The C Standard, 6.7.3.2 .1 paragraph 19 [ISO/IEC 9899:20112024], states
There may be unnamed padding within a structure object, but not at its beginning. . . . There may be unnamed padding at the end of a structure or union.
Subclause 6.7.911, paragraph 910, states that
unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value representation even after initialization.
The only exception is that padding bits are set to zero when a static or thread-local object is implicitly initialized (paragraph10paragraph 11):
If an object that has automatic static or thread storage duration is not initialized explicitly, its value is indeterminate. If an object that has static or thread storage duration is not initialized explicitly, then:or any object is initialized with an empty initializer, then it is subject to default initialization, which initializes an object as follows:
— if — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits;
— — if it is a union, the first named member is initialized (recursively) according to these rules, and any padding is initialized to zero bits;.
Because these padding values are unspecified, attempting a byte-by-byte comparison between structures can lead to incorrect results [Summit 1995].
...
Comparing padding bytes, when present, can lead to unexpected program behavior.
Rule | Severity | Likelihood | Detectable | Remediation CostRepairable | Priority | Level |
|---|---|---|---|---|---|---|
EXP42-C | Medium | Probable | Yes | YesMedium | P8P12 | L2L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| memcpy-with-padding | Partially checked | ||||||||||||
| Axivion Bauhaus Suite |
| CertC-EXP42 | |||||||||||||
| CodeSonar |
| BADFUNC.MEMCMP | Use of memcmp | ||||||||||||
| Cppcheck Premium |
| premium-cert-exp42-c | |||||||||||||
| Helix QAC |
| DF4726, DF4727, DF4728, DF4729 | |||||||||||||
| Klocwork |
| MISRA.STDLIB.MEMCMP.PTR_ARG_TYPES | |||||||||||||
| LDRA tool suite |
| 618 S | Partially implemented | Cppcheck | | Include Page | | Cppcheck_V | Cppcheck_Vcert.py | Detected by the addon cert.py Does not warn about global/static padding data as this is probably initialized to 0 | ||||||
| Parasoft C/C++test |
| CERT_C-EXP42-a | Don't memcpy or memcmp non-PODs | ||||||||||||
| PC-lint Plus |
| 958, 959 | Assistance provided: reports structures which require padding between members or after the last member | ||||||||||||
| Checks for memory comparison of padding data (rule fully covered) | ||||||||||||||
| PVS-Studio |
| V1103 | |||||||||||||
| RuleChecker |
| memcpy-with-padding | Partially checked | ||||||||||||
| TrustInSoft Analyzer |
| comparable_char_blocks | Exhaustively verified (see the compliant and the non-compliant example). |
...
Bibliography
| [ISO/IEC 9899:20112024] | 6.7.3.2.1, "Structure and Union Specifiers" 6.7.911, "Initialization" |
| [Summit 1995] | Question 2.8 Question 2.12 |
...