Structs in Wonderland

Jul 19

Embedded Systems, High-Integrity Software, Tips and Tricks

I’ve been writing software in C since 1991. While that was shortly after the ratification of the C89/90 standard, it took at least a few years for most compilers to catch up. So my formative years in C were spent developing code for compilers that weren’t yet standards conformant. Certain features were hit and miss. Since much of my development work involves C, I try to keep up with new developments. I freely admit that I don’t know it all; and every few years someone teaches me a new trick or hack that makes life just a little bit easier. Recently, I found a major gap in my understanding of one important aspect of the language.

In this article, I hope to explain some semantics in the C language that don’t seem to be widely understood. Surely, some of you will know this information, but in seeking an explanation for the issue I was seeing, I could not find a single explanation or example that would suggest these rules until I dug deep into the standard.

For quite some time now, I’ve been engaged in a project involving modifying a very large open-source code-base for a tool-suite targeting developers of high-assurance software. The code quality has been very impressive; and much of my work so far has been porting, reviewing, and documenting the code. A few days ago, I started on a new section of the suite and became very concerned about the defects I began to see. In fact, I was seeing the same two defects over and over. Oddly, this code seemed to work fine. At first I thought that the developers must have been playing on some kind of implementation defined behavior, then I realized that this code had been successfully used on at least 3 different compilers, and had been proven on more than a half-dozen platforms. Clearly there was something to learn here.

The “issue” I had been seeing was that functions were directly returning typedef’d structs; and the return value was being used to initialize equivalent structures in the calling functions. This went against what I thought I knew about the legalities of working with structs in C. I scoured the web looking for examples or tutorials that would explain it, but I found none. Assembly language listings showed that correct code was being generated, though it was less efficient than I would have expected. Stymied, I dug into my trusty copy of IEC-ISO 9889:1999. The standard gave no comparable examples either, but lack of example does not make it illegal, and with bit more digging I was able to figure out what was going on, and why it was in fact legal and well-formed C source code.

The information I sought was scattered among several sections. Rather than quoting these diverse bits and trying to build a case, I will simply provide my interpretation with relevant examples.

Simple Rules for structs

Structs can always be initialized by a brace enclosed initializer list:

struct a {int x, y, z; char a[3]; char b;} foo = { 6, 7, 8, "jk", 'L' };

Structs may have their elements selectively or partially initialized using dot notation:
```
struct a gee = { .y = 5, .a = "hi" };
```

Within functions, structs can always be assigned to equivalent structs:

void fnA( void ) {
  struct a bar;
  bar = foo;
  /* ... do more here ... */
}

For auto-storage (stack-based) structs and unions, initialization may be performed by any expression that returns a compatible struct or union type (i.e. initialization by copy):
```
void fnB( void ) {
  struct a snaf = foo;
  /* ... do more here ... */
}
```

Structs used as function parameters and returns are passed by value (i.e. copy semantics are used):

struct a   myfunc(  struct a  arg1 ) { return arg1; }

int main( int argc, char** argv ) {
  struct a   golly   = myfunc( gee );
  /* ... do more here ... */
  return 0;
}

It should be noted that the last example is very inefficient since, disregarding any possible optimizations, gee will first be copied to the parameter, then to the result, then to golly.

Though I am now sure that the code I was seeing is legal; given the inefficiencies of copying structures and the large number of structs being set, I believe the originators of the application I'm dealing with would have significantly improved performance by using a pass-by-reference (pointer) strategy. While I have worked with structures in countless programs, I tend not to do direct struct-to-struct assignments, preferring to use memcpy or, for small stable (unlikely to change) structures, direct member to member copies.

It's been more than 20 years since the first ANSI C standard added struct-to-struct copying to C. It seems that many of the above implications of this change have gone unnoticed by most C developers. Perhaps I'm unique, and information in this article is a bizarre gap in my education; but the lack of information in books and on the internet leads me to believe that I'm not alone.

c-language-programming, code-inspection, Embedded Systems, High-Integrity Software, Tips and Tricks

Bookstore

Comments

Max H
July 23rd, 2010 at 11:43 PM
A reader on LinkedIn posed the following question:

I do not know the standards well, so could you direct me to where in they state that the copy semantics of structs exclude any array members. This seems inherently wrong not to copy all member of the structure. It could also take a alot more instructions, depending on how many array intermixed in the structure, to do a selective copy than just copy the whole structure.

As I said, these are my interpretations of the standard. In reviewing the materials to respond to your question, I found that I had misread one section, and failed to consider the technical corrigenda. I also dug a bit deeper by looking at “The New C Standard”, by Derek M. Jones. I now believe that a more correct interpretation is that the copying of array members in structs is implementation optional.

The rule in question is not explicitly stated anywhere that I can find, and I am not entirely confident that my interpretation is correct.
Nonetheless here are the areas that lead me to this conclusion:
- Section 6.5.16.1 Makes no provision for an assignment to an array. (i.e. direct array-to-array copy is not supported).
- Footnote 42 to Section 6.2.6.1 par 6 indicates that a structure assignment may be copied via a memcpy or via element-by-element copy. If the latter is used, I would expect it to be via the rules of the previously mentioned section.
- Section 6.7.2.1, was heavily ammended by TC2. According to the new paragraph 22, which is discussing flexible array members, it indicates that the portions of the flexible array member which reside within the structure size may either be copied or overwritten by arbitrary data. While this is a specific case, the treatment seems consistent with my interpretation.
By the way, inefficient or not, the compiler implementation I am dealing with is performing the member-by-member copy of structs.
Max H

July 27th, 2010 at 5:59 PM

Because I was not sure of my interpretation, I contacted Mr. Derek Jones, a member of the C standards committee, and author of “The New C Standard” (linked in my previous comment); and asked him to provide feedback on the article. His response follows:

All named members of a structure are required to be copied by a
conforming implementation, including arrays.
The only places where implementations may vary is in the handling
of any padding between named members, they are not required to
copy this.
See sentence 1298.

I can see how you might connect 6.5.16.1 and footnote 42 to think
that members having an array type would not be copied. The reason
that arrays cannot be copied is that they degenerate to pointers to
their first element, loosing all ‘arrayness’ information in the process.

Unless the struct is very small it is much more efficient to pass its
address. Of course this usage requires that the called function does
not modify the contents of the struct.

As s1298 struct assignment can be more efficient than using memcpy (gcc
does do fancy things to figure out alignment of the objects passed to
memcpy). Member by member copy can be more efficient for low numbers
of members because it has no loop overhead.

If you are making lots of very similar changes to C source you might be
interested in using Coccinelle:
http://shape-of-code.coding-guidelines.com/2009/01/08/semantic-pattern-matching-coccinelle/

You are welcome to copy-and-paste this to the comment section of your blog.

–
Derek M. Jones tel: +44 (0) 1252 520 667
Knowledge Software Ltd mailto:derek@knosof.co.uk
Source code analysis http://www.knosof.co.uk

Thank you Mr. Jones for your kind and prompt response.
Max H

August 6th, 2010 at 11:12 AM

The article was updated today to reflect the information in the above comment. This was done because I have seen comments by readers on LinkedIn were who not cognizant of the new information. I hope the changes will eliminate some of the confusion.

My update covered the two paragraphs that immediately followed the last line of sample code. The original text of these paragraphs was as follows:

Now there are two issues that should be emphasized about the above examples. First, the copy semantics of structs exclude any array members, so the member a will not be initialized or modified in any of the examples except the first two. Second, the last example is very inefficient since, disregarding any possible optimizations, gee will first be copied to the parameter, then to the result, then to golly.

Though I am now sure that the code I was seeing is legal; given the inefficiencies of copying structures and the large number of structs being set, I believe the originators of the application I’m dealing with would have significantly improved performance by using a pass-by-reference (pointer) strategy. While I have worked with structures in countless programs, I tend not to do direct struct-to-struct assignments, preferring to use memcpy. The latter works whether the struct contains member arrays or not, so treatment can be consistent throughout and across applications.

While I am grateful for Derek Jones response, and I accept his interpretation as authoritative with respect to the intent of the standard, my own experience and articles/advice I’ve seen from other developers leads me to believe that at least some embedded compiler vendors shared my original interpretation; so I recommend that you tread carefully if you decide to use struct-to-struct copy with array members. Run a few quick tests to make sure the implementation performs as you expect it to.

As I side-note, I was very impressed with the Coccinelle tool that Mr. Jones mentioned. I am quite sure I will be able to make use of it; and perhaps I’ll give it a review here then. In the meantime, it looks amazingly useful for anyone who is maintaining or updating a large code base, either for use in review or bulk-update.

You must be logged in to post a comment.

M	T	W	T	F	S	S
« Jun
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

My2Cents