Automatic storage and C99 VLA array

Question

If I have the following:

int *test()
{
    int d = 10;
    int a[d];

    a[0] = 10;
    a[1] = 20;

    printf("%p\n", a);

    return a;

}

int main(void)
{
    int *a = test();

    printf("%p %d\n", a, a[0]);

    return 0;
} 

when I return a from test to main the memory allocated for a inside test is not destroyed. But why? Isn't a an automatic storage variable that die when the block function exit? In fact when I compile the code the compiler warn me with:

function returns address of local variable [-Wreturn-local-addr]

The same thing happen if I use a static array.

Answer 1

The requirement is not for the memory to be "destroyed" (whatever it could mean - filling with zeros?) the standard says only that such code as yours triggers undefined behaviour - and undefined behaviour may mean anything, including the situation in which the memory for some time has the same content. But still it is undefined behaviour and your code is erroneous.

Answer 2

There is no requirement in the C standard to "destroy" the data stored in a variable that goes out of scope.

It isn't safe to access a after it has gone out of scope. The memory is free to use for other purposes. What happens if you access the memory is unspecified. It may return the value you put there, it may return some other (junk) value, it may cause a program crash or it may blow up the island of Manhattan.

The last option is very unlikely though, I haven't come across any C compiler that generates code that does that.

Answer 3

a is a local variable. "Local" as in function-local. a doesn't exist any more once test() returns. Thus you return a pointer to an object that doesn't exist any more, and the compiler rightly complains.

You can either pass an array as parameter to test() and fill that array within test(), or you can actively allocate memory on the heap with malloc() within test() and return a pointer to that. Note that the caller then has to free() said memory again to prevent memory leaking.