Why are compound literals in C modifiable

Solution 1:

A compound literal is an lvalue and values of its elements are modifiable. In case of

char* str = (char[]){"Hello World"};
*str = 'B';  // A-Okay!  

you are modifying a compound literal which is legal.

C11-§6.5.2.5/4:

If the type name specifies an array of unknown size, the size is determined by the initializer list as specified in 6.7.9, and the type of the compound literal is that of the completed array type. Otherwise (when the type name specifies an object type), the type of the compound literal is that specified by the type name. In either case, the result is an lvalue.

As it can be seen that the type of compound literal is a complete array type and is lvalue, therefore it is modifiable unlike string literals

Standard also mention that

§6.5.2.5/7:

String literals, and compound literals with const-qualified types, need not designate distinct objects.101

Further it says:

11 EXAMPLE 4 A read-only compound literal can be specified through constructions like:

(const float []){1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6}   

12 EXAMPLE 5 The following three expressions have different meanings:

"/tmp/fileXXXXXX"
(char []){"/tmp/fileXXXXXX"}
(const char []){"/tmp/fileXXXXXX"}

The first always has static storage duration and has type array of char, but need not be modifiable; the last two have automatic storage duration when they occur within the body of a function, and the first of these two is modifiable.

13 EXAMPLE 6 Like string literals, const-qualified compound literals can be placed into read-only memory and can even be shared. For example,

(const char []){"abc"} == "abc"

might yield 1 if the literals’ storage is shared.

Solution 2:

The compound literal syntax is a short hand expression equivalent to a local declaration with an initializer followed by a reference to the unnamed object thus declared:

char *str = (char[]){ "Hello World" };

is equivalent to:

char __unnamed__[] = { "Hello world" };
char *str = __unnamed__;

The __unnamed__ has automatic storage and is defined as modifiable, it can be modified via the pointer str initialized to point to it.

In the case of char *str = "Hello World!"; the object pointed to by str is not supposed to be modified. In fact attempting to modify it has undefined behavior.

The C Standard could have defined such string literals as having type const char[] instead of char[], but this would generate many warnings and errors in legacy code.

Yet it is advisable to pass a flag to the compiler to make such string literals implicitly const and make the whole project const correct, ie: defining all pointer arguments that are not used to modify their object as const. For gcc and clang, the command line option is -Wwrite-strings. I also strongly advise to enable many more warnings and make them fatal with -Wall -W -Werror.