Cant understand how the program given in my book leads to the conclusion that a pointer can retrieve the value from the address

Question

#include <stdio.h>
#include <stdlib.h>

int* test(int); // the prototype

int main()
{
    int var = -20;
    int *ptr = NULL;
    ptr = test(var);
    printf("This is what we got back in main(): %d \n", *ptr);
    return 0;
}

int* test(int k)
{
    int y = abs(k);
    int *ptr1 = &y;
    printf("The value of y in test() directly is %d \n", y);
    printf("The value of y in test() indirectly is %d \n", *ptr1);
    return ptr1;
}

The output is:
The value of y in test() directly is 20
The value of y in test() indirectly is 20
This is what we got back in main(): 20

Short Summary: The above mentioned code has a user defined function which returns a pointer that holds the address of a variable(i.e.,y). This variable is assigned an absolute value of the integer passed to the function (i.e.,x)

My book " Computer Programming for Beginners" by A.J.Gonzalez states the following: The variable y will cease to exist after the function exits, so the address returned to the calling function will turn out too be meaningless. However the value held in its address will persist and can be retrieved through the pointer.

My question is : How did we come to this conclusion that a value held in the address will persist and can be retrieved through the pointer from the following printf statements:

1st statement: giving value directly using y.

2nd statement: using a pointer to give the value.

3rd statement: getting the value from main.

All that is all right but then from there how does one make the conclusion that the direct use variable loses its value but the indirectly used variable (i.e., the pointer ) retains its value ? I tried looking at past questions but could not find anything relevant.

Will be grateful for your help. Thank You.

Answer 1

This program is illustrating an effect of undefined behavior.

After test returns, the pointer value it returns points to a variable that no longer exists. Formally, this is undefined behavior which means that the C standard makes no guarantees what will happen when you attempt to use this pointer. In practice, the memory that was used by y was not yet overwritten by some other value so dereferencing the pointer will often yield the value that was stored there.

But again, there's no guarantee that will actually happen. As an example, if we change the main function as follows:

int main()
{
    int var = -20;
    int *ptr = NULL;
    ptr = test(var);
    printf("This is what we got back in main(): %d \n", *ptr);
    printf("%d %d %d %f\n", 1, 2, 3, 4.0);
    printf("This is what we got back in main(): %d \n", *ptr);
    return 0;
}

My machine outputs:

The value of y in test() directly is 20 
The value of y in test() indirectly is 20 
This is what we got back in main(): 20 
1 2 3 4.000000
This is what we got back in main(): 0 

Which demonstrates that the memory previously used by y has some other value.

The moral of the story: don't attempt to use a pointer to a variable which no longer exists.

Answer 2

The book's reasoning is somewhat correct, however it assumes an architecture that pushes parameters onto the stack, such as Intel.

What happens is that the location of y is not re-used until after its value has been retrieved through ptr of main to be pushed onto the stack for the call of printf.

However, an interrupt could re-use the location and so in general this is undefined behavior.

Note: this is used by compilers when returning a struct as function return. The compiler copies the struct variable of the called function to the struct of the caller, before anything else takes place, so the memory has not yet been re-used.

Answer 3

My question is : How did we come to this conclusion that a value held in the address will persist and can be retrieved through the pointer

The function returns an address where a variable used to be stored, very likely somewhere on the stack. But since that address is no longer valid, what the pointer now contains is indeterminate. Meaning there's no guarantees of anything any longer. And you can't de-reference that pointer any longer, this code here is bugged:

printf("This is what we got back in main(): %d \n", *ptr);

It could print anything or cause a program crash, it is so-called "undefined behavior" (as per C standard C17 6.2.4/2), see What is undefined behavior and how does it work?.

What conclusions can we draw from this? Only one, returning a pointer to a local scope variable from a function is bad and a bug.

Other than that, there's nothing else to reason about, no deterministic behavior, no interesting phenomenon to study or learn anything meaningful from. See Can a local variable's memory be accessed outside its scope?

Answer 4

The program in your book is erroneous, as the function test() returns a pointer that has been initialized to point to an automatic local variable (the variable y in test() itself) that has ceased to exist as soon as the program returned from test(). So trying to use the pointer to access the value pointed to by it is undefined behaviour and this makes your program probably crash, show weird behaviour (as you show in your post). You cannot predict the value returned by it, as the pointer is pointing to memory that has ceased being used for its original purpose, and now is used for a different thing. The output you get is that, but can be completely different, with just changing the compiler version, optimization options or the machine architecture.

A book trying to illustrate this, not warning you about the undefined behaviour stated by the language, is showing, at least, very bad pedagogical manners, and using bad code to teach unusable things. I cannot guess why the output of the program can be of interest for anything. So, please, correct me.