一、Example 1

void f(void)
{
    int *p = (int*)100;
    printf("%d\n",(int)p+1);
    printf("%d\n",(int)(p+1));
}

int main(int ac, char **av)
{
    f();
    return 0;
}

运行结果：

101
104

二、int指针转换为char指针。

#include <stdio.h>

int main() {
    int a = 8;
    int* b = &a;
    int *c = (int*)((char*)b + 1);
    printf("b = %p, c = %p\n", b, c);
    *c  = 8;
    printf("%d\n", a);
    printf("b = %p, c = %p\n", b, c);
    printf("%d\n", *c);
    return 0;
}

 

运行结果：

b = 0061FEC4, c = 0061FEC5
2056
b = 0061FEC4, c = 0061FE00
1988445728

运行完第7行：整数a的地址为b = 0x61fec4,内存值为08000000；指针c指向0x61fec5，是a的第二个字节的地址。（小端存储）

运行完第8行，对c指向的内存赋值，c地址之后的四个字节被写为 08000000，因此a指向的内存被写为：00000808(b) = 2056(d)。
。

但由于c的地址也正好因此被破坏了，被改为0061FE00，因为此次输出*c的内容将是未知的。

三、Example 3

S6.828

#include <stdio.h>
#include <stdlib.h>

void f(void)
{
    int a[4];
    int *b = malloc(16);
    int *c;
    int i;


    printf("1: a = %p, b = %p, c = %p\n", a, b, c);

    c = a;
    for (i = 0; i < 4; i++)
        a[i] = 100 + i;
    c[0] = 200;
    printf("2: a[0] = %d, a[1] = %d, a[2] = %d, a[3] = %d\n",
           a[0], a[1], a[2], a[3]);

    c[1] = 300;
    *(c + 2) = 301;
    3[c] = 302;
    printf("3: a[0] = %d, a[1] = %d, a[2] = %d, a[3] = %d\n",
           a[0], a[1], a[2], a[3]);

    c = c + 1;
    *c = 400;
    printf("4: a[0] = %d, a[1] = %d, a[2] = %d, a[3] = %d\n",
           a[0], a[1], a[2], a[3]);

    c = (int *) ((char *) c + 1);
    *c = 500;
    printf("5: a[0] = %d, a[1] = %d, a[2] = %d, a[3] = %d\n",
           a[0], a[1], a[2], a[3]);

    b = (int *) a + 1;
    c = (int *) ((char *) a + 1);
    printf("6: a = %p, b = %p, c = %p\n", a, b, c);
}

int main(int ac, char **av)
{
    f();
    return 0;
}

运行结果：

1: a = 0061FEA0, b = 007515B8, c = 0000003D
2: a[0] = 200, a[1] = 101, a[2] = 102, a[3] = 103
3: a[0] = 200, a[1] = 300, a[2] = 301, a[3] = 302
4: a[0] = 200, a[1] = 400, a[2] = 301, a[3] = 302
5: a[0] = 200, a[1] = 128144, a[2] = 256, a[3] = 302
6: a = 0061FEA0, b = 0061FEA4, c = 0061FEA1

Process finished with exit code 0