6

I define a structure in a header file like so:

typedef struct {
    void *data;
} point;

I want to keep other people from accessing *data directly, so I thought I'd declare the structure in the .c file instead and use something like extern typedef struct point; in the header file. That doesn't work however.

What's the best way to achieve this?

matthias krull
  • 4,389
  • 3
  • 34
  • 54
ryyst
  • 9,563
  • 18
  • 70
  • 97
  • 1
    You can create a `something_protected.h` and declare your protected stuff there, and include it form your `.c` file as well as your "public" `.h` file. - Although I don't think what the convention for this problem is. If you need protection use C++, it has more advanced features for stuff like this. – vbence Mar 20 '11 at 11:05
  • What you are "missing" is the struct tag. After your code above, there is a unnamed struct definition in scope: you can't refer to it with `struct something`; you must refer to it by its typedef name `point`. – pmg Mar 20 '11 at 13:27

8 Answers8

15

In your (public) header file:

typedef struct point point;

In your .c file:

struct point
{
    void *data;
};

Note that users of your code will no longer be able to create a point on the stack, as the compiler doesn't know how big it is. You may have to provide a point_create() function which allocates memory and returns its address to the caller.

Graham Borland
  • 60,055
  • 21
  • 138
  • 179
  • 2
    +1 If you want this sort of protection in a language like C then the loss of stack allocation is a price you simply have to pay. – David Heffernan Mar 20 '11 at 11:11
  • Note that this doesn't really protect the data, it just mildly obfuscates things. There's nothing to stop someone from saying `struct pointHack{ void *privateData;}` and then casting a `point*` to a `pointHack*` (or even to a plain `void*` in this case) and doing whatever they want with the `privateData`. – aroth Mar 20 '11 at 11:19
  • 1
    Extended example in GLib's GArray [garray.h](http://www.koders.com/c/fid8FB61A2BBE7D60C0F771AB4598CBB478FEF1463D.aspx) [garray.c](http://www.koders.com/c/fidCCADEC9926A37BB502665981738D6ABE81AAF332.aspx) – Steve-o Mar 20 '11 at 11:19
  • When you do this, you stop treating `point` like an object (region of data storage), and treat it like an opaque handle, so the loss of direct allocation and freeing could be seen as a feature. – ninjalj Mar 20 '11 at 11:23
  • This approach may be improved in some cases by defining a "blob" type of suitable size and alignment to hold the object. One could then have define a `point_createin(POINT_STORE *p)` method which would cast the past-in pointer and initialize the new object. If one did that, space for the object could be allocated as an ordinary automatic variable without having to use malloc/free. – supercat Mar 12 '13 at 16:05
6

Use C++

Since jokes seem not be allowed here is the pure C version. As another commenter pointed out if you really want to protect your internals from users of your Api you have seen and used plenty of such Apis. This Apis are e.g. the Windows or Linux user mode Apis. There you create kernel objects to which you never shall have access to. The Apis to deal with kernel objects use a synthetic construct called handle which is not simply a pointer to your own object but instead it is an index to an array where the kernel has stored the relevant meta data for your object. You can use the same idea for your Apis as well. Here for example is a C-Style public Api: 
// Public.h
#include <stdlib.h>

typedef enum 
{
    None = 0,
    PointType = 1
} Types;

typedef int Handle;

Handle CreateType(Types type);
int    DeleteType(Handle object);

void IncrementX(Handle point);
void PrintPoint(Handle point);

As you can see you have generic methods which create and delete your objects which are defined here in an enum. Your methods which use the object will then need to lookup the integer handle to get the meta data object where the real data is stored. This design is not very efficient if the objects you manage are small since for every object a second object is need which stores the object type, handle value and the pointer to the real data. But you get much stronger safety guarantees such as

  • Type safety
  • Invalid handles are easy to find
  • Double free is impossible since you can manage the free state in the meta object

A typical usage of your Api might look like this:

Handle h = CreateType(PointType);
IncrementX(h);
IncrementX(h);
PrintPoint(h);
DeleteType(h);

And there is the super secret implementation in private.cpp where the Handle lookup array and some helper methods exist:

// Private.C
#include "stdafx.h"
#include <stdlib.h>
#include <Windows.h>  // for ZeroMemory

#include "Public.h"

typedef struct 
{
    LPVOID pData;
    Types  type;
    Handle handle;
} HandleInfo;


typedef struct
{
    int x;
    int y;
} Point;

HandleInfo *pAllocated;
int HandleBuffer = 0xffff;
unsigned char bInit = 0;

HandleInfo *GetFreeHandle()
{
    int i;

    if( !bInit )
    {
        pAllocated = (HandleInfo *) malloc(sizeof(HandleInfo)*HandleBuffer);
        bInit = 1;
        ZeroMemory(pAllocated, sizeof(HandleInfo)*HandleBuffer);
    }

    for(i=0; i<HandleBuffer; i++)
    {
        HandleInfo *pInfo = (pAllocated+i);
        if( 0 == pInfo->handle  )
        {
            pInfo->handle = i+1;
            return pInfo;
        }
    }

    return NULL;
}

HandleInfo * GetHandleInfo(Handle h)
{
    if( h <= 0 || h >= HandleBuffer-1)
    {
        return NULL;
    }

    return (pAllocated+h-1);
}

Handle CreateType(Types typeId)
{
    HandleInfo *pInfo;

     pInfo = GetFreeHandle();
     if( NULL == pInfo )
     {
         return -1;
     }

     pInfo->type = typeId;
     switch(typeId)
     {
         case PointType:
             pInfo->pData = malloc(sizeof(Point));
             ZeroMemory(pInfo->pData, sizeof(Point));
         break;

     }

     return pInfo->handle;
}

int DeleteType(Handle object)
{
    HandleInfo *pInfo = GetHandleInfo(object);

    if( NULL == pInfo  )
    {
        return -1;
    }

    if( pInfo->handle != 0 )
    {
        free(pInfo->pData);
        pInfo->pData = NULL;
        pInfo->handle = 0;
        return 1;
    }
    else
    {
        return 0; // Handle was already closed
    }
}

void *GetObjectOfCorrectType(Handle object, Types type)
{
    HandleInfo *p = GetHandleInfo(object);
    if( p == NULL )
    {
        return NULL;
    }

    if( p->type != type)
    {
        return NULL; // handle has wrong object type
    }

    return p->pData;
}

void IncrementX(Handle point)
{
    Point *pPoint = (Point *) GetObjectOfCorrectType(point, PointType);
    if( pPoint == NULL )
    {
        return;
    }

    pPoint->x++;
}

void PrintPoint(Handle point)
{
    Point *pPoint = (Point *) GetObjectOfCorrectType(point, PointType);
    if( pPoint == NULL )
    {
        return;
    }

    printf("Point has x: %d y: %d", pPoint->x, pPoint->y);
}

Yours, Alois Kraus

Alois Kraus
  • 13,229
  • 1
  • 38
  • 64
  • The question is tagged C, so a C++ answer is not relevant here. – dreamlax Mar 20 '11 at 11:17
  • Yes, I did read your answer, but that doesn't change my statement. The question is tagged C, so C++ is irrelevant here. Why not also provide Java, Objective-C, and C# techniques also? Because they are not relevant! – dreamlax Mar 20 '11 at 12:27
3

This is the pointer to implementation or pimpl idiom. See http://en.wikibooks.org/wiki/C++_Programming/Idioms#Pointer_To_Implementation_.28pImpl.29 for a tutorial for C++, but the idea should work in C as well.

Lindydancer
  • 25,428
  • 4
  • 49
  • 68
3
typedef struct {
    /* private members; don't access directly */
    void *data;
} point;
aaz
  • 5,136
  • 22
  • 18
0

If you do not want to use the declaration method (because you want the library user to access other members of your struct, for example) it is convention to prepend private member with an underscore, like this:

typedef struct {
    void * _data;
} point;

Of course people could still access _data if they would really want to (just like people can access private data in C++ by adding a #define private public before their includes) but that is their own responsibility; at least you have indicated that they shouldn't do that if they want your library to behave as it should.

AardvarkSoup
  • 1,071
  • 8
  • 18
0

I use this approach in order to let client alloc the module instance in his STACK.

struct module_private {
    int data;
}

typedef uint8_t module_t [sizeof (struct module_private) ];

Client will be able to see private struct content, but not access it without doing a cast that he shouldn't.

Felipe Lavratti
  • 2,887
  • 16
  • 34
0

Use the following workaround:

#include <stdio.h>

#define C_PRIVATE(T)        struct T##private {
#define C_PRIVATE_END       } private;

#define C_PRIV(x)           ((x).private)
#define C_PRIV_REF(x)       (&(x)->private)

struct T {
    int a;

C_PRIVATE(T)
    int x;
C_PRIVATE_END
};

int main()
{
    struct T  t;
    struct T *tref = &t;

    t.a = 1;
    C_PRIV(t).x = 2;

    printf("t.a = %d\nt.x = %d\n", t.a, C_PRIV(t).x);

    tref->a = 3;
    C_PRIV_REF(tref)->x = 4;

    printf("tref->a = %d\ntref->x = %d\n", tref->a, C_PRIV_REF(tref)->x);

    return 0;
}

Result is:

t.a = 1
t.x = 2
tref->a = 3
tref->x = 4
Ilya Matveychikov
  • 3,936
  • 2
  • 27
  • 42
0

You can have separate public header and private header files. Some libraries have conventions for this:

  • Xt (X11) -> header.h and headerP.h, e.g: X11/Vendor.h vs X11/VendorP.h
  • Qt -> header.h vs private/header_p.h, e.g: qapplication.h vs private/qapplication_p.h
ninjalj
  • 42,493
  • 9
  • 106
  • 148