27-05-2009, 09:03 AM
It is somewhat complex to find this in the standard. First of all, you should know that objects with static duration are initialized to zero unless they are initialized explicitly by the programmer. This is true both for static variables declared at local scope, as well as all variables declared at file scope ("globals").
I can't cite 9899:1990, but here is from 9899:1999 (should be the same except chapter numbers):
So if you write something like
int array[5] = {0};
you can be sure that all elements are zero. If you write
int array[5] = {1,2,3};
you can be sure that the array contains data 1,2,3,0,0.
---
However, most safety-critical embedded system do not (and shall not) rely on static initialization.
The initialization of statics before startup, as enforced by ISO C, is usually removed in such systems, making
them non-standard (such systems therefore need a deviation from the first MISRA-C rule "follow ISO C").
This is done for two reasons:
- Safety-critical systems very often have non-volatile program memory. This means that the static init values
has to be copied down from non-volatile memory to RAM at startup, which steals execution time.
- From the point of startup to the point where the variable is used, days, weeks or years could have passed.
RAM should not be trusted to maintain its values for such long a time. Therefore, relying on static initialization
is frowned upon. Instead, safety-critical systems typically initialize all variables in "run-time" before they are
used, or alternatively copy-down values from flash to RAM repeatedly.
I can't cite 9899:1990, but here is from 9899:1999 (should be the same except chapter numbers):
Quote:6.7.8 Initialization
/--/
10
If an object that has automatic storage duration is not initialized explicitly, its value is
indeterminate. If an object that has static storage duration is not initialized explicitly,
then:
— if it has pointer type, it is initialized to a null pointer;
— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
— if it is an aggregate, every member is initialized (recursively) according to these rules;
— if it is a union, the first named member is initialized (recursively) according to these
rules.
/--/
19
The initialization shall occur in initializer list order, each initializer provided for a
particular subobject overriding any previously listed initializer for the same subobject; all
subobjects that are not initialized explicitly shall be initialized implicitly the same as
objects that have static storage duration.
So if you write something like
int array[5] = {0};
you can be sure that all elements are zero. If you write
int array[5] = {1,2,3};
you can be sure that the array contains data 1,2,3,0,0.
---
However, most safety-critical embedded system do not (and shall not) rely on static initialization.
The initialization of statics before startup, as enforced by ISO C, is usually removed in such systems, making
them non-standard (such systems therefore need a deviation from the first MISRA-C rule "follow ISO C").
This is done for two reasons:
- Safety-critical systems very often have non-volatile program memory. This means that the static init values
has to be copied down from non-volatile memory to RAM at startup, which steals execution time.
- From the point of startup to the point where the variable is used, days, weeks or years could have passed.
RAM should not be trusted to maintain its values for such long a time. Therefore, relying on static initialization
is frowned upon. Instead, safety-critical systems typically initialize all variables in "run-time" before they are
used, or alternatively copy-down values from flash to RAM repeatedly.
<t></t>