Order of local variable allocation on the stack

Question

Take a look at these two functions:

void function1() {
    int x;
    int y;
    int z;
    int *ret;
}

void function2() {
    char buffer1[4];
    char buffer2[4];
    char buffer3[4];
    int *ret;
}

If I break at function1() in gdb, and print the addresses of the variables, I get this:

(gdb) p &x  
$1 = (int *) 0xbffff380
(gdb) p &y
$2 = (int *) 0xbffff384
(gdb) p &z
$3 = (int *) 0xbffff388
(gdb) p &ret
$4 = (int **) 0xbffff38c

If I do the same thing at function2(), I get this:

(gdb) p &buffer1
$1 = (char (*)[4]) 0xbffff388
(gdb) p &buffer2
$2 = (char (*)[4]) 0xbffff384
(gdb) p &buffer3
$3 = (char (*)[4]) 0xbffff380
(gdb) p &ret
$4 = (int **) 0xbffff38c

You'll notice that in both functions, ret is stored closest to the top of the stack. In function1(), it is followed by z, y, and finally x. In function2(), ret is followed by buffer1, then buffer2 and buffer3. Why is the storage order changed? We're using the same amount of memory in both cases (4 byte ints vs 4 byte char arrays), so it can't be an issue of padding. What reasons could there be for this reordering, and furthermore, is it possible by looking at the C code to determine ahead of time how the local variables will be ordered?

Now I'm aware that the ANSI spec for C says nothing about the order that local variables are stored in and that the compiler is allowed to chose its own order, but I would imagine that the compiler has rules as to how it takes care of this, and explanations as to why those rules were made to be as they are.

For reference I'm using GCC 4.0.1 on Mac OS 10.5.7

Answer 1

Usually it has to do with alignment issues.

Most processors are slower at fetching data that isn't processor-word aligned. They have to grab it in pieces and splice it together.

Probably what's happening is it's putting all of the objects which are bigger than or equal to the processor optimal alignment together, and then packing more tightly the things which may not be aligned. It just so happens that in your example all of your char arrays are 4 bytes, but I bet if you make them 3 bytes, they'll still end up in the same places.

But if you had four one-byte arrays, they may end up in one 4-byte range, or aligned in four separate ones.

It's all about what's easiest (translates to "fastest") for the processor to grab.

Answer 2

My guess is that this has something to do with how the data are loaded into registers. Perhaps, with char arrays, the compiler works some magic to do things in parallel and this has something to do with the position in memory to easily load the data into registers. Try compiling with different levels of optimization, and try using int buffer1[1] instead.

Answer 3

It could also be a security issue?

int main()
{
    int array[10];
    int i;
    for (i = 0; i <= 10; ++i)
    {
        array[i] = 0;
    }
}

If array is lower on the stack than i, this code will loop infinitely (because it mistakenly accesses and zeroes array[10], which is i). By placing array higher on the stack, attempts to access memory beyond the end of the stack will be more likely to touch unallocated memory, and crash, rather than causing undefined behavior.

I experimented with this same code one time with gcc, and was not able to make it fail except with a particular combination of flags that I do not remember now.. In any case, it placed array several bytes away from i.

Answer 4

Interestingly if you add an extra int *ret2 in function1 then on my system the order is correct whereas its out of order for just 3 local variables. My guess is it's ordered that way due to reflect the register allocation strategy that will be used. Either that or it's arbitrary.

Answer 5

I've no idea why GCC organizes its stack the way it does (though I guess you could crack open its source or this paper and find out), but I can tell you how to guarantee the order of specific stack variables if for some reason you need to. Simply put them in a struct:

void function1() {
    struct {
        int x;
        int y;
        int z;
        int *ret;
    } locals;
}

If my memory serves me correctly, spec guarantees that &ret > &z > &y > &x. I left my K&R at work so I can't quote chapter and verse though.

Answer 6

Not only does ISO C say nothing about the ordering of local variables on the stack, it doesn't even guarantee that a stack even exists. The standard just talks about the scope and lifetime of variables inside a block.

Answer 7

It's completely up to the compiler. Beyond this, certain procedure variables might never be placed on the stack at all, as they can spend their whole lives within a register.

Answer 8

So, I did some more experimenting and here's what I found. It seems to be based on whether or not each variable is an array. Given this input:

void f5() {
        int w;
        int x[1];
        int *ret;
        int y;
        int z[1];
}

I end up with this in gdb:

(gdb) p &w
$1 = (int *) 0xbffff4c4
(gdb) p &x
$2 = (int (*)[1]) 0xbffff4c0
(gdb) p &ret 
$3 = (int **) 0xbffff4c8
(gdb) p &y
$4 = (int *) 0xbffff4cc
(gdb) p &z
$5 = (int (*)[1]) 0xbffff4bc

In this case, ints and pointers are dealt with first, last declared on the top of the stack and first declared closer to the bottom. Then arrays are handled, in the opposite direction, the earlier the declaration, the highest up on the stack. I'm sure there's a good reason for this. I wonder what it is.