Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does this abuse of function declarations invoke undefined behavior?

Tags:

c

language-lawyer

undefined-behavior

function-declaration

Consider the following program:

int main()
{
    int exit();
    ((void(*)())exit)(0);
}

As you can see, exit is declared with the wrong return type, but is never called with the incorrect function type. Is this program's behavior well-defined?

like image 337
R.. GitHub STOP HELPING ICE Avatar asked May 11 '13 02:05

R.. GitHub STOP HELPING ICE

1 Answers

MSVC has no problem with this program, but gcc does (at least gcc 4.6.1). It issues the following warnings:

test.c: In function 'main':
test.c:3:9: warning: conflicting types for built-in function 'exit' [enabled by default]
test.c:4:22: warning: function called through a non-compatible type [enabled by default]
test.c:4:22: note: if this code is reached, the program will abort

And, as promised, it does crash when run. The crash is no accident of an incorrect calling convention or something - gcc actually generates an undefined instruction with the opcode 0x0b0f to explicitly force a crash (gdb disassembles it as ud2 - I haven't looked up what that the CPU manual might say about the opcode):

main:
.LFB0:
    .cfi_startproc
    push    ebp
    .cfi_def_cfa_offset 8
    .cfi_offset 5, -8
    mov ebp, esp
    .cfi_def_cfa_register 5
        .value  0x0b0f
    .cfi_endproc

I'm reluctant to say that gcc is wrong in doing this because I'm sure the people who write that compiler know a lot more about C than I do. But here's how I read what the standard says about it; I'm sure someone will point out what I'm missing:

C99 says this about conversions of function pointers (6.3.2.3/8 "Pointers"):

A pointer to a function of one type may be converted to a pointer to a function of another type and back again; the result shall compare equal to the original pointer. If a converted pointer is used to call a function whose type is not compatible with the pointed-to type, the behavior is undefined.

In an expression, the identifier exit evaluates to a function pointer.

The sub-expression ((void(*)())exit) converts the function pointer that exit evaluates to into a function pointer of the type void (*)(). Then a function call is made through that pointer, passing the int argument 0.

The standard library contains a function named exit that has the following prototype:

void exit(int status);

The standard also says (7.1.4/2 "Use of library functions"):

Provided that a library function can be declared without reference to any type defined in a header, it is also permissible to declare the function and use it without including its associated header.

Your program doesn't include the header containing that prototype, but the function call made through the converted pointer uses the 'declaration' provided in the cast. The declaration in the cast isn't a prototype declaration, so we need to determine if the function type of exit as defined by the standard library and the function type of the converted function pointer in your program are compatible. The standard says (6.7.5.3/15 "Function declarators (including prototypes)")

For two function types to be compatible, both shall specify compatible return types. ... If one type has a parameter type list and the other type is specified by a function declarator that is not part of a function definition and that contains an empty identifier list, the parameter list shall not have an ellipsis terminator and the type of each parameter shall be compatible with the type that results from the application of the default argument promotions

It seems to me that the converted function pointer has a compatible function type - the return type is the same (void) and the type of the single parameter is int after the default argument promotions. So it appears to me that there's no undefined behavior here.

Update: After a little more thought on this, it might be reasonable to interpret 7.1.4/2 to mean that a 'self-declared' library function name must be declared correctly (though not necessarily with a prototype, but with a correct return type). Especially since the standard also says that "All identifiers with external linkage in any of the following subclauses ... are always reserved for use as identifiers with external linkage" (7.1.3).

So I think a reasonable argument can be made that the program has undefined behavior.

like image 176
Michael Burr Avatar answered Sep 22 '22 17:09

Michael Burr
Sign in to Comment

Related questions

Stream of Unicode Code Points from Bytes in C?
Calling C code from within Ruby -- How to use the returned pointer?
x11 - Unable to move window after XGrabKeyboard
How to let GDB continue until the program enters another function?
Weighted linear least squares in OpenCV
Embedded: C Coding for Ctrl-C interrupt in u-boot terminal
switching up/down the stack with getcontext/setcontext
how to give more than one c file as input to GNU Cflow?
Changing the Stack Memory from C program
Listing All Physical Drives (Windows)
Why struct tags are not type names in C? [closed]
Integer promotion, signed/unsigned, and printf
is there any api for linux iptables , so that my program can add firewall rules [duplicate]
Call a userspace function from within a Linux kernel module
Scanf unsigned char in hex
How to translate a GTK+ app?
How to get Ragel EOF actions working
Access C constants (header) from JNI (Java Native Interface)
OpenMP iteration for loop in parallel region
Passing Parameters in 64 bit Assembly Function from C language. Which Register Receive These Parameter?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!