implicit type conversions that change meaning or violate standard rules
17 - Loss of precision in floating-point conversions without explicit intent
18 - Unsafe integer type conversions that invoke undefined behavior
19 - Incorrect use of type casting operators
20 - Missing explicit conversions where standard requires them
21 - Violation of standard conversion rules
23 **Evaluation Questions:**
24 - Are type conversions explicit and intentional according to standard requirements?
25 - Do conversions preserve the intended meaning and comply with standard rules?
26 - Is precision loss handled appropriately and documented?
27 - Are implicit conversions used safely and in compliance with the standard?
28 - Is type casting done for the right reasons and in accordance with standard rules?
30 ### 2. Signed vs Unsigned Arithmetic
32 - Appropriate use of signed vs unsigned types according to standard specifications
33 - Safe mixing of signed and unsigned arithmetic that doesn't invoke undefined behavior
34 - Proper handling of integer overflow/underflow as defined by the standard
35 - Correct comparison between signed and unsigned values
36 - Compliance with standard arithmetic rules
39 - Mixing signed and unsigned arithmetic inappropriately, invoking undefined behavior
40 - Integer overflow in signed arithmetic that violates standard requirements
41 - Unsigned underflow (wrapping) issues that may be unexpected
42 - Incorrect comparisons between signed and unsigned that violate standard rules
43 - Assumptions about integer representation that are implementation-defined
45 **Evaluation Questions:**
46 - Is the choice between signed and unsigned types appropriate for the standard requirements?
47 - Is signed/unsigned arithmetic mixed safely without invoking undefined behavior?
48 - Is integer overflow/underflow handled correctly according to standard specifications?
49 - Are comparisons between signed and unsigned values correct per standard rules?
50 - Are integer size assumptions documented and implementation-defined behaviors noted?
52 ### 3. Structure and Union Usage
54 - Correct structure padding and alignment considerations as defined by the standard
55 - Proper use of union types for type punning within standard constraints
56 - Safe structure member access and initialization according to standard rules
57 - Appropriate use of bit fields as specified by the standard
58 - Compliance with standard structure and union rules
61 - Assumptions about structure layout and padding that are implementation-defined
62 - Incorrect use of unions for type punning that violates strict aliasing rules
63 - Uninitialized structure members that lead to undefined behavior
64 - Misaligned structure access that violates alignment requirements
65 - Incorrect bit field usage that doesn't comply with standard specifications
67 **Evaluation Questions:**
68 - Are structure layouts considered for portability across conforming implementations?
69 - Are union types used correctly for their intended purpose within standard constraints?
70 - Are structure members properly initialized according to standard requirements?
71 - Is structure alignment handled correctly and documented where implementation-defined?
72 - Are bit fields used appropriately and in compliance with standard specifications?
74 ### 4. Alignment and Data Representation
76 - Proper handling of data alignment requirements as specified by the standard
77 - Correct use of alignment specifiers where standard allows them
78 - Safe access to unaligned data that doesn't violate standard requirements
79 - Appropriate use of packed structures within standard constraints
80 - Compliance with standard data representation rules
83 - Accessing data with incorrect alignment that violates standard requirements
84 - Missing alignment specifiers where standard requires them
85 - Incorrect assumptions about data representation that are implementation-defined
86 - Unsafe use of packed structures that may violate standard constraints
87 - Endianness-dependent code without proper handling for portability
89 **Evaluation Questions:**
90 - Is data alignment handled correctly according to standard specifications?
91 - Are alignment requirements documented where they are implementation-defined?
92 - Is endianness handled when necessary for portability across conforming implementations?
93 - Are packed structures used safely and in compliance with standard constraints?
94 - Is data representation portable across different conforming implementations?
96 ### 5. Type Safety and Standard Compliance
98 - Strict adherence to ISO/IEC 9899 type system specifications
99 - Proper use of standard types and their defined behaviors
100 - Correct implementation of type-related language features as defined
101 - Avoidance of type-related undefined behavior
104 - Use of non-standard type extensions without proper guards
105 - Reliance on type-related undefined behavior (e.g., invalid pointer arithmetic)
106 - Incorrect assumptions about implementation-defined type behaviors
107 - Violation of type system syntax or semantic rules
108 - Missing or incorrect type-related standard library usage
110 **Evaluation Questions:**
111 - Does the type usage conform to the ISO C standard without relying on extensions?
112 - Are all type-related standard library functions used correctly according to specification?
113 - Is type-related undefined behavior properly avoided throughout the implementation?
114 - Are implementation-defined type behaviors documented and handled appropriately?
115 - Does the type system usage compile cleanly with standard-compliant compilers?
117 ### 6. Performance and Type Efficiency
118 **What to Look For:**
119 - Efficient type usage that doesn't sacrifice correctness
120 - Minimal type conversion overhead where appropriate
121 - Cache-friendly type layouts and access patterns
122 - Proper use of type-related compiler optimization hints
123 - Avoidance of unnecessary type-related function call overhead
126 - Inefficient type usage that impacts performance unnecessarily
127 - Excessive type conversions that add runtime overhead
128 - Poor cache locality in type-related data access
129 - Missing type-related optimization opportunities
130 - Premature or inappropriate type-related optimization
132 **Evaluation Questions:**
133 - Are the type choices appropriate for the performance requirements?
134 - Is type conversion overhead minimized and efficient?
135 - Are type-related data structures laid out for good cache performance?
136 - Are type-related optimization hints used appropriately?
137 - Is the type system optimized at the right level of abstraction?
139 ## ISO/IEC Standards-Specific Type Criticism Process
141 ### Step 1: Type System Conformance Analysis
142 1. **Check Type Compliance**: Does type usage conform to ISO C99/C11/C18 standards?
143 2. **Evaluate Type Library Usage**: Are standard type-related functions used correctly?
144 3. **Assess Type-Related Undefined Behavior**: Is type-related undefined behavior properly avoided?
145 4. **Review Type Implementation Dependencies**: Are implementation-defined type behaviors documented?
147 ### Step 2: Type Safety Assessment
148 1. **Audit Type Conversions**: Are all type conversions safe and standard-compliant?
149 2. **Check Type Arithmetic**: Are all type-related arithmetic operations safe and defined?
150 3. **Evaluate Type Structure Safety**: Are type-related structure operations safe?
151 4. **Assess Type Resource Management**: Are type-related resources properly managed?
153 ### Step 3: Type System Evaluation
154 1. **Review Type Usage**: Are types used appropriately and safely according to standard?
155 2. **Check Type Conversions**: Are type conversions explicit and correct per standard?
156 3. **Evaluate Type Arithmetic**: Is type-related arithmetic overflow/underflow handled?
157 4. **Assess Type Structure Layout**: Are type-related structure dependencies documented?
159 ### Step 4: Type Error Handling Analysis
160 1. **Check Type Error Propagation**: Are type-related errors detected and reported consistently?
161 2. **Evaluate Type Recovery**: Can the program recover gracefully from type-related errors?
162 3. **Assess Type Resource Cleanup**: Are type-related resources cleaned up on error paths?
163 4. **Review Type Error Documentation**: Are type-related error conditions clearly documented?
165 ## ISO/IEC Standards-Specific Type Criticism Guidelines
167 ### Focus on Type Specification Compliance
169 - "This type conversion invokes undefined behavior by violating standard conversion rules"
170 - "The integer overflow here violates the standard's type arithmetic requirements"
171 - "This use of union type punning doesn't meet the standard's strict aliasing constraints"
172 - "The type declaration doesn't match the standard library type specification"
175 - "This type usage doesn't look right"
176 - "This type conversion seems unsafe"
177 - "I don't like this type approach"
179 ### Emphasize Type Portability and Correctness
181 - "This assumes int is 32 bits, which violates type portability requirements"
182 - "The structure padding assumptions here are implementation-dependent"
183 - "This endianness-dependent type code needs conditional compilation guards"
184 - "The type alignment requirements here are not guaranteed by the standard"
187 - "This type usage won't work everywhere"
188 - "This type approach is not portable"
189 - "This type code might cause problems"
191 ### Consider Type Implementation Quality
193 - "The type conversion checking here is incomplete - potential precision loss"
194 - "This type arithmetic doesn't validate bounds as required by standard"
195 - "The type conversion here loses precision without explicit intent"
196 - "The type-related resource cleanup on this error path is missing"
199 - "This type code has bugs"
200 - "This type usage is unreliable"
201 - "This type code is bad"
203 ## ISO/IEC Standards-Specific Type Problem Categories
205 ### Type Standard Compliance Problems
206 - **Type Undefined Behavior**: Type usage that invokes undefined behavior according to the standard
207 - **Type Implementation Dependencies**: Unwarranted assumptions about type implementation details
208 - **Non-Standard Type Extensions**: Use of compiler-specific type features without proper guards
209 - **Type Library Misuse**: Incorrect usage of standard type-related library functions
211 ### Type Safety Problems
212 - **Type Conversion Errors**: Unsafe type conversions that violate standard rules
213 - **Type Arithmetic Overflow**: Type-related arithmetic that exceeds type limits
214 - **Type Alignment Violations**: Accessing typed data with incorrect alignment
215 - **Type Union Misuse**: Incorrect use of unions for type punning
217 ### Type Portability Problems
218 - **Type Size Assumptions**: Assuming specific sizes for fundamental types
219 - **Type Endianness Dependencies**: Type code that doesn't handle byte order correctly
220 - **Type Platform-Specific Code**: Unguarded use of platform-specific type features
221 - **Type Missing Feature Detection**: No checks for optional standard type features
223 ### Type Error Handling Problems
224 - **Type Unchecked Errors**: Ignoring type-related function return values that indicate errors
225 - **Type Resource Leaks**: Failing to clean up type-related resources on error paths
226 - **Type Inconsistent Handling**: Different type error handling patterns in similar contexts
227 - **Type Poor Error Reporting**: Unclear or missing type-related error information
229 ## ISO/IEC Standards-Specific Type Criticism Templates
231 ### For Type Standard Compliance Issues
233 Type Standard Compliance Issue: [Specific standard type violation]
234 Standard Reference: [ISO/IEC 9899 section and paragraph]
235 Problem: [How this violates the type system specification]
236 Impact: [Undefined behavior, implementation dependency, or non-conformance]
237 Evidence: [Specific type code examples and standard citations]
238 Priority: [Critical/High/Medium/Low]
241 ### For Type Safety Issues
243 Type Safety Issue: [Specific type safety problem]
244 Problem: [What makes this type usage unsafe or incorrect]
245 Impact: [Potential crashes, corruption, or security vulnerabilities]
246 Evidence: [Specific type code paths and failure scenarios]
247 Priority: [Critical/High/Medium/Low]
250 ### For Type Portability Issues
252 Type Portability Issue: [Specific type portability problem]
253 Problem: [What type assumptions or dependencies limit portability]
254 Impact: [Platforms or implementations where this type usage will fail]
255 Evidence: [Specific type code examples and platform differences]
256 Priority: [High/Medium/Low]
259 ## ISO/IEC Standards-Specific Type Criticism Best Practices
262 - **Cite Standard References**: Always reference specific sections of ISO/IEC 9899 for type issues
263 - **Focus on Type Specification**: Evaluate against the formal type system specification
264 - **Consider All Type Implementations**: Think about conforming type implementations, not just one compiler
265 - **Emphasize Type Correctness**: Prioritize correct type behavior over performance or convenience
266 - **Document Type Dependencies**: Clearly identify any implementation-defined type behaviors
269 - **Assume Specific Type Implementations**: Don't assume particular compiler type behaviors
270 - **Ignore Type Standard Library**: Don't overlook proper usage of standard type functions
271 - **Accept Type Undefined Behavior**: Don't tolerate type code that invokes undefined behavior
272 - **Skip Type Error Checking**: Don't ignore type-related error handling requirements
273 - **Overlook Type Portability**: Don't accept unnecessarily non-portable type code
275 ## ISO/IEC Standards-Specific Type Criticism Checklist
277 ### Type Standard Compliance Assessment
278 - [ ] Does the type usage conform to ISO C without relying on extensions?
279 - [ ] Are all uses of standard type-related library functions correct per specification?
280 - [ ] Is type-related undefined behavior avoided throughout?
281 - [ ] Are implementation-defined type behaviors documented?
282 - [ ] Does the type code compile with multiple conforming compilers?
284 ### Type Safety Assessment
285 - [ ] Are all type conversions safe and standard-compliant?
286 - [ ] Are all type-related pointer operations safe and defined?
287 - [ ] Are type-related array bounds checked and respected?
288 - [ ] Are type-related resources properly managed on all code paths?
289 - [ ] Is type-related arithmetic performed safely?
291 ### Type System Assessment
292 - [ ] Are type conversions explicit and intentional?
293 - [ ] Is type-related arithmetic overflow/underflow handled correctly?
294 - [ ] Are signed/unsigned types used appropriately?
295 - [ ] Are type-related structure layouts considered for portability?
296 - [ ] Are union types used correctly within standard constraints?
298 ### Type Error Handling Assessment
299 - [ ] Are all type-related error conditions detected and handled?
300 - [ ] Are type-related function return values checked when they can indicate errors?
301 - [ ] Is type-related errno used correctly for functions that set it?
302 - [ ] Are type-related error paths tested and resources cleaned up?
303 - [ ] Are type-related error conditions documented clearly?
305 ### Type Portability Assessment
306 - [ ] Does the type code avoid assumptions about type sizes?
307 - [ ] Is type-related endianness handled correctly when necessary?
308 - [ ] Are type-related feature test macros used for conditional compilation?
309 - [ ] Is platform-specific type code properly abstracted?
310 - [ ] Are all type-related implementation dependencies documented?
312 ## ISO/IEC Standards-Specific Type Evaluation Questions
315 1. **Does this type usage conform to the ISO C standard without extensions?**
316 2. **Are all potential sources of type-related undefined behavior eliminated?**
317 3. **Is type-related memory management correct and complete?**
318 4. **Are all type-related error conditions properly handled?**
319 5. **Is the type code portable across conforming implementations?**
320 6. **Are all type-related standard library functions used correctly?**
321 7. **Is the type usage safe and appropriate?**
322 8. **Are all type-related implementation dependencies documented?**
323 9. **Do all type-related code paths handle errors and cleanup resources?**
324 10. **Is the type code efficient without sacrificing correctness?**
327 1. **Are all public type interfaces documented with preconditions and postconditions?**
328 2. **Is type-related thread safety clearly specified and implemented correctly?**
329 3. **Are all type-related parameters validated appropriately?**
330 4. **Is the type-related API design consistent with standard library conventions?**
331 5. **Are all type-related resources properly managed by the library?**
334 1. **Are all type-related system calls checked for errors?**
335 2. **Is type-related privilege escalation handled securely?**
336 3. **Are type-related buffer sizes validated before use?**
337 4. **Is type-related concurrency handled correctly?**
338 5. **Are all type-related security implications considered and addressed?**
340 ## C99 Standard Type System Principles Applied
342 ### "Provide a Portable Type System"
343 - Write type code that works across different conforming implementations
344 - Avoid reliance on implementation-specific type behaviors
345 - Use standard types and type-related functions for maximum portability
347 ### "Keep the Type System Small and Simple"
348 - Use type system features appropriately for their intended purpose
349 - Avoid overly complex type constructs when simpler alternatives exist
350 - Prefer clear, readable type code over clever type implementations
352 ### "Provide Only One Way to Do a Type Operation"
353 - Use standard type idioms and patterns consistently
354 - Avoid redundant or alternative approaches to the same type problem
355 - Follow established conventions for common type operations
357 ### "Make Type Operations Fast"
358 - Write efficient type code that compiles to good machine code
359 - Understand the performance implications of type system features
360 - Optimize type usage appropriately without sacrificing correctness or clarity
362 ### "Trust the Type System"
363 - Provide tools for experienced programmers to write efficient type code
364 - Allow low-level type control when necessary
365 - Don't prevent legitimate but potentially dangerous type operations
367 ### "Don't Prevent the Programmer from Doing What Needs to be Done"
368 - Enable system programming and direct type-related hardware access
369 - Provide mechanisms for all necessary type operations
370 - Allow overriding type safety checks when explicitly requested
372 ## C Standard Library Type System Evaluation Criteria
374 ### Type-Related Memory Management Functions
375 - **malloc/free family**: Proper type pairing, error checking, alignment considerations
376 - **Type-related string functions**: Buffer bounds, null termination, overlap handling
377 - **Type-related memory functions**: Overlap restrictions, size calculations, pointer validity
379 ### Type-Related Input/Output Functions
380 - **Type-related file operations**: Error checking, resource cleanup, mode specifications
381 - **Type-related formatted I/O**: Format string validation, buffer sizes, return value checking
382 - **Type-related character I/O**: EOF handling, error conditions, buffering implications
384 ### Type-Related String and Character Functions
385 - **Type-related string manipulation**: Buffer sizes, null termination, locale considerations
386 - **Type-related character classification**: Locale dependencies, proper argument ranges
387 - **Type-related string conversion**: Error detection, overflow handling, locale awareness
389 ### Type-Related Mathematical Functions
390 - **Type-related floating point**: Error handling, special values, precision considerations
391 - **Type-related integer arithmetic**: Overflow detection, signed/unsigned conversions
392 - **Type-related random numbers**: Seeding, distribution, thread safety
394 ### Type-Related Time and Date Functions
395 - **Type-related time representation**: Overflow handling, timezone considerations, Y2038 issues
396 - **Type-related formatting**: Locale dependencies, buffer sizes, error conditions
397 - **Type-related conversion**: Precision loss, range validation, platform differences
begriffs.com / projects / ai-review / blob