Suppose I declare a variable x and leave it uninitialized. I go on to print its value. I see some junk.
Where does it come from? Also why is it not used to generate random numbers? I mean instead of using a pseudo random generator.
Asked
Active
Viewed 2,157 times
7
-
2http://research.swtch.com/openssl – Josh Lee Jun 20 '13 at 14:44
-
Just try it, launch several times your program printing the variable value: you'll see that it is far from being usable as random value – Antonio Jun 20 '13 at 14:45
-
I did. And its giving me the same value each time. How does C Memory Deallocation work? – Vinu K S Jun 20 '13 at 14:49
-
1Also see [Is uninitialized local variable the fastest random number generator?](http://stackoverflow.com/a/31746063/1708801) – Shafik Yaghmour Aug 03 '15 at 12:39
4 Answers
8
The 'random' value is simply what's left in memory at that location. Memory usually isn't erased/zeroed when it's freed so whatever was there will linger until it's overwritten.
Kninnug
- 7,992
- 1
- 30
- 42
-
1See [my comment above](http://stackoverflow.com/questions/17216663/how-does-an-uninitialized-variable-get-a-random-value#comment51503431_17216663) ... you should note this is undefined behavior. – Shafik Yaghmour Aug 03 '15 at 12:42
1
The junk may come from two places:
- When dynamic RAM is powered up, the cells remain in arbitrary state until initialized; this is a property of most hardware implementations of memory
- When your program runs, it leaves behind values of variables that have been used before but are no longer in scope. This property may be used for attacks: analyzing junk left over by your program may give information to unscrupulous writers of plug ins or other libraries that you use.
Sergey Kalinichenko
- 714,442
- 84
- 1,110
- 1,523
0
The value of an uninitialized variable is the value present at the corresponding memory area before it has been assigned to this variable. Most of the time it is unpredictable and depend of whatever happened before within this memory area.
This is actually sometimes used as additional entropy to generate pseudo-random numbers. Years ago, a Debian developers thought that an uninitialized variable was a bug in OpenSSL and set it to zero. Then the generated keys became somewhat guessable and now every Debian users have to install a long list of black listed keys on their machines.
Flyer
- 327
- 2
- 14
0
The short answer? It depends on your compiler - but don't do it.
The long answer:
Accessing the value of an uninitialized POD (plain old data, such as int) type invokes undefined behavior, which means the C standard does not place any requirements on a conforming implementation in this situation. Thus, a compiler is permitted to emit machine code that launches nethack, formats your hard drive, or does nothing at all, while still conforming to the C standard - as long as it can prove that undefined behavior occurs anywhere in your program.
(Also read: What Every C Programmer Should Know About Undefined Behavior)
So, what actually (probably) happens?
On most modern compilers without optimization enabled, the compiler will simply assign a slot on the stack (or a register) to the variable, then access whatever was at that location before when asked. The result is what appears to be "random memory", though in reality it's not very random at all.
What might happen if I enabled optimizations?
If you then go to compile your code on a higher optimization level (or the compiler is updated and now optimizes more aggressively), all bets are off. For example, the compiler may remove any calls that involve x, assign x to the same location as some other variable (arguing that x cannot possibly be used, since it isn't initialized yet), or any other combination of strange effects.
In other words, the moment you access that uninitialized variable, your program can start doing anything outside your control. Don't do it - here be dragons.
Treeston
- 390
- 1
- 7