ansaurus

Question

Answer 1

+3 A:

This is not a bug in gcc. A jump is just a jump in C. There is no special logic applied. The issue is that you are not initializing your pointers to NULL first. If you were to do that then you free call would be free(NULL) which would not crash. Start the function with char *p1 = NULL, *p2 = NULL; and all will be well.

charlieb 2010-05-12 18:34:33

It is cleaner to define the variables closer to where they are used. It is also cleaner to centralize the error handling at the end of the function and to just jump to it on error.

florin 2010-05-12 18:36:14

I agree in principle and I like your solution but if you can see the whole function on one screen then where you declare the variables becomes moot. If you can't see the whole function on one screen then you have bigger problems.

charlieb 2010-05-12 18:45:30

Yes, I agree pointers and all other variable should be initialize to something before you use them. In the example, you are referencing an uninitialized variable.

Jim Tshr 2010-05-12 19:14:32

+1; you can mark code sections within your answer with backticks

Christoph 2010-05-12 19:27:34

Answer 2

+11 A:

You can ask gcc to warn you when you jump over a variable definition by using -Wjump-misses-init and then you can use -Werror to force the users to deal with it. This warning is included in -Wc++-compat so the gcc developers are aware that the code behaves differently in C versus C++.

You could also change the code slightly:

int func()
{
    char *p1 = malloc(...);
    if (p1 == NULL)
        goto err_exit_1;

    char *p2 = malloc(...);
    if (p2 == NULL)
        goto err_exit_2;

    ...

err_exit_2:
    free(p2);
err_exit_1:
    free(p1);

    return -1;
}

... and just keep pairing labels with initialized variables. You'll have the same problem with calling many other functions with unitialized variables, free just happens to be a more obvious one.

florin 2010-05-12 18:35:07

You can actually do one better - `-Werror=jump-misses-init` will turn only that warning into an error (this has been available since gcc 4.3, I think).

Jefromi 2010-05-12 18:36:43

@Jefromi - very nice, I wasn't aware of that.

florin 2010-05-12 18:38:54

Kinda off-topic, but while I'm at it, gcc also understands `-Wno-error=...`, so that you can turn all warnings to errors then exclude certain ones, if you like.

Jefromi 2010-05-12 18:41:06

This code has an error. If either malloc fails you still try to `free(NULL)` at least once.

nategoose 2010-05-12 22:09:04

@nategoose - `free(NULL)` is legal and is defined as a no-op.

R Samuel Klatchko 2010-05-12 22:19:24

@nategoose Good point, the labels should each be one line lower than they are.

Nick Lewis 2010-05-12 22:20:48

@nategoose: On can call it "inefficiency", but it is not an error. `free(NULL)` is a perfectly legal thing to do.

AndreyT 2010-05-12 23:19:23

Answer 3

A:

Using gotos is not a smart idea, and you've just found one reason why. You should call an error handling function for each individual error.

DeadMG 2010-05-12 19:07:15

The problem is not specific to `goto`. The same problem can be reproduced with other kinds of jumps, like `switch/case` statement.

AndreyT 2010-05-12 19:15:05

This is just silly. `goto` has perfectly useful applications, and it's use here can be seen mirrored in almost all major C projects, including the Linux kernel. Using `goto` for error handling is a well-established "good" use of `goto`. Stop advancing the ignorant and categorical banning of misunderstood language features!

Chris Lutz 2010-05-12 19:16:56

This answer is just plain old wrong. florin's answer is the standard idiom at work here.

Joshua 2010-05-12 19:18:06

Guess I'm just out of date.

DeadMG 2010-05-12 20:57:11

Answer 4

+4 A:

A jump like that is indeed allowed by the standard, so this is not a bug in GCC. The standard lists this situation as a suggested warning in Annex I.

The only restriction imposed on jumps in C99 with regard to scope is that it is illegal to jump into scope of a variable of variably modified type, like a VLA

int main() {
  int n = 5;
  goto label; // <- ERROR: illegal jump
  int a[n];
label:;
}

In other words, it is not correct to say that "a jump is just a jump in C". Jumps are somewhat restricted when it comes to entering variable scope, albeit not as strictly as in C++. The situation you describe is not one of the restricted ones.

AndreyT 2010-05-12 19:11:24

Answer 5

A:

if i compile this code with -O2 flag

gcc -Wall -std=c99 -O2 jump.c

i've got warning:

jump.c: In function ‘func’:
jump.c:10: warning: ‘p2’ may be used uninitialised in this function

and no warning without optimization

oraz 2010-05-12 19:16:02

Answer 6

A:

As AndreyT says, jumping over the initialisation is allowed by C99. You can fix your logic by using seperate labels for the two failures:

int func()
{
    char *p1 = malloc(...);
    if (p1 == NULL)
        goto err_exit_p1;

    char *p2 = malloc(...);
    if (p2 == NULL)
        goto err_exit;

    ...

err_exit:
    free(p2);
err_exit_p1:
    free(p1);

    return -1;
}

This is a standard pattern - "early errors" cause a jump to a later part of the error exit code.

caf 2010-05-12 23:40:56

My real concern is how to identify where code like this may have made it into our code base.

R Samuel Klatchko 2010-05-13 00:17:56

@R Samuel Klatchko: If you compile with `-Wuninitialized` (which required `-O1` or higher) then you will get a warning: `foo.c:10: warning: ‘p2’ may be used uninitialized in this function`

caf 2010-05-13 00:37:45

@caf - thanks for the suggestion. Unfortunately, `-Wuninitialized` does not catch this for me (we are still using gcc 3.4.5).

R Samuel Klatchko 2010-05-13 00:51:06

Answer 7

+2 A:

Hmm, it's not because the new standard allows for variable declarations anywhere that it's always a good idea to use it. In your case I would do like we did it in classic C.

int func()
{
char *p1 = NULL;    /* So we have a definite value */
char *p2 = NULL;

  p1 = malloc(...);
  if(!p1)
    goto err_exit;

  p2 = malloc(...);
  if(!p2)
    goto err_exit;

  ...

  err_exit:
    free(p2);
    free(p1);

  return -1;
}

tristopia 2010-05-13 15:46:07

+1 I prefer just a single goto label for simple cases such as this which don't require separate labels for 'early errors'.

James Morris 2010-05-13 18:18:12

ansaurus

tags:

views:

answers:

c99 goto past initialization

related questions