Object 离开 function 后仍然可以到达

Question

#include <stdio.h>

typedef struct node {
  int val;
} node;

node *copy(node *x) {
  node *tmp = &((node){.val = 10});                                             
  return tmp;
}

int main() {
  // node *a = &((node){.val = 9});
  node *a = 0;
  a = copy(a);
  printf("%d\n", a->val);
  return 0;
}

As far as I know, every object inside the stack of function will be not accessible after leaving function. However, it doesn't.

I used GDB to inspect where is the object.

(gdb) b 9
(gdb) b 16
(gdb) r
(gdb) p $rsp
$8 = (void *) 0x7fffffffdcc0
(gdb) p $rbp
$9 = (void *) 0x7fffffffdcf0
(gdb) p tmp
$7 = (node *) 0x7fffffffdcdc
(gdb) c

(gdb) p $rsp
$10 = (void *) 0x7fffffffdd00
(gdb) p $rbp
$11 = (void *) 0x7fffffffdd10
(gdb) p a
$12 = (node *) 0x7fffffffdcdc

You can see the variable 'a' point to 0x7fffffffdcdc which is not between $rsp and $rbp. Finally the program prints "10" without any error message. I can't understand why it can works.

Answer 1

When an object goes out of scope, you can no longer access it by its symbol name.

If you take a pointer (memory address) to the object and return it as you have, the pointer refers to the memory where the object once existed . Nothing specifically happens to that memory content when the object goes out of scope - it just becomes available for other purposes. So if that memory has not yet been reused, it is not remarkable that the memory occupied by the object has not changed.

You are looking at a ghost of an object. It won't survive long. for example if you do:

  printf("%d\n", a->val);
  printf("%d\n", a->val);

You will most likely find that by the second printf() call it has been modified, because the printf() call has used the stack space previously occupied by tmp in copy.

Strictly it is undefined behaviour and anything could happen. In practice what I have described is " typical " - if something different happens for you, then shrug , other things are possible.