You're working with C, and you need to compare two strings. Easy, right? You've probably seen code that looks something like this:
const char *s1, *s2;
// ... some code to assign values to s1 and s2 ...
if (s1 == s2) {
// They are equal!
}
And then, you hit a snag. It turns out, this simple equality check (==) doesn't do what you might expect. In C, strings are essentially arrays of characters terminated by a null character (\0). When you use == on two char * pointers, you're not comparing the content of the strings; you're comparing the memory addresses where those strings are stored. So, s1 == s2 will only be true if s1 and s2 point to the exact same location in memory. This is a classic gotcha for anyone coming from languages where strings are objects with built-in comparison methods.
So, how do you properly compare strings in C? The standard, idiomatic way is to use the strcmp() function from the <string.h> library. It's designed specifically for this purpose.
Here's the correct approach:
#include <string.h>
const char *s1, *s2;
// ... some code to assign values to s1 and s2 ...
if (strcmp(s1, s2) == 0) {
// Strings are equal!
}
strcmp() works by comparing the strings character by character. If the strings are identical, it returns 0. If the first string lexicographically precedes the second, it returns a negative value. If the first string lexicographically follows the second, it returns a positive value. The key takeaway is that a return value of 0 signifies equality.
Now, you might also see older code, or perhaps code written by programmers who prefer a slightly more concise (though arguably less readable) style, using !strcmp(s1, s2):
if (!strcmp(s1, s2)) {
// Strings are equal!
}
This works because !0 evaluates to true. While functional, the explicit strcmp(s1, s2) == 0 is generally preferred for clarity. It directly states the condition for equality.
Beyond the basic comparison, there's a more advanced concept that sometimes comes up: constant-time string comparison. This is crucial in security-sensitive applications where timing attacks could potentially reveal information about secret strings. If a comparison function takes longer to execute when strings differ at the beginning versus when they differ at the end, an attacker might be able to infer information by measuring the execution time. A constant-time comparison aims to make the execution time independent of the input strings' content. The reference material mentions "Hanson's idiom for constant-time string comparison," which is a more specialized technique often involving bitwise operations and careful loop structures to ensure each comparison step takes the same amount of time, regardless of where a mismatch occurs or if no mismatch occurs at all. Implementing this correctly is non-trivial and usually involves deep understanding of the underlying hardware and compiler behavior. For most everyday C programming, strcmp() is perfectly adequate and the right tool for the job.
