Why does overflowing array initialization give warning but overflowing assignment does not?

Question

Why does int a[5] = {1,2,3,4,5,6} give a warning while int a[5] = {1,2,3,4,5}; a[5] = 6; does not?

Is it a good practice to do this when I initially declared the array size to be 5?

What if I don't know the size of my array? Can I declare it like this int a[]?

Answer 1

Why does int a[5] = {1,2,3,4,5,6} give a warning while int a[5] = {1,2,3,4,5}; a[5] = 6; does not?

The assignment gives you a warning because you know the size of the variable in the initialization statement, and it is obviously violating the size of your declaration. You don't have the size of the array from a in the line a[6] = 6, so for the compiler it seems ok. Of course the level of warnings change from compiler to compiler, and for some compilers you can specify extra warnings.

For example, using gcc, you could use the flags -Wextra and -Wall to get a lot of warnings. Receiving warnings is a good thing, because the compiler helps you to find possible caveats without needing to debug your code. Of course, they are only good if you fix them :-)

Is it a good practice to do this when I initially declared the array size to be 5?

It is never a good practice to assign an integer to a place in memory that you didn't declare - you can't be sure where this value is being written, and it can be overwriting another variable, or worse, partially overwriting some other variable or the stack. Since this kind of stuff is different from compiler to compiler, as @PascalCuoq pointed out, it is called undefined behavior, and is something you want to avoid at all costs. Of course, since it is undefined, it can happen that your program will execute just fine after this declaration, yet it is a very poor practice.

However, there is nothing wrong with initializing an array with fixed size, if it will not change. You should avoid magic numbers and use constants instead, like MAX_NUMBER_OF_PERMUTATIONS or CURRENCIES_SIZE, for instance.

Can I declare it like this: int a[]?

Declaring it as int a[] is a shorthand when you are initializing a fixed array and the compiler can specify the number of elements. For example:

int a[] = {1,2,3}; //this is good
int b[3] = {1,2,3}; //same from above

In the past it was usual declare int a[]; however it don't works in every compiler, so should be avoided. (Thanks @PascalCuoq for pointing this out)

What if I don't know the size of my array?

If you don't know the size of your array, you should declare it as a pointer, like int * a and manage the memory yourself using malloc, realloc, calloc and similar system calls. Please do a good job and learn about free too - the world will thank you later. You should read about pointers instead of arrays if you are looking for dynamic memory allocation.

Answer 2

Why does int a[5] = {1,2,3,4,5,6} give a warning while int a[5] = {1,2,3,4,5}; a[6] = 6; does not?

Warnings are only the compiler trying to help you. The compiler does not have to warn everytime you do something wrong. There are too many ways to write incorrect programs, and compilers cannot warn for all of them.

Is it a good practice to do this when I initially declared the array size to be 5?

No. When a is an array of size 5, accessing a[6] or a[5] invokes undefined behavior (translation: it is very bad). The traditional saying about undefined behavior is that it allows the compiler to make daemons fly out of your nose:

During a discussion on that group in early 1992, a regular remarked “When the compiler encounters [a given undefined construct] it is legal for it to make demons fly out of your nose” (the implication is that the compiler may choose any arbitrarily bizarre way to interpret the code without violating the ANSI C standard).

So, in short, always avoid undefined behavior in your C programs.

What if I don't know the size of my array? Can I declare it like this int a[]?

No, you can't. You have to know the size of your array when you declare it. int a[]; would declare an incomplete array, which is not what you want (here is a link about incomplete types, but if you are asking about accessing the sixth element of a five-element array, you just don't want to hear about incomplete types yet). If you do not know the size you will eventually need, learn about malloc() and realloc().

Answer 3

In your second example, the compiler is doing pointer math to figure out where to put the integer. In older C implementations, an array is not a first-class type, so there's no range checking available. Some newer ones can detect out-of-bounds errors.

If you need to dynamically allocate arrays, this is the correct pattern:

int *a;
// calloc( elements, size)
// create an array of 6 elements, 0..5
a = calloc(6, sizeof(int));
// use like a[5]=6, be sure to free(a) later. 

Check the calloc and free references.

Answer 4

The question: Why does

int a[5] = {1,2,3,4,5,6};

give a warning while

 int a[5] = {1,2,3,4,5};
 a[5] = 6;

does not?

That's actually a very good question, and I don't have a really good answer to it.

As for what the C language standard says, the initialization is a constraint violation, which means that a conforming compiler must issue a diagnostic, and may reject the program. (gcc does so with the -pedantic-errors option, which I recommend using).

In the second case, a[5] = 6; has undefined behavior. The language doesn't require a diagnostic, but it certainly permits one, and a sufficiently clever compiler could warn about it. When the compiler sees the assignment to a[5], it knows (or could know) that a has only 5 elements and you're trying to access the 6th element. gcc, at least doesn't do so, at least not with the options I tried.

Why does the standard require a diagnostic for the first case but not for the second? Because the first error can always be detected at compile time. A compiler has to know how big a is, because the declaration is creating it; it has to allocate memory for it. In a declaration like that, the size is always known at compile time. (There are variable-length arrays, but you can't use that kind of initializer for them.)

In a[5] = 6;, the compiler would have to perform more analysis to detect the error, analysis that's not always possible. You could as easily have written:

a[n] = 6;

which would be just as bad if n happens to be 5 -- but the compiler would have to determine at compile time the value that n is going to have at run time to diagnose it. Compilers can sometimes perform that kind of analysis, but there are cases where it's theoretically impossible.

So why doesn't gcc diagnose the particular case of a[5] = 6;? It's probably just a matter of where the developers of gcc chose to devote their time and other resources.