I just had an exam in my class today --- reading C code and input, and the required answer was what will appear on the screen if the program actually runs. One of the questions declared a[4][4]
as a global variable and at a point of that program, it tries to access a[27][27]
, so I answered something like "Accessing an array outside its bounds is an undefined behavior" but the teacher said that a[27][27]
will have a value of 0
.
Afterwards, I tried some code to check whether "all uninitialized golbal variable is set to 0
" is true or not. Well, it seems to be true.
So now my question:
a[27][27]
be 0
for all environment?Edit :
In that code, a[4][4]
is the only global variable declared and there are some more local ones in main()
.
I tried that code again in DevC++. All of them is 0
. But that is not true in VSE, in which most value are 0
but some have a random value as Vyktor has pointed out.
You were right: it is undefined behavior and you cannot count it always producing 0
.
As for why you are seeing zero in this case: modern operating systems allocate memory to processes in relatively coarse-grained chunks called pages that are much larger than individual variables (at least 4KB on x86). When you have a single global variable, it will be located somewhere on a page. Assuming a
is of type int[][]
and int
s are four bytes on your system, a[27][27]
will be located about 500 bytes from the beginning of a
. So as long as a
is near the beginning of the page, accessing a[27][27]
will be backed by actual memory and reading it won't cause a page fault / access violation.
Of course, you cannot count on this. If, for example, a
is preceded by nearly 4KB of other global variables then a[27][27]
will not be backed by memory and your process will crash when you try to read it.
Even if the process does not crash, you cannot count on getting the value 0
. If you have a very simple program on a modern multi-user operating system that does nothing but allocate this variable and print that value, you probably will see 0
. Operating systems set memory contents to some benign value (usually all zeros) when handing over memory to a process so that sensitive data from one process or user cannot leak to another.
However, there is no general guarantee that arbitrary memory you read will be zero. You could run your program on a platform where memory isn't initialized on allocation, and you would see whatever value happened to be there from its last use.
Also, if a
is followed by enough other global variables that are initialized to non-zero values then accessing a[27][27]
would show you whatever value happens to be there.
Accessing an array out of bounds is undefined behavior, which means the results are unpredictable so this result of a[27][27]
being 0
is not reliable at all.
clang
tell you this very clearly if we use -fsanitize=undefined
:
runtime error: index 27 out of bounds for type 'int [4][4]'
Once you have undefined behavior the compiler can really do anything at all, we have even seen examples where gcc
has turned a finite loop into an infinite loop based on optimizations around undefined behavior. Both clang
and gcc
in some circumstances can generate and undefined instruction opcode if it detects undefined behavior.
Why is it undefined behavior, Why is out-of-bounds pointer arithmetic undefined behaviour? provides a good summary of reasons. For example, the resulting pointer may not be a valid address, the pointer could now point outside the assigned memory pages, you could be working with memory mapped hardware instead of RAM etc...
Most likely the segment where static variables are being stored is much larger then the array you are allocating or the segment that you are stomping though just happens to be zeroed out and so you are just lucky in this case but again completely unreliable behavior. Most likely your page size is 4k and access of a[27][27]
is within that bound which is probably why you are not seeing a segmentation fault.
What the standard says
The draft C99 standard tell us this is undefined behavior in section 6.5.6
Additive operators which covers pointer arithmetic which is what an array access comes down to. It says:
When an expression that has integer type is added to or subtracted from a pointer, the result has the type of the pointer operand. If the pointer operand points to an element of an array object, and the array is large enough, the result points to an element offset from the original element such that the difference of the subscripts of the resulting and original array elements equals the integer expression.
[...]
If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined. If the result points one past the last element of the array object, it shall not be used as the operand of a unary * operator that is evaluated.
and the standards definition of undefined behavior tells us that the standard imposes no requirements on the behavior and notes possible behavior is unpredictable:
behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which this International Standard imposes no requirements
NOTE Possible undefined behavior ranges from ignoring the situation completely with unpredictable results, [...]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With