clanguage-lawyer

Does the C standard keep the return struct of a function on the stack if I keep a pointer to a value inside it?

Take this arguably questionable code.

struct X {
     int arr[1];
     float something_else;
};
    
struct X get_x(int first)
{
     struct X ret = { .arr = { first } };
     return ret;
}

int main(int argc, char **argv) {
    int *p = get_x(argc+50).arr;
    
    return *p;
}

get_x returns a struct X. I'm only interested in its member arr. Why would I make a local variable for the entire struct if I only want arr...

But.. is that code correct?

In the shown example, does the C standard know to keep the return value of get_x on the stack until the end of the calling stack frame because I'm peeking inside it with a pointer?

Solution

  • What you're doing is not allowed by the standard.

    The struct returned from the function has temporary lifetime which ends outside of the expression it is used in. So right after p is initialized, it points to an object whose lifetime has ended and its value becomes indeterminate. Then attempting to dereference p (which is now indeterminate) in the following statement triggers undefined behavior.

    This is documented in section 6.2.4p8 of the C standard:

    A non-lvalue expression with structure or union type, where the structure or union contains a member with array type (including, recursively, members of all contained structures and unions) refers to an object with automatic storage duration and temporary lifetime. Its lifetime begins when the expression is evaluated and its initial value is the value of the expression.
    Its lifetime ends when the evaluation of the containing full expression or full declarator ends. Any attempt to modify an object with temporary lifetime results in undefined behavior.

    Where the lifetime of an object and what happens to a pointer to an object when its lifetime ends is specified in section 6.2.4p2:

    The lifetime of an object is the portion of program execution during which storage is guaranteed to be reserved for it. An object exists, has a constant address, and retains its last-stored value throughout its lifetime. If an object is referred to outside of its lifetime, the behavior is undefined. The value of a pointer becomes indeterminate when the object it points to (or just past) reaches the end of its lifetime

    If you were to assign the return value of the function to an instance of struct X, then you can safely access the arr member of that instance.