Uninitialised fields in structures

On Dec 31, 12:58 pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

Greetings!

I was recently surprised by the compiler's warning concerning this code:

struct text {
char* s;
size_t len;
};
int main() {
struct text t = {"hello world!"};
}

The compiler actually claimed that t.len was uninitialised. Okay, I don't
explicitly initialise it, but I was under the impression that it should be
initialised to zero then (i.e. all fields after the last one are
initialised with zero). Okay, it's just a warning, so I tended to ignore

That is true only for an array.

it. Now, when I ran the code through Valgrind, it also complained that an
uninitialised value was used, which got me thinking. Lastly, I used gdb to
step through the code and explicitly shredded the value of t.len before
that line and - lo and behold - it was correctly (IMHO) reset to zero!

Now, I'm pretty sure about the rule with the additional fields, but I'm
wondering nonetheless. Can someone confirm or deny whether t.len above is
initialised or not?

The standard doesn't say anything about initializing the rest members
to 0.
Using gdb to determine whether a program is correct or not is bad
practise, as it is to run the program and come to a conclusion by the
output.
Gdb is not a 'C99 tool'.

On Dec 31, 10:58*am, Ulrich Eckhardt <dooms...@knuut .dewrote:

Greetings!

I was recently surprised by the compiler's warning concerning this code:

* struct text {
* * char* s;
* * size_t len;
* };
* int main() {
* * struct text t = {"hello world!"};
* }

The compiler actually claimed that t.len was uninitialised. Okay, I don't
explicitly initialise it, but I was under the impression that it should be
initialised to zero then (i.e. all fields after the last one are
initialised with zero).

Indeed. Paragraph 21 of 6.7.8 of n1256 states:

If there are fewer initializers in a
brace-enclosed list than there are elements
or members of an aggregate, or fewer
characters in a string literal used to
initialize an array of known size than
there are elements in the array, the remainder
of the aggregate shall be initialized implicitly
the same as objects that have static storage
duration.

and paragraph 10 of the same clause states that
arithmetic types of static storage are initialized to 0.

Okay, it's just a warning, so I tended to ignore
it. Now, when I ran the code through Valgrind, it also complained that an
uninitialised value was used, which got me thinking.

Regarding the compiler perhaps it just warns you about
the lack of explicit initialization. Regarding valgrind I
don't know how it deals with such issues.

Now, I'm pretty sure about the rule with the additional fields, but I'm
wondering nonetheless. Can someone confirm or deny whether t.len above is
initialised or not?

According to the standard it should. Perhaps the person
who wrote your compiler was ignorant about that part of
the standard ? ;-)

vi******@gmail. com writes:

On Dec 31, 12:58 pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

>I was recently surprised by the compiler's warning concerning this code:

struct text {
char* s;
size_t len;
};
int main() {
struct text t = {"hello world!"};
}

The compiler actually claimed that t.len was uninitialised. Okay, I don't
explicitly initialise it, but I was under the impression that it should be
initialised to zero then (i.e. all fields after the last one are
initialised with zero).

<snip>

>Now, I'm pretty sure about the rule with the additional fields, but I'm
wondering nonetheless. Can someone confirm or deny whether t.len above is
initialised or not?

The standard doesn't say anything about initializing the rest members
to 0.

I think it does. 6.7.8 para. 21:

If there are fewer initializers in a brace-enclosed list than there
are elements or members of an aggregate, or fewer characters in a
string literal used to initialize an array of known size than there
are elements in the array, the remainder of the aggregate shall be
initialized implicitly the same as objects that have static storage
duration.

Further up (para. 10) explains that objects of static duration are
initialised to arithmetic zero or NULL by default.

--
Ben.

vi******@gmail. com wrote:

On Dec 31, 12:58 pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

>[Not explicitly initialised fields of a struct that is partially
initialised are implicitly initialised to zero. ]
Now, I'm pretty sure about the rule with the additional fields, but I'm
wondering nonetheless. Can someone confirm or deny whether t.len above is
initialised or not?

The standard doesn't say anything about initializing the rest members
to 0.

Well, that's where a few others and I disagree with you. Also, the compiler
only warns but still does the initialisation.

Using gdb to determine whether a program is correct or not is bad
practise, as it is to run the program and come to a conclusion by the
output. Gdb is not a 'C99 tool'.

Well, surely it is not a way to prove that the program is correct C.
However, I have four different opinions on whether the program is buggy:

1. Compiler
The compiler said something was uninitialised, which often causes errant
runtime behaviour, in my case it would have lead to calling free() with a
pointer to a string literal. Of course that is not a proof, since
uninitialised storage can contain anything, including a very deterministic
value.

2. Running
Running the program didn't cause any runtime errors, as free()ing a string
literal usually does. Same uncertainty as above though, but glibc otherwise
correctly detects this error.

3. Valgrind
Typically valgrind doesn't care too much about C but operates directly on
the generated machine code. The fact that it detects use of uninitialised
memory was what first prompted me to wonder whether there was something
behind the warnings emitted by the compiler.

4. GDB (a debugger)
I used the debugger to manually shred the memory of the variable that was
claimed to be not initialised. I observed that code was executed to lateron
initialise the variable to zero.

I'm aware that none of these tests are in any way mandated by any C
standard, but that's real life. ;)
Just for the interest of those that are reading this: the actual problem was
with my use of Valgrind. If I had paid a bit more attention to its output,
I would have seen that the errors are in fact detected in /lib/ld-2.3.6.so
and not in my executable. Actually using an uninitialised struct in my code
also causes it to be detected and reported as occurring in my code, so the
compiler output can be taken as "just a [stupid] warning".

Uli

On Dec 31, 6:02*am, Ulrich Eckhardt <dooms...@knuut .dewrote:

vipps...@gmail. com wrote:

On Dec 31, 12:58 pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

[Not explicitly initialised fields of a struct that is partially
initialised are implicitly initialised to zero. ]
Now, I'm pretty sure about the rule with the additional fields, but I'm
wondering nonetheless. Can someone confirm or deny whether t.len above is
initialised or not?

The standard doesn't say anything about initializing the rest members
to 0.

Well, that's where a few others and I disagree with you. Also, the compiler
only warns but still does the initialisation.

Using gdb to determine whether a program is correct or not is bad
practise, as it is to run the program and come to a conclusion by the
output. Gdb is not a 'C99 tool'.

Well, surely it is not a way to prove that the program is correct C.
However, I have four different opinions on whether the program is buggy:

1. Compiler
The compiler said something was uninitialised, which often causes errant
runtime behaviour, in my case it would have lead to calling free() with a
pointer to a string literal. Of course that is not a proof, since
uninitialised storage can contain anything, including a very deterministic
value.

2. Running
Running the program didn't cause any runtime errors, as free()ing a string
literal usually does. Same uncertainty as above though, but glibc otherwise
correctly detects this error.

3. Valgrind
Typically valgrind doesn't care too much about C but operates directly on
the generated machine code. The fact that it detects use of uninitialised
memory was what first prompted me to wonder whether there was something
behind the warnings emitted by the compiler.

4. GDB (a debugger)
I used the debugger to manually shred the memory of the variable that was
claimed to be not initialised. I observed that code was executed to lateron
initialise the variable to zero.

I'm aware that none of these tests are in any way mandated by any C
standard, but that's real life. ;)

Just for the interest of those that are reading this: the actual problem was
with my use of Valgrind. If I had paid a bit more attention to its output,
I would have seen that the errors are in fact detected in /lib/ld-2.3.6.so
and not in my executable. Actually using an uninitialised struct in my code
also causes it to be detected and reported as occurring in my code, so the
compiler output can be taken as "just a [stupid] warning".

You do not use C software tools to determine if a program is correct
or not, you use the C standard. If (for instance) one of your tools
has a bug, then what will you conclude?

"user923005 " <dc*****@connx. comwrote in message
news:53******** *************** ***********@i3g 2000hsf.googleg roups.com...
On Dec 31, 6:02 am, Ulrich Eckhardt <dooms...@knuut .dewrote:

vipps...@gmail. com wrote:

On Dec 31, 12:58 pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

[Not explicitly initialised fields of a struct that is partially
initialised are implicitly initialised to zero. ]
Now, I'm pretty sure about the rule with the additional fields, but I'm
wondering nonetheless. Can someone confirm or deny whether t.len above
is
initialised or not?

The standard doesn't say anything about initializing the rest members
to 0.

<snip>

>
I'm aware that none of these tests are in any way mandated by any C
standard, but that's real life. ;)

Just for the interest of those that are reading this: the actual problem
was
with my use of Valgrind. If I had paid a bit more attention to its output,
I would have seen that the errors are in fact detected in /lib/ld-2.3.6.so
and not in my executable. Actually using an uninitialised struct in my
code
also causes it to be detected and reported as occurring in my code, so the
compiler output can be taken as "just a [stupid] warning".

<
You do not use C software tools to determine if a program is correct
or not, you use the C standard. If (for instance) one of your tools
has a bug, then what will you conclude?

>

best practice is probably to find the least common denominator (of standard
and tools).

if the standard says something should work, but the tools are broken, then
maybe it makes sense to bend to the tools (not write that code, since the
tools are broke, and it is assumed here that the user is not one of the
tools' developers).

now, if the tools allow something, but the standard does not, then one goes
with the standard.

user923005 wrote:

You do not use C software tools to determine if a program is correct
or not, you use the C standard. If (for instance) one of your tools
has a bug, then what will you conclude?

Yes, in theory you could do so, but in practice the correct function of a
program is determined by whether it does the right thing and not by some
standard, not even if it is written in a certain language. Sorry, but your
point of view is simply unrealistic. If you had at least said "correct
according to the C standard" I would have agreed, but like that your
statement is just rubbish to me. Try to sell a program to a customer saying
that it's correct C while executing it behaves erratically.

Uli

On Jan 2, 9:57*pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

user923005 wrote:

You do not use C software tools to determine if a program is correct
or not, you use the C standard. *If (for instance) one of your tools
has a bug, then what will you conclude?

Yes, in theory you could do so, but in practice the correct function of a
program is determined by whether it does the right thing and not by some
standard, not even if it is written in a certain language. Sorry, but your
point of view is simply unrealistic. If you had at least said "correct
according to the C standard" I would have agreed, but like that your
statement is just rubbish to me. Try to sell a program to a customer saying
that it's correct C while executing it behaves erratically.

If it is correct C and executes erratically, then your tools are
broken. Switch tools.

If it is incorrect C and yet it appears to execute correctly, then it
is (in fact) broken. When the compiler is repaired and maintenance
work is done on the code, then it may no longer function. Or the
undefined behavior may surface at the most inopportune time, such as
when an Arianne missile takes off.

Why do you imagine that ISO bothers to write standards for languages?
For exactly the same reason that they write standards for bolts and
for oil and for just about everything else under the sun that might be
used to create products. If there is an accurate design specification
that describes exactly how something *must* behave then we can code to
that standard. It is this engineering approach that leads to accurate
and reliable systems. It is your "seat of the pants" approach that
leads to cowboy coding and people getting fried by x-ray machines.

user923005 wrote:

On Jan 2, 9:57*pm, Ulrich Eckhardt <dooms...@knuut .dewrote:

>user923005 wrote:

You do not use C software tools to determine if a program is correct
or not, you use the C standard. *If (for instance) one of your tools
has a bug, then what will you conclude?

Yes, in theory you could do so, but in practice the correct function of a
program is determined by whether it does the right thing and not by some
standard, not even if it is written in a certain language. Sorry, but
your point of view is simply unrealistic. If you had at least said
"correct according to the C standard" I would have agreed, but like that
your statement is just rubbish to me. Try to sell a program to a customer
saying that it's correct C while executing it behaves erratically.

If it is correct C and executes erratically, then your tools are
broken. Switch tools.

This is ridiculous. Have you considered that there are only so many
resources for your goals and that switching tools might just not be an
option?

If it is incorrect C and yet it appears to execute correctly, then it
is (in fact) broken.

This obviously depends on the definition of broken, whether it simply
means "incorrect C" or "behaves faulty". In one case, you say "if it is
incorrect C, then it is incorrect C", duh. In the other case you say "if it
behaves correctly and is incorrect C, it behaves faulty". One statement is
obviously correct, the other obviously rubbish. Am I perhaps missing a
third definition of "broken"?

When the compiler is repaired and maintenance work is done on the
code, then it may no longer function. Or the undefined behavior
may surface at the most inopportune time, such as when an Arianne
missile takes off.

So? Bugs happen. Testing helps against shipping broken code. What is it that
you do with the standard that helps you against shipping buggy programs?

Why do you imagine that ISO bothers to write standards for languages?
For exactly the same reason that they write standards for bolts and
for oil and for just about everything else under the sun that might be
used to create products. If there is an accurate design specification
that describes exactly how something *must* behave then we can code to
that standard. It is this engineering approach that leads to accurate
and reliable systems.

Dude, you don't get it: if the observable behaviour of a program is correct,
it eventually doesn't matter to e.g. a customer if this behaviour relies on
undefined behaviour or not. In fact pretty many programs rely at least on
implementation-defined behaviour. OTOH, if the behaviour is incorrect, it
similarly doesn't matter if it complies to any standard or not, you will
not be able to sell it. This is reality, and I don't understand why you
keep arguing that.

It is your "seat of the pants" approach that
leads to cowboy coding and people getting fried by x-ray machines.

Whining about standard compliance doesn't help if you get fried. Your
real-world program must behave, even if it is compiled by real-world,
non-perfect tools. Using real-world, non-perfect tools to find errors is
the only choice we (i.e. the people living in the real world) have, the C
standard is not a tool that can be efficiently used to find errors, you can
only use it to distinguish between a bug in your program and in the
implementation, once you found it.

Uli