I wrote a C program as follows:
CASE 1
int *a; /* pointer variable declaration */
int b; /* actual variable declaration */
*a=11;
a=&b;/* store address of b in pointer variable*/
It gives a segmentation fault when running the program.
I changed the code as follows:
CASE 2
int *a; /* pointer variable declaration */
int b; /* actual variable declaration */
a=&b;/* store address of b in pointer variable*/
*a=11;
Now it's working fine.
If anyone knows please explain why it is giving a segmentation fault in CASE 1.
CASE .1
int *a; /* pointer variable declaration */
int b; /* actual variable declaration */
*a=11;//Not valid means you are not owner of the address where a now pointing it is unknown and accessing this will segfault/
a=&b;/* store address of b in pointer variable*/
This is going to be segmentation fault because the address you are using is not a valid address and there you are storing 11 which is illegal.
b
+-------+ +--------+
| + | 11 |
|Unknown| | |
+---+---+ +---+----+
| |
| |
+ +
a a
CASE .2
int *a; /* pointer variable declaration */
int b; /* actual variable declaration */
a=&b;/* store address of b in pointer variable*/
*a=11;
Now its working fine because the address of b is valid an there you are storing 11 which is legal.
Also above cases are not correct way of pointer declaration
int *a = NUll;
a = malloc(sizeof(int));
*a=5;
free(a);//must
or
int *a = NUll;
int b;
a = &b;
*a=5;
This will remove segmentation fault many times which is hard to find .
int *a; // a pointer variable that can hold a memory address of a integer value.
In case 1,
*a = 10; // here you have asigned 10 to unknown memory address;
It shows segmentation fault because of assigning value to a memory address that is not defined. Undefined behaviour.
In case 2,
a=&b; // assigning a proper memory address to a.
*a=11;// assigning value to that address
Consider this example:
#include<stdio.h>
int main()
{
int *a,b=10;
printf("\n%d",b);
a=&b;
*a=100;
printf("-->%d",b);
}
Output: 10-->100
Here this is how it works.
b // name
----------
+ 10 + // value
----------
4000 // address
Asuuming memory location of b is 4000.
a=&b => a=4000;
*a=100 => *(4000)=100 => valueat(4000) => 100
After manipulation it looks like this.
b // name
----------
+ 100 + // value
----------
4000 // address
One line: First code you are dereferencing uninitialized pointer which exhibits undefined behaviour, and in the second code you are dereferencing initialized pointer which will give access to the value at the address.
A bit of explanation:
First you need to realize that a pointer is nothing but an integer, an with the *var we tell the compiler that we will be using the content of the variable var (the integer in it) as an address to fetch the value in that address. If there is **var similarly we tell the compiler that we will first use the stored value of the variable var to fetch the value at the address and again use this fetched value as an address and fetch the value stored in it.
Therefore in your first declaration it is:
+----------+ +----------+
| garbage | | garbage |
+----------+ +----------+
| a | | b |
+----------+ +----------+
| addr1 | | addr2 |
+----------+ +----------+
Then you try to use the value stored in a as an address. a contains garbage, it can be any value, but you do not have access to any address location. Therefore the next moment when you do *a it will use the stored value in a as an address. Because the stored value can be anything, anything can happen.
If you have permission to access the location , the code will continue to execute without a segmentation fault. If the address happens to be an address from the heap book-keeping structure, or other memory area which your code allocated from heap or stack then when you do *a = 10 it will simply wipe off the existing value with 10 in that location. This can lead to undefined behaviour as now you have changed something without the knowledge of the context having the actual authority of the memory. If you don't have permission to the memory, you simply get a segmentation fault. This is called dereferencing of an uninitialized pointer.
Next statement you do a = &b which just assigns the address of b in a. This doesn't help, because the previous line has dereferenced an uninitialized pointer.
Next code you have something like this after the third statement:
+----------+ +----------+
| addr2 |---+ | garbage |
+----------+ | +----------+
| a | +--> | b |
+----------+ +----------+
| addr1 | | addr2 |
+----------+ +----------+
The third statement assigns the address of b into a. Before that a is not dereferenced, therefore the garbage value stored in a before the initialization is never used as an address. Now when you assign a valid address of your knowledge into a, dereferencing a now will give you access to the value pointed to by a.
Extending the answer, you need to keep an eye that, even if you have assigned a valid address to a pointer, you have to make sure at the time of dereferencing the pointer the lifetime of the address pointed to by the pointer has not expired. For example returning local variable.
int foo (void)
{
int a = 50;
return &a; //Address is valid
}//After this `a' is destroyed (lifetime finishes), accessing this address
//results in undefined behaviour
int main (void)
{
int *v = foo ();
*v = 50; //Incorrect, contents of `v' has expired lifetime.
return 0;
}
Same in the case of accessing freed memory location from heap.
int main (void)
{
char *a = malloc (1);
*a = 'A'; //Works fine, because we have allocated memory
free (a); //Freeing allocated memory
*a = 'B'; //Undefined behaviour, we have already freed
//memory, it's not for us now.
return 0;
}
int a stores a random integer value. So saying by saying *a, you might be accessing a memory location that is out of bounds or invalid. So it is a seg fault.
In the first case you have declared a pointer but you have not assigned the address to which it has to point hence the pointer would have contained an address that would have belonged to another process in the system (or it would have contained an junk value which is not an address at all or it would have contained an null which can't be an memory address)hence operating system sends an signal to prevent invalid memory operation and hence an segmentation fault occurs.
In the second case you are assigning the address of the variable which has to be updated to the pointer and storing the value which is the correct way of doing and hence there's no segmentation fault.
Related
int a;
int *p=&a;
a = 20;
*p = 40;
printf("%d",a);
Output:
40
Can anyone explain why the output is 40?
Lets draw it out:
+---+ +---+
| p | --> | a |
+---+ +---+
That is, the variable p points to the variable a.
When you use *p you follow the pointer to get a.
So *p = 40 is equivalent to a = 40.
In this code, the a variable is declared as an int, and it is initialized with the value 20. A pointer p is then declared, and it is initialized with the address of the a variable.
Next, the value of the a variable is modified by using the pointer p. The * operator is used to dereference the pointer, which means that it gives us the value stored at the address that the pointer points to. In this case, the pointer p points to the a variable, so when we dereference p and assign the value 40 to it, we are effectively assigning the value 40 to the a variable.
Since the value of the a variable was previously set to 40 using the pointer, the output of the printf statement is 40.
The output is 40 because the pointer is used to modify the value of the a variable, and the printf statement prints the modified value of a.
can anybody help me understand this code (in c)..
#include <stdio.h>
void main()
{
const int a =5;int b;
int *p;
p= (int *) &a;
b=a;
*p= *p +1;
printf(" value of p is = %d\n", *p);
printf(" value of b is = %d\n", b);
printf(" value of a is = %d\n",a);
}
result is
: value of p is = 6
: value of b is = 5
: value of a is = 6
With the instruction p = (int *)&a; you made p to point at a.
As a result expression *p refers to the variable a, hence *p = *p + 1; worked as equivalent to a = a + 1; – variable a got assigned its previous value (which was 5) incremented by 1.
So it's finally 6.
This, however, is an Undefined Behavior, as #interjay points out in this comment – the a variable is declared as const, which means it must not be modified. As a result the compiler might choose to allocate it in a read-only area of memory. It did not in your case, and an assignment succeeded, but in other case the modfication of the variable might silently fail (with a value remaining 5) or yield a memory access exception (and terminate the program) or whatever.
The intent of this code is to update the value of a through the pointer p. Let's strip away some things and start with the basics:
int a = 5;
int *p = &a;
We have an object named a that stores the integer value 5. We have another object named p that stores the address of a. After the two declarations above, the following conditions are true:
p == &a == some address value
*p == a == 5
The expression *p is equivalent to the expression a - assigning a new value to *p is the same as assigning a new value to a, so
*p = *p + 1
is the same as writing
a = a + 1
However, in the code you posted a has been declared as a const int. That means you are telling the compiler that the value of a is not supposed to change over its lifetime. The compiler will flag any statement like
a = a + 1
or
a++;
as an error. The compiler may also store a in read-only memory; if you never take the address of a (that is, if it's never the operand of unary &), the compiler may not reserve any storage for it at all and just replace any instance of it with the value (IOW, anywhere you would expect to see a reference to a in the machine code you would just see a literal 5), meaning there's nothing to write to at all.
But this code cheats - it declares p as a pointer to a non-const int. The type of the expression &a is const int * (pointer to const int), but the type of p is just int * (pointer to int). In the assignment
p = (int *) &a;
you are casting away the const qualifier on a. So when you write a new value to *p, the compiler doesn't know that you're trying to modify something that was declared as const so it won't flag it as an error.
The C language definition says that trying to update a const-qualified object through a non-const-qualified lvalue1 results in undefined behavior - the compiler is not required to handle the situation in any particular way. The result can be any one of:
a runtime error;
the value of a remaining unchanged;
behaving exactly as expected;
or something else entirely.
An lvalue is any expression that designates an object such that the object my be read or modified. Both a and *p are lvalues that refer to an integer object containing the value 5
Before the explanation, let me tell you that this is part is a bit problematic, and can lead to undefined behavior:
const int a =5;
p= (int *) &a;
You should remove const, because in this case you want to modify the contents of a through pointers. Some compilers (such as clang, as someone mentioned in the comments) might perform optimizations, like replacing where the const variable is used with its value, to reduce the number of memory access operations.
Let's imagine that each variable is a little box where you can put numbers. So you have 3 boxes:
+---+ +---+ +---+
| 5 | | | | |
+---+ +---+ +---+
a b p
Now let's go over each statement and see what is happening.
int *p;
p= (int *) &a;
p is defined as a pointer, which is a type of variable that can hold the address of something in memory. In this case, it is assigned the address of variable a. So our boxes now look like this:
+---------------+
v |
+---+ +---+ +----+
| 5 | | | | &a |
+---+ +---+ +----+
a b p
p simply contains the memory address of a. You can print it with printf("%u", a), and you will see some number. That is the address of a.
b=a;
Here we are copying the value of a into b, so our boxes become:
+---------------+
v |
+---+ +---+ +----+
| 5 | | 5 | | &a |
+---+ +---+ +----+
a b p
*p= *p +1;
Using the *p syntax, we can dereference the pointer, that means that we can access the memory that p is pointing to (follow the arrow). In this case, *p will allow us to get or set the contents of the a variable. Our boxes now become like this:
+---------------+
v |
+---+ +---+ +----+
| 6 | | 5 | | &a |
+---+ +---+ +----+
a b p
printf(" value of p is = %d\n", *p);
Here you are again dereferencing p, meaning that we are getting the contents of the memory at address p. In our case, this will get the contents of the a variable which is 6.
printf(" value of b is = %d\n", b);
Looking at the b box, we can see that it contains 5.
printf(" value of a is = %d\n",a);
We modified a using the pointer. Looking at the a box, we can see that it contains the value 6.
We go line by line
const int a =5;int b;
In this line, variable b is defined as int and variable a is defined as const int, which means that its value is constant at all lower steps and is equal to 5.
int *p;
p= (int *) &a;
In these two lines, a variable called p is defined as a pointer int, whose value (must be an address from memory cells) is equal to the address of the variable a.
This means that both variables a and p point to a common memory cell.
In other words:
(*p == a) //IS TRUE. Both are equal to 5
and next line:
b = a;
That is, the value of the variable b is also equal to a, which is equal to 5
*p= *p +1;
In this line, a unit is added to the value corresponding to the address p.
We know that the variables a and p point to a common cell of memory.
In fact, this means that we indirectly added a unit to the variable a, which means that both variables have a value of (5 + 1).
And finally, the reason for the output of the last three lines is clear
The problem is entirely in the following line:
p= (int *) &a;
Without the type cast, the line would read:
p = &a;
The type of a is const int.
The type of p is int *.
It is obvious that the compiler should warn about discarding the const qualifier:
warning: assigning to 'int *' from 'const int *' discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
This demonstrates why you should always try to avoid explicit type casting (unless strictly necessary). The author of this code shot themselves in the foot. They introduced undefined behaviour and the obvious problem was hidden, because the warning was discarded or suppressed
I came across an example in a page outlining the various ways to represent a string in C structures. It explains that an array defined in a function outside main will be stored in the stack segment and as such will not necessarily be present following its return potentially causing a runtime error.
HIGHLIGHTED POSSIBLE DUPLICATE EXPLAINED WHY THE ARRAY FAILED ON RETURN I.E THE POINTER TO ELEMENT 0 RETURNED IS NO LONGER VALID BUT DID NOT SHOW THAT THE REASON VARIABLES OF THE SAME STORAGE CLASS (AUTO) ARE SUCCESSFUL IS THAT THEY PASS A VALUE WHICH SURVIVES THE REMOVAL OF THE STACK FRAME
" the below program may print some garbage data as string is stored in stack frame of function getString() and data may not be there after getString() returns. "
char *getString()
{
char str[] = "GfG"; /* Stored in stack segment */
/* Problem: string may not be present after getSting() returns */
return str;
}
int main()
{
printf("%s", getString());
getchar();
return 0;
}
I understand that other local C variables will also be defined in their respective stack frames and obviously they can be returned so why is it an issue for arrays?
Thanks
This should roughly explains what happened, after return from getString(), its stack is not valid anymore.
^ ^
| not valid | ^ ^
+------------+ | not valid |
str--> | "GfG" | | not valid | <---+
| --- | | not valid | |
| stack of | +------------+ |
| getString | | return(str)| ----+
+------------+ | --- |
| | | |
| stack of | | stack of |
| main() | | main() |
+------------+ +------------+
If compiled with gcc -W -Wall (should always use those options), it should give the warning:
warning: function returns address of local variable [-Wreturn-local-addr]
The difference is in returning a value as opposed to returning a pointer.
When you do this:
int f()
{
int x = 9;
return x;
}
int main()
{
int a = f();
printf("a=%d\n", a);
return;
}
This is valid because even though x is out of scope when f returns, it is the value stored in x (9 in this case) that is returned. That value is then assigned to a and subsequently printed.
In your example you're returning an array. In most contexts, an array used in an expression decays into a pointer to its first element. So return str is the same as return &str[0]. That pointer value is returned and passed to printf. Then printf tried to dereference that pointer, but the memory it points to (the array str) is no longer valid.
So you can return values from a function, but if that value is a pointer to a local variable it will not be valid.
There are 2 situations:
When you return a simple value like an int or char from a local function and that variable is defined/declared in that local function. It happens successfully, because while returning the value is actually copied.
Now you have string "GfG" in str and when you do return str, the value that is copied is what is there in str and that is the address location of the array. So in this case the array location (pointer) is copied, while the contents of this array vanishes (since the contents were on local stack frame).
I'm kinda confused:
int* p=1000;
printf("%d\n", (int)(p+sizeof(int))); // what is going on here?
does p point to 1000 or does p = the memory address 1000? If it is the former, could this be achieved achieved like this:
int dummyVariable = 1000;
int * p = &dummyVariable;
The declaration
int* p=1000;
makes p point to the address 1000.
While in the case of
int dummyVariable = 1000;
int * p = &dummyVariable;
you initialize dummyVariable to the value 1000 and make p point to dummyVariable.
Another way to look at it:
In the first case you have
Address 1000
|
v
+---+ +-----+
| p | --> | ??? |
+---+ +-----+
And in the second case you have
Address &dummyVariable
|
v
+---+ +----------------------------+
| p | --> | dummyVariable (value 1000) |
+---+ +----------------------------+
A third way of looking at it, is that the value of p is an integer (that just happens to be an address). In the first case p contains the value 1000, i.e. it's pointing to the address 1000.
In the second case the contents of p is &dummyVariable, i.e. it points to the location in memory where dummyVariable is stored.
As for the printout in the first example giving you the value 1016, that's because of how pointer arithmetic works: Whatever you add to a pointer is multiplied by the size of the base type. So if you have a pointer to int, then everything you add to that pointer will be multiplied by sizeof int.
In your case, the size of int is 4 bytes, so what you are doing is actually 1000 + 4 * 4 which is equal to 1016.
In your example, p is storing the memory address 1000, whatever that memory address is holding. In fact, p resides at another memory address, which, again stores the number 1000, which is a memory address, etc. Your second example is correct: The pointer p is assigned the memory address of dummyVariable, now if you modify dummyVariable or the *p (dereferencing the pointer), the changes will be applied to both (because they point to the same memory space).
int* p=1000;
p is a pointer pointing to memory location 1000.
printf("%d\n", (int)(p+sizeof(int)));
You are trying to access some memory here.( 1000 + sizeof(int))
Directly assigning some random address to a pointer as done here is not a good idea.
You should have got below mentioned warnings:
warning: initialization makes pointer from integer without a cast
warning: cast from pointer to integer of different size
The second part:
int dummyVariable = 1000;
int * p = &dummyVariable;
Here 1000 is a value and pointer p is pointing to a memory location holding 1000.
So both are diffrent.
I tried code like this:
int *a;
*a = 10;
printf("%d",*a);
in eclipse and it is not printing out anything.
is it because I haven't give initial value to a?
Thank you that was helpful. I know it is problematic I just wasn't sure the exact problem
like, if I do printf("%d",a); I can see it does contain something, is it C's rule
that I do have to give it a place to point to then I can start to change the value in that address?
int *a; This defines a variable which is a pointer to an integer type. The pointer type variable a at the creation contains garbage value.
When you do *a = 10; it ties to use the value stored in a , which is garbage, as an address and store the value 10 there. Because we do not know what a contains and it is not allocated so a points to some memory location which is unknown and accessing it will be illegal, and will get you a segmentation fault (or something similar).
Same in the case of printf ("%d", *a); . This also tries to access the value stored at some undefined memory location which you have not allocated.
.
this variable is this is the location
stored in some with the address
address on the 'garbage'. You do not
stack have permissions to
access this
+-------+---------+
| name | value |
+-------+---------+ +---------+
| a | garbage |---->| ????? |
+-------+---------+ +---------+
After you have defined the pointer type variable, you need to request for some memory location from the operating system and use that memory location value to store into a, and then use that memory location through a.
To do that you need to do the following:
int *a;
a = malloc (sizeof (int)); /* allocates a block of memory
* of size of one integer
*/
*a = 10;
printf ("%d", *a);
free (a); /* You need to free it after you have used the memory
* location back to the OS yourself.
*/
In this case it is like below:
After *a = 10; . The pointer variable is allocated in the stack. At this moment the a contains a garbage value. Then a points to an address with that garbage value.
this variable is this is the location
stored in some with the address
address on the 'garbage'. You do not
stack have permissions to
access this
+-------+---------+
| name | value |
+-------+---------+ +---------+
| a | garbage |---->| ????? |
+-------+---------+ +---------+
After a = (int *) malloc (sizeof (int)); . Let us assume that malloc returns you some address 0x1234abcd, to be used. At this moment a will contain 0x1234abcd then a points to a valid memory location which was allocated and reserved for you to be used. But note that the value inside 0x1234abcd can be anything, ie. garbage. You can use calloc to set the contents of the memory locations you allocate to 0.
this variable is this is the location
stored in some 0x1234abcd , allocated
address on the by malloc, and reserved
stack for your program. You have
access to this location.
+-------+------------+
| name | value |
+-------+------------+ +---------+
| a | 0x1234abcd |---->| garbage|
+-------+------------+ +---------+
After *a = 10; , by *a you access the memory location 0x1234abcd and store 10 into it.
this variable is this is the location
stored in some 0x1234abcd , allocated
address on the by malloc, and reserved
stack for your program. You have
access to this location.
+-------+------------+
| name | value |
+-------+------------+ +---------+
| a | 0x1234abcd |---->| 10 |
+-------+------------+ +---------+
After free (a) , the contents of a ie. the memory address 0x1234abcd will be freed, ie returned back to the operating system. Note that after freeing the 0x1234abcd the contents of a is still 0x1234abcd , but you can no more access it legally, because you just freed it. Accessing the contents pointed by the address stored in a will result in undefined behavior, most probably a segmentation fault or heap corruption, as it is freed and you do not have access rights.
this variable is this is the location
stored in some 0x1234abcd , allocated
address on the by malloc. You have freed it.
stack Now you CANNOT access it legally
+-------+------------+
| name | value |
+-------+------------+ +---------+
| a | 0x1234abcd | | 10 |
+-------+------------+ +---------+
the contents of a remains
the same.
EDIT1
Also note the difference between printf ("%d", a); and printf ("%d", *a); . When you refer to a , it simply prints the contents of a that is 0x1234abcd. And when you refer *a then it uses 0x1234abcd as an address , and then prints the contents of the address, which is 10 in this case.
this variable is this is the location
stored in some 0x1234abcd , allocated
address on the by malloc, and reserved
stack for your program. You have
access to this location.
+-------+------------+
| name | value |
+-------+------------+ +---------+
| a | 0x1234abcd |---->| 10 |
+-------+------------+ +---------+
^ ^
| |
| |
(contents of 'a') (contents of the )
| (location, pointed )
printf ("%d", a); ( by 'a' )
|
+----------------+
|
printf ("%d", *a);
EDIT2
Also note that malloc can fail to get you some valid memory location. You should always check if malloc returned you a valid memory location. If malloc cannot get you some memory location to be used then it will return you NULL so you should check if the returned value is NULL or not before use. So finally the code becomes:
int *a;
a = malloc (sizeof (int)); /* allocates a block of memory
* of size of one integer
*/
if (a == NULL)
{
printf ("\nCannot allocate memory. Terminating");
exit (1);
}
*a = 10;
printf ("%d", *a);
free (a); /* You need to free it after you have used the memory
* location back to the OS yourself.
*/
You haven't allocated memory for a.
Try
int *a;
a = (int*)malloc(sizeof(int)); //Allocating memory for one int.
*a = 10;
printf("%d", *a);
free(a); //Don't forget to free it.
When you declare the pointer, the compiler is only going to reserve memory to store a pointer variable. If you want that pointer to point to something after the fact, it has to be something that had its own memory allocated. Either point it at something that was declared as an int, or allocate memory from the heap for an int.