Hubbry Logo
.bss.bssMain
Open search
.bss
Community hub
.bss
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
.bss
.bss
.bss
View on Wikipedia
from Wikipedia

In computer programming, the block starting symbol (abbreviated to .bss or bss) is the portion of an object file, executable, or assembly language code that contains statically allocated variables that are declared but have not been assigned a value yet. It is often referred to as the "bss section" or "bss segment".

Typically only the length of the bss section, but no data, is stored in the object file. The program loader allocates memory for the bss section when it loads the program. By placing variables with no value in the .bss section, instead of the .data or .rodata section which require initial value data, the size of the object file is reduced.

On some platforms, some or all of the bss section is initialized to zeroes. Unix-like systems and Windows initialize the bss section to zero, which can thus be used for C and C++ statically allocated variables that are initialized to all zero bits. Operating systems may use a technique called zero-fill-on-demand to efficiently implement the bss segment.[1] In embedded software, the bss segment is mapped into memory that is initialized to zero by the C run-time system before main() is entered. Some C run-time systems may allow part of the bss segment not to be initialized; C variables must explicitly be placed into that portion of the bss segment.[2]

On some computer architectures, the application binary interface also supports an sbss segment for "small data". Typically, these data items can be accessed using shorter instructions that may only be able to access a certain range of addresses. Architectures supporting thread-local storage might use a tbss section for uninitialized, static data marked as thread-local.[3]

Origin

[edit]
This shows the typical layout of a simple computer's program memory with the text, various data, and stack and heap sections.

Historically, BSS (from Block Started by Symbol) is a pseudo-operation in UA-SAP (United Aircraft Symbolic Assembly Program), the assembler developed in the mid-1950s for the IBM 704 by Roy Nutt, Walter Ramshaw, and others at United Aircraft Corporation.[4][5] The BSS keyword was later incorporated into FORTRAN Assembly Program[6] (FAP) and Macro Assembly Program[7] (MAP), IBM's standard assemblers for its 709 and 7090/94 computers. It defined a label (i.e. symbol) and reserved a block of uninitialized space for a given number of words.[8] In this situation BSS served as a shorthand in place of individually reserving a number of separate smaller data locations. Some assemblers support a complementary or alternative directive BES, for Block Ended by Symbol, where the specified symbol corresponds to the end of the reserved block.[9]

BSS in C

[edit]

In C, statically allocated objects without an explicit initializer are initialized to zero (for arithmetic types) or a null pointer (for pointer types). Implementations of C typically represent zero values and null pointer values using a bit pattern consisting solely of zero-valued bits (despite filling bss with zero is not required by the C standard, all variables in .bss are required to be individually initialized to some sort of zeroes according to Section 6.7.8 of C ISO Standard 9899:1999 or section 6.7.9 for newer standards). Hence, the BSS segment typically includes all uninitialized objects (both variables and constants) declared at file scope (i.e., outside any function) as well as uninitialized static local variables (local variables declared with the static keyword); static local constants must be initialized at declaration, however, as they do not have a separate declaration, and thus are typically not in the BSS section, though they may be implicitly or explicitly initialized to zero. An implementation may also assign statically-allocated variables and constants initialized with a value consisting solely of zero-valued bits to the BSS section.

Peter van der Linden, a C programmer and author, says, "Some people like to remember it as 'Better Save Space'. Since the BSS segment only holds variables that don't have any value yet, it doesn't actually need to store the image of these variables. The size that BSS will require at runtime is recorded in the object file, but BSS (unlike the data segment) doesn't take up any actual space in the object file."[10]

BSS in Fortran

[edit]

In Fortran, common block variables are allocated in this segment.[11] Some compilers may, for 64-bit instruction sets, limit offsets, in instructions that access this segment, to 32 bits, limiting its size to 2 GB or 4 GB.[12][13][14] Also, note that Fortran does not require static data to be initialized to zero. On those systems where the bss segment is initialized to zero, putting common block variables and other static data into that segment guarantees that it will be zero, but for portability, programmers should not depend on that.

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

.bss

View on Grokipedia
from Grokipedia
In computer programming, the .bss section (short for "block started by symbol") is a portion of an object file, executable, or assembly language code that reserves space for uninitialized global and static variables, which are automatically set to zero by the operating system loader at program startup. This design optimizes file size, as the section contains no explicit data in the file itself—only metadata specifying the allocation size—avoiding the need to store redundant zero bytes that would otherwise inflate the binary. Originating in the 1950s from early assemblers like the United Aircraft Symbolic Assembly Program (UA-SAP), the term .bss derives from a pseudo-operation that defined blocks of memory starting at a specified symbol address. The .bss section plays a crucial role in memory layout for languages such as C and assembly, distinguishing it from the .data section (for initialized data) and the .text section (for code). In formats like ELF (Executable and Linkable Format), it is marked with type SHT_NOBITS, indicating it occupies no space on disk but requires allocation in writable memory (with attributes SHF_ALLOC and SHF_WRITE) during execution. Relocation entries for .bss symbols are typically stored in a separate .rel.bss section to adjust addresses at link or load time. This structure ensures efficient handling of static storage duration variables whose values are not provided by the programmer, supporting the program's memory image without unnecessary overhead.

Overview

Definition and Purpose

The .bss section, standing for "block started by symbol," is a dedicated segment in object files, executables, and assembly code that allocates space for global and static variables declared without explicit initialization, treating them as zero-initialized. In formats like ELF, it is defined as holding uninitialized data that contributes to the program's memory image, with the system responsible for zero-filling the area upon loading. The primary purpose of the .bss section is to efficiently reserve memory for such variables without embedding their zero values directly in the object file, which would unnecessarily inflate its size. Instead, the section uses a special type (SHT_NOBITS in ELF) that occupies no on-disk space but specifies the required memory allocation, allowing the loader or operating system to initialize it to zeros at runtime. This approach optimizes storage and loading, particularly for large arrays or blocks of uninitialized data. Unlike the .data section, which stores global and static variables with explicit non-zero initial values embedded in the file (using SHT_PROGBITS in ELF), the .bss section is exclusively for uninitialized or zero-initialized items, ensuring a clear separation that facilitates efficient program execution and debugging. For example, in a C program compiled with GCC, the declaration static int count; results in the variable being placed in .bss, where it defaults to zero without storing that value in the object file.

Key Characteristics

The .bss section is characterized by its type SHT_NOBITS in the Executable and Linking Format (ELF), which means it occupies no physical space within the object file or executable binary itself. Instead, only the size of the section is recorded in the file's section header, and the operating system loader allocates the corresponding memory at runtime, typically as part of the data segment in the program's virtual address space. This design ensures that the file remains compact while reserving space for uninitialized data that will be populated during program execution. All variables placed in the .bss section are implicitly initialized to zero by the operating system when the program starts, without requiring explicit zero values in the source code. However, for variables explicitly initialized to zero (such as int x = 0;), many compilers, including GCC, optimize by placing them in .bss rather than the .data section to further reduce file size, though this behavior can be disabled with options like -fno-zero-initialized-in-bss. This implicit zero-filling occurs automatically as part of the loader's process, ensuring predictable starting values for uninitialized storage. The .bss section primarily accommodates file-scope global variables and static variables that lack explicit initialization, including static variables declared within functions, which are effectively treated as globals with limited visibility. This scoping ensures that such variables persist across function calls and maintain their zero-initialized state throughout the program's lifetime. In terms of structure, the .bss section is typically aligned to word boundaries (such as 4 or 8 bytes, depending on the architecture) via the section header's sh_addralign field, which must be a power of two, and its total size is often rounded up to the next alignment boundary for efficient memory access. In the standard virtual memory layout of a program, .bss follows immediately after the .data segment, extending the data segment's memory image and contributing to the difference between the segment's file size (p_filesz) and memory size (p_memsz) in ELF program headers.

Historical Development

Origins in Early Computing

The .bss section traces its origins to early assemblers developed for IBM mainframe computers in the 1950s. The acronym "BSS" stands for "Block Started by Symbol," a pseudo-operation first introduced in the United Aircraft Symbolic Assembly Program (UA-SAP) for the IBM 704 around 1956. This directive was later adopted in assemblers like the FORTRAN Assembly Program (FAP) for the IBM 709 and 7090 systems in 1959. It enabled programmers to allocate blocks of consecutive memory locations for uninitialized data or working storage without generating explicit binary output in the object code. The BSS operation addressed limitations in the era's resource-constrained environments by optimizing object file size and assembly efficiency, as it simply advanced the location counter by the specified amount, leaving initialization—typically to zero—to the loader at program execution time. This was particularly important on systems like the IBM 704 and 7090/7094, where memory and I/O resources were limited. In practice, the directive was used in assembly code with a format such as symbol BSS expression, where the optional symbol defined the starting address and the absolute expression specified the block size in words. For instance, BUFFER BSS 100 reserved 100 words beginning at the location labeled BUFFER, without storing any values. The first documentation of BSS appears in manuals from UA-SAP in the mid-1950s, with further elaboration in IBM's FAP manuals from the early 1960s, reflecting its roots in early symbolic assembly programming where space conservation was paramount for batch processing and program portability. As IBM transitioned to the System/360 architecture in 1964, the BSS concept influenced subsequent assemblers, though the specific directive was replaced by equivalents like the DS (Define Storage) instruction in Basic Assembler Language (BAL) to achieve similar uninitialized reservation.

Adoption and Evolution in Unix-like Systems

The .bss section was introduced to Unix in the early 1970s through PDP-11 assemblers, where it served as a dedicated portion of object files for uninitialized data, building on earlier computing conventions to optimize memory usage in resource-constrained environments. This integration aligned with the development of the first PDP-11 Unix versions around 1972, enabling efficient handling of global and static variables without explicit initialization in the binary. By Version 6 Unix, released in May 1975, the .bss mechanism was standardized within the a.out object file format, specifying a fixed field for the size of uninitialized data to ensure consistent loading across systems. The evolution continued with AT&T Unix System V in 1983, where .bss was formalized as a standard section in the Common Object File Format (COFF), replacing the simpler a.out structure for better support on diverse 32-bit architectures like the 3B20. This shift improved relocation and section management, allowing .bss to represent uninitialized data without bloating file sizes. In the 1990s, as Linux gained prominence, .bss was adapted into the Executable and Linkable Format (ELF), adopted widely by mid-decade for enhanced portability and extensibility across Unix-like systems; ELF treats .bss as a NOBITS section, allocating memory at runtime without storing zeros on disk. Brian Kernighan and Dennis Ritchie's "The C Programming Language" (1978) played a pivotal role in spreading .bss concepts, as the book described external and static variables as implicitly zero-initialized if unspecified, aligning with Unix's .bss handling and influencing C's adoption in Unix development. As of 2025, .bss remains a core element in POSIX-compliant systems, integral to ELF executables for efficient memory mapping. In Apple ecosystems, enhancements via LLVM and the Mach-O format since the 2000s refined .bss as the __bss section, supporting zero-initialization for uninitialized statics while integrating with code-signing and ARM architectures. Early Unix loaders explicitly cleared the .bss section to zero during program execution, a necessity driven by hardware limitations where reused memory from prior processes was not guaranteed to be cleared, ensuring security and predictable behavior on PDP-11 systems. This practice, rooted in the a.out loader's design, persists in some embedded Unix-like systems to mitigate risks from non-zeroed RAM.

Usage in Programming Languages

In C and C++

In C and C++, the .bss section is used by compilers such as GCC and Clang to store global and static variables that lack an explicit initializer, ensuring they are zero-initialized at program startup. For example, a declaration like int global_var; places the variable in .bss, where the runtime environment or startup code initializes it to zero before main() executes, as required by the C standard for objects with static storage duration. This behavior optimizes executable size by avoiding storage of explicit zero values in the file. Variables explicitly initialized to zero, such as int global_var = 0;, are by default placed in .bss by GCC to leverage the same zero-filling mechanism, though the -fno-zero-initialized-in-bss flag can redirect them to the .data section if needed for specific linking or debugging requirements. In contrast, non-zero initializations always go to .data. This placement applies uniformly to both global variables and those declared static within functions or at file scope. In C++, the same principles extend to static data members of classes and global variables within namespaces, which also receive static storage duration and are thus allocated in .bss if uninitialized or zero-initialized. Namespaces do not alter this section placement, treating enclosed globals as standard file-scope entities. Program startup performs zero-initialization for all such objects before any dynamic initialization occurs. Developers can manually direct variables to .bss using GCC's __attribute__((section(".bss"))) on global or static declarations, overriding default compiler decisions for custom section layouts in object files. The following example illustrates .bss usage in C:

c

#include <stdio.h> int bss_var; // Placed in .bss int main() { printf("Value of bss_var: %d\n", bss_var); // Outputs 0 return 0; }

#include <stdio.h> int bss_var; // Placed in .bss int main() { printf("Value of bss_var: %d\n", bss_var); // Outputs 0 return 0; }

When compiled with GCC (e.g., gcc -o example example.c) and inspected via objdump -h example, the output shows bss_var contributing to the size of the .bss section, confirming its placement for zero-initialization at runtime. C99 and C11 introduce tentative definitions, allowing multiple declarations of the same global variable without initializers across translation units (e.g., extern int shared_var; in headers and int shared_var; in one source file); these are resolved into a single .bss allocation at link time, with the tentative ones acting as declarations unless an actual definition appears. This mechanism supports modular code without duplication errors, provided exactly one definition exists.

In Assembly Languages

In assembly languages, the .bss section is defined using specific directives in popular assemblers such as NASM and the GNU Assembler (GAS). In NASM, programmers initiate the .bss section with the section .bss directive, followed by space reservation using pseudo-instructions like resb for bytes, resw for words (typically 16 bits), resd for double words (32 bits), or resq for quad words (64 bits). In GAS, the equivalent is .section .bss to switch to the section, with space allocated via .space or .zero directives specifying the number of bytes, ensuring no initial values are stored in the output file. Across architectures, the .bss usage remains consistent in GNU tools, though segment naming aligns with the target. For x86, it traditionally maps to the bss segment in flat memory models. On ARM and RISC-V architectures, GAS employs the same .section .bss directive, reserving uninitialized space that the runtime environment (e.g., loader) zeros out. During linking, symbols declared in the .bss section, such as global_var: resd 1 in NASM, receive assigned addresses in the final executable but contribute no binary content to the object file, as their space is implicitly zero-filled by the operating system loader to optimize file size. A representative example in NASM for an ELF output targets a 1KB buffer:

section .bss buffer resb 1024

section .bss buffer resb 1024

This reserves 1024 bytes at runtime without embedding zeros in the linked binary. The .bss concept originated as the "Block Started by Symbol" (BSS) pseudo-operation in early IBM assemblers, such as the FORTRAN Assembly Program (FAP) for the IBM 709/7090, where it reserved storage without initialization. In modern contexts, it is widely used in operating system kernel development to allocate uninitialized global data structures, as seen in educational examples where the .bss segment is explicitly cleared during boot to ensure zero initialization.

In Fortran

In Fortran, uninitialized data structures such as COMMON blocks and SAVE variables are typically mapped to the .bss section during compilation and linking, where they are allocated space but not explicitly stored in the executable file, relying on runtime zero-initialization by the operating system. For instance, a declaration like COMMON /BLOCK/ VAR without prior initialization places VAR in .bss, allowing shared access across program units while conserving file size for large arrays common in numerical simulations. This approach differs from C, where global variables are explicitly declared; in Fortran, COMMON blocks serve to simulate global storage in a block-oriented manner, and .bss handles zero-initialization for extensive arrays or module data to optimize memory usage in scientific applications. Compilers like gfortran and Intel Fortran Compiler (ifort/ifx) place uninitialized EQUIVALENCE sets or MODULE variables—such as INTEGER :: arr(100) in a module without assignment—into .bss, with the linker allocating contiguous space based on the largest declaration size. Like C compilers, they place zero-initialized variables in .bss by default. Historically, (standardized in 1978) introduced BSS-like storage for blank (unnamed) COMMON blocks, which provided implicit zero-initialization for shared uninitialized across subroutines, evolving in Fortran 90 and later standards to support modules as a more structured alternative to COMMON for encapsulating such variables.

fortran

MODULE example_mod IMPLICIT NONE INTEGER, SAVE :: arr(100) ! Uninitialized; placed in .bss by linker END MODULE example_mod PROGRAM main USE example_mod ! arr is zero-initialized at runtime via .bss PRINT *, arr(1) ! Outputs 0 END PROGRAM main

MODULE example_mod IMPLICIT NONE INTEGER, SAVE :: arr(100) ! Uninitialized; placed in .bss by linker END MODULE example_mod PROGRAM main USE example_mod ! arr is zero-initialized at runtime via .bss PRINT *, arr(1) ! Outputs 0 END PROGRAM main

This example illustrates how module data without explicit values contributes to .bss, ensuring efficient loading for compute-intensive tasks.

In Other Languages and Systems

In Rust, static variables initialized to zero are placed in the .bss section to leverage runtime zero-initialization by the operating system or startup code in bare-metal environments. For mutable statics using static mut or crates like lazy_static!, developers can target the .bss section explicitly via custom linker scripts, which is common in embedded Rust applications to optimize memory layout. For example, the declaration static mut BUFFER: [u8; 256] = [0; 256]; allocates a zero-initialized byte array in .bss, mapping to assembly as a symbol in that section without storing zeros in the binary. In embedded systems, such as those using GCC for AVR microcontrollers, the .bss section holds uninitialized global and static variables allocated in RAM, but without an operating system, zero-initialization must be performed manually in the startup code before reaching main(). This approach avoids including zero values in the firmware image, reducing flash usage, though the startup routine—often written in assembly—must loop to clear the .bss region explicitly. The Java Virtual Machine (JVM) does not natively employ a .bss section, as it manages memory through garbage collection and does not produce object files with traditional sections like ELF. However, when Java applications interface with native code via the Java Native Interface (JNI), the underlying C or C++ libraries can use .bss for uninitialized data in their ELF binaries, emulating standard C behavior during interoperation. In the Go programming language, introduced in 2009, uninitialized global variables are allocated in an equivalent of the .bss section within ELF object files, where the runtime or loader handles zero-initialization to maintain efficiency similar to C conventions. This placement ensures that globals without explicit values do not inflate the binary size, with Go's linker managing the section for static storage duration objects.

Implementation in Object File Formats

In ELF Format

In the Executable and Linking Format (ELF), the .bss section is defined within the section header table as a dedicated entry with specific attributes that distinguish it from other sections containing initialized data. The section header structure includes sh_name set to the string ".bss", sh_type assigned to SHT_NOBITS to indicate that it occupies no space in the file itself, and sh_flags configured with SHF_ALLOC to mark it for allocation in memory at runtime along with SHF_WRITE to permit modifications by the program. This design ensures that uninitialized global and static variables are represented without storing explicit zero values in the binary, thereby reducing file size while reserving the necessary memory space. During the loading process, the .bss section is incorporated into a loadable program header entry of type PT_LOAD, which maps the relevant portions of the file into memory. For such segments, the p_filesz field reflects only the size of the actual file data (which is 0 for .bss due to its SHT_NOBITS type), while p_memsz specifies the full memory allocation, including the .bss contribution to ensure the loader zeros out the extended region. The ELF format, introduced in 1992 as part of UNIX System V Release 4 (SVR4) development by UNIX System Laboratories, supports both 32-bit and 64-bit addressing, allowing .bss sections to handle large-scale allocations in modern systems. Alignment for the .bss section is typically set to 8 bytes in 64-bit ELF files to match common data type requirements, as specified in the sh_addralign field of the section header. Tools like readelf and objdump provide visibility into the .bss section without revealing any file-stored data, confirming its zero-initialization occurs solely at load time. For instance, running readelf -S on an ELF object file displays the .bss entry with its sh_size (the total memory size for uninitialized variables), sh_type as NOBITS, and sh_offset as 0, indicating no on-disk content. Similarly, objdump -h lists the section with a size but no associated dump output, underscoring the absence of explicit zeros in the file. An example ELF section header for .bss in a 64-bit object file might appear as follows in hexadecimal dump or structural representation (excerpted and simplified for clarity):

Section Header (.bss): sh_name: 0x[ index to ".bss" in string table ] sh_type: 0x8 (SHT_NOBITS) sh_flags: 0x3 (SHF_WRITE | SHF_ALLOC) sh_addr: 0x[ virtual address, e.g., 0x601000 ] sh_offset: 0x0 sh_size: 0x[ size in bytes, e.g., 0x100 for 256 bytes of uninitialized space ] sh_link: 0x0 sh_info: 0x0 sh_addralign: 0x8 sh_entsize: 0x0

Section Header (.bss): sh_name: 0x[ index to ".bss" in string table ] sh_type: 0x8 (SHT_NOBITS) sh_flags: 0x3 (SHF_WRITE | SHF_ALLOC) sh_addr: 0x[ virtual address, e.g., 0x601000 ] sh_offset: 0x0 sh_size: 0x[ size in bytes, e.g., 0x100 for 256 bytes of uninitialized space ] sh_link: 0x0 sh_info: 0x0 sh_addralign: 0x8 sh_entsize: 0x0

Here, sh_size is calculated by the linker as the aggregate size of all uninitialized variables (e.g., global arrays or buffers declared without initializers ), ensuring precise reservation without inflating the file. This structure exemplifies how ELF optimizes for runtime efficiency in Unix-like systems.

In COFF and PE Formats

In the Common Object File Format (COFF), the .bss section is designated for uninitialized , such as global and static variables that are not explicitly initialized in the source code. This section bears the name ".bss" in the section header and is flagged with the characteristic IMAGE_SCN_CNT_UNINITIALIZED_DATA, which has a value of 0x00000080, indicating that it contains uninitialized without any corresponding raw stored in the file itself. Developed by AT&T Bell Laboratories in the 1980s as part of early Unix object file formats and formalized in Unix System V, COFF provided a structured way to handle relocatable object code, with .bss enabling efficient representation of zero-initialized blocks. Unlike sections for initialized data (e.g., .data), the .bss section omits raw file content to conserve disk space; instead, the loader allocates memory at runtime and initializes it to zero. In the COFF section table, the entry for .bss specifies a VirtualSize field that denotes the total size of the uninitialized data in memory, while the SizeOfRawData and PointerToRawData fields are both set to 0, reflecting the absence of file-backed data. For example, a typical COFF section header for .bss might appear as follows in a hexadecimal dump or tool output:
FieldValue (Example)Description
Name.bssSection identifier
VirtualSize0x00001000Size in memory (e.g., 4 KB)
VirtualAddress0x00400000RVA in loaded image
SizeOfRawData0x00000000No raw data in file
PointerToRawData0x00000000No file offset
Characteristics0xC0000080Includes IMAGE_SCN_CNT_UNINITIALIZED_DATA (0x80), plus read/write/memory flags
This structure ensures that the operating system reserves the appropriate memory space without duplicating zero values on disk. The Portable Executable (PE) format, an extension of COFF introduced by Microsoft in the early 1990s for Win32 executables and standardized with Windows NT, retains the .bss section as a dedicated uninitialized data area. In PE files, the .bss section follows the same COFF conventions, with its size also reflected in the optional header's SizeOfUninitializedData field, which aggregates uninitialized data across sections if multiple exist. The Windows loader maps .bss into the process's virtual address space, zeroing it before execution, typically combining it with read/write permissions (IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE). Microsoft Visual C++ (MSVC) compilers place uninitialized global and static variables into the .bss section during linking, optimizing for the PE format's requirements; developers can explicitly control this via the #pragma bss_seg directive to direct uninitialized data to a custom-named section. Tools like dumpbin, part of the Visual Studio toolchain, can inspect this placement—running dumpbin /headers on a PE executable reveals the .bss section's virtual size and address in the section headers output, confirming its role without displaying raw contents due to the zeroed nature. This integration supports efficient loading in Windows environments, where .bss contributes to the overall image size in memory but not on disk.

In Mach-O Format

In the Mach-O file format used by macOS and iOS, the .bss equivalent is represented primarily through the __bss and __common sections within the __DATA segment. The __bss section holds uninitialized static variables, such as those declared with static int var;, ensuring they are zero-initialized at runtime per C/C++ standards. In contrast, the __common section accommodates tentative definitions for uninitialized external global variables, like int var; at file scope, which are resolved and zeroed during linking and loading. Both sections employ the section type S_ZEROFILL (value 0x1), which signifies zero-fill-on-demand semantics, meaning no actual data is stored in the file itself to save space; instead, the sections indicate the size and alignment required for allocation. This flag distinguishes them from regular sections (S_REGULAR), as S_ZEROFILL sections lack file backing and are flagged as writable but non-executable in the __DATA segment. During program loading, the dynamic linker dyld processes the Mach-O file's load commands to map segments into virtual memory. For S_ZEROFILL sections like __bss and __common, dyld allocates the specified memory region in the process's address space and initializes it to zero only when first accessed (read or write), leveraging the operating system's demand-paging mechanism for efficiency. This on-demand zero-filling avoids unnecessary memory operations for unused variables, and the sections support copy-on-write sharing across processes until modification. Mach-O's support for universal (fat) binaries further enhances this by embedding multiple architectures (e.g., x86_64 and arm64) in a single file, with dyld selecting and loading the appropriate __DATA segment variant based on the host CPU, ensuring seamless multi-architecture handling for .bss data. Developers can inspect these sections using tools like otool, where the command otool -l executable displays the load commands, including segment details and section types such as S_ZEROFILL for __bss. In Xcode, the compiler and linker automatically place eligible uninitialized static and global variables into these sections during object file generation and final linking. The Mach-O format evolved from the Mach kernel developed in the 1980s at Carnegie Mellon University, with the full format introduced in the late 1980s for NeXT systems and adopted by Apple in macOS; optimizations for .bss handling, including better alignment and zerofill efficiency, were refined in the 2010s alongside ARM64 support for iOS devices. A representative example of the relevant load command structure for the __DATA,__bss section follows a 64-bit segment command (LC_SEGMENT_64), which includes a section header with fields like sectname set to "__bss", segname to "__DATA", flags including S_ZEROFILL, addr and size for virtual allocation, and align typically as a power of 2 (e.g., 3 for 8-byte alignment).

struct segment_command_64 { uint32_t cmd; // LC_SEGMENT_64 uint32_t cmdsize; // sizeof this command (e.g., 552 for multiple sections) char segname[16]; // "__DATA" uint64_t vmaddr; // Virtual memory address uint64_t vmsize; // Total size of segment uint64_t fileoff; // File offset (0 for zerofill parts) uint64_t filesize; // File size (0 for zerofill) uint32_t maxprot; // Maximum permissions uint32_t initprot; // Initial permissions (e.g., VM_PROT_READ | VM_PROT_WRITE) uint32_t nsects; // Number of sections (1+) uint32_t flags; // Segment flags // Followed by nsects * section_64 structures }; struct section_64 { char sectname[16]; // "__bss" char segname[16]; // "__DATA" uint64_t addr; // Virtual address of section uint64_t size; // Size in bytes uint32_t offset; // File offset (0 for S_ZEROFILL) uint32_t align; // Log2 of alignment (e.g., 3 for 8 bytes) uint32_t reloff; // Relocation offset (usually 0) uint32_t nreloc; // Number of relocations (0) uint32_t flags; // Section type: 0x1 (S_ZEROFILL) // Additional reserved fields... };

struct segment_command_64 { uint32_t cmd; // LC_SEGMENT_64 uint32_t cmdsize; // sizeof this command (e.g., 552 for multiple sections) char segname[16]; // "__DATA" uint64_t vmaddr; // Virtual memory address uint64_t vmsize; // Total size of segment uint64_t fileoff; // File offset (0 for zerofill parts) uint64_t filesize; // File size (0 for zerofill) uint32_t maxprot; // Maximum permissions uint32_t initprot; // Initial permissions (e.g., VM_PROT_READ | VM_PROT_WRITE) uint32_t nsects; // Number of sections (1+) uint32_t flags; // Segment flags // Followed by nsects * section_64 structures }; struct section_64 { char sectname[16]; // "__bss" char segname[16]; // "__DATA" uint64_t addr; // Virtual address of section uint64_t size; // Size in bytes uint32_t offset; // File offset (0 for S_ZEROFILL) uint32_t align; // Log2 of alignment (e.g., 3 for 8 bytes) uint32_t reloff; // Relocation offset (usually 0) uint32_t nreloc; // Number of relocations (0) uint32_t flags; // Section type: 0x1 (S_ZEROFILL) // Additional reserved fields... };

Advantages and Considerations

Benefits for Memory Efficiency

The .bss section enhances memory efficiency by significantly reducing the size of executable files, as it omits storage of the actual zero bytes on disk and instead records only the section's size in the object file headers. This approach, defined by the ELF format's SHT_NOBITS type, ensures that uninitialized data contributes to the program's runtime memory image without occupying file space, allowing linkers to represent large blocks of zeros with minimal overhead. For instance, a 1 MB array declared in .bss typically adds just 8 bytes to the binary for the size field in 64-bit systems, in contrast to a full 1 MB allocation in the .data section for initialized variables. This space-saving mechanism is especially valuable in embedded systems with constrained storage, such as microcontrollers, where avoiding redundant zero storage in ROM or FLASH prevents unnecessary increases in firmware size and supports efficient deployment on resource-limited hardware. In Linux environments, the .bss section can accommodate gigabytes of virtual memory for large uninitialized buffers—common in applications like simulations and games—without inflating the executable file, leveraging the operating system's virtual addressing to allocate space only as needed. Additionally, .bss improves load time efficiency, as the operating system zero-initializes the section via memory mapping rather than copying data from the file, a process accelerated by demand paging where pages are filled with zeros upon first access. This design, rooted in Unix traditions since the 1980s, facilitates sparse memory allocation in virtual address spaces by reserving address ranges without physical backing until runtime, optimizing both file I/O and initial program startup.

Limitations and Common Pitfalls

The .bss section relies on the runtime environment or startup code for zero-initialization of its variables, which poses challenges in freestanding implementations without an operating system. In such environments, like embedded systems or kernel development, there is no automatic zeroing by the OS loader; developers must explicitly clear the .bss section in the program's entry code, such as using a memset operation on the section's bounds. For instance, the Linux kernel manually zeros its .bss during early boot using assembly code in arch/x86/boot/header.S to clear the section with rep stosl instructions, ensuring uninitialized static data starts at zero without depending on external mechanisms. Global and static variables placed in .bss across multiple compilation units (translation units) have no guaranteed initialization order, as specified in the C and C++ standards. This indeterminacy can result in the static initialization order fiasco, where a variable in one unit depends on another in a different unit that may not yet be constructed, leading to undefined behavior or crashes during program startup. Within a single translation unit, initialization proceeds in declaration order, but inter-unit sequencing remains unspecified to allow linker flexibility. A frequent pitfall arises from assuming .bss variables begin with arbitrary non-zero values, similar to uninitialized local variables on the stack; in reality, they are zeroed, which can cause bugs in code that conditionally initializes based on non-zero checks or expects garbage values for debugging. For example, logic like if (global_var != 0) { /* assume already set */ } may skip necessary setup, propagating zeros incorrectly through the program. In multi-threaded applications, .bss-hosted static variables are shared across threads, introducing race conditions on concurrent reads or writes without synchronization, even though C++11 mandates thread-safe initialization for function-local statics. Violations of the strict aliasing rule when using pointers to .bss variables can trigger erroneous optimizations in compilers like GCC. During the 2010s, GCC versions such as 4.4 enforced stricter aliasing at -O2, assuming incompatible pointer types (e.g., casting a pointer to a .bss int to char*) do not overlap, which led to bugs where updates via one pointer were ignored, returning stale or null values in structures. To mitigate, developers often use -fno-strict-aliasing or type-compatible accesses, though this reduces optimization potential. Consider this example of a race condition with an uninitialized static variable in .bss, accessed concurrently:

cpp

#include <thread> #include <vector> #include <iostream> static int counter; // Placed in .bss, zero-initialized void increment() { for (int i = 0; i < 1000; ++i) { ++counter; // Race: concurrent increments may lose updates } } int main() { std::vector<std::thread> threads; for (int i = 0; i < 10; ++i) { threads.emplace_back(increment); } for (auto& t : threads) { t.join(); } std::cout << "Counter: " << counter << std::endl; // Expected: 10000, but often less due to races return 0; }

#include <thread> #include <vector> #include <iostream> static int counter; // Placed in .bss, zero-initialized void increment() { for (int i = 0; i < 1000; ++i) { ++counter; // Race: concurrent increments may lose updates } } int main() { std::vector<std::thread> threads; for (int i = 0; i < 10; ++i) { threads.emplace_back(increment); } for (auto& t : threads) { t.join(); } std::cout << "Counter: " << counter << std::endl; // Expected: 10000, but often less due to races return 0; }

The final counter value is typically below 10,000 because unsynchronized increments cause lost updates. To fix while avoiding .bss for the variable (e.g., if non-zero initialization is needed), declare it in .data with explicit zero and use atomic operations:

cpp

#include <atomic> int counter = 0; // Placed in .data, explicitly initialized void increment() { for (int i = 0; i < 1000; ++i) { ++counter; // Still races without atomic } } // Better: use std::atomic for thread-safety std::atomic<int> atomic_counter{0}; // Thread-safe increments

#include <atomic> int counter = 0; // Placed in .data, explicitly initialized void increment() { for (int i = 0; i < 1000; ++i) { ++counter; // Still races without atomic } } // Better: use std::atomic for thread-safety std::atomic<int> atomic_counter{0}; // Thread-safe increments

Using .data ensures the initializer is stored in the binary, providing persistence without runtime zeroing reliance, though synchronization remains essential for multi-threaded access.

References

  1. https://refspecs.linuxfoundation.org/LSB_1.1.0/gLSB/specialsections.html
  2. https://gcc.gnu.org/onlinedocs/gcc-6.2.0/gccint/Sections.html
  3. https://courses.cs.washington.edu/courses/cse351/12wi/lecture-slides/lecture-5.pdf
  4. https://web.mit.edu/gnu/doc/html/as_4.html
  5. https://www.cs.princeton.edu/courses/archive/spr04/cos217/lectures/IA32-II.pdf
  6. https://refspecs.linuxfoundation.org/elf/elf.pdf
  7. https://man7.org/linux/man-pages/man5/elf.5.html
  8. https://man7.org/linux/man-pages/man1/gcc.1.html
  9. https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
  10. https://docs.oracle.com/cd/E23824_01/html/819-0690/chapter7-1.html
  11. https://archive.computerhistory.org/resources/text/Fortran/102663110.05.01.acc.pdf
  12. http://bitsavers.informatik.uni-stuttgart.de/pdf/ibm/7090/GC28-6392-4_MAP_Dec66.pdf
  13. http://www.bitsavers.org/pdf/ibm/360/asm/C28-6514-5_IBM_System_360_Assembler_Language_Level_E_F_Dec67.pdf
  14. https://wolfram.schneider.org/bsd/7thEdManVol2/assembler/assembler.html
  15. https://www.nokia.com/bell-labs/about/dennis-m-ritchie/hist.html
  16. https://cs3210.cc.gatech.edu/r/unix6.pdf
  17. https://www.ti.com/lit/pdf/spraao8
  18. https://developer.apple.com/library/archive/documentation/Performance/Conceptual/CodeFootprint/Articles/MachOOverview.html
  19. https://retrocomputing.stackexchange.com/questions/31396/why-did-ancient-unix-perform-bss-segment-initialization
  20. https://www.dii.uchile.cl/~daespino/files/Iso_C_1999_definition.pdf
  21. https://learn.microsoft.com/en-us/cpp/cpp/static-members-cpp?view=msvc-170
  22. https://sourceware.org/binutils/docs/as/Section.html
  23. https://neilklingensmith.com/teaching/loyola/cs310-s2021/homework/clearbss.pdf
  24. https://maskray.me/blog/2022-02-06-all-about-common-symbols
  25. https://www.silverfrost.com/ftn95-help/slink/virtual_common.aspx
  26. https://www.intel.com/content/www/us/en/docs/fortran-compiler/developer-guide-reference/2024-1/fzero-initialized-in-bss-qzero-initialized-in-bss.html
  27. https://docs.oracle.com/cd/E19957-01/805-4939/6j4m0vn7v/index.html
  28. https://www.intel.com/content/www/us/en/docs/fortran-compiler/developer-guide-reference/2025-0/common.html
  29. https://doc.rust-lang.org/reference/items/static-items.html
  30. https://interrupt.memfault.com/blog/zero-to-main-rust-1
  31. https://mcuoneclipse.com/2013/04/14/text-data-and-bss-code-and-data-size-explained/
  32. https://www.embedded.com/programming-embedded-systems-startup-code-and-the-world-before-main/
  33. https://docs.oracle.com/javase/8/docs/technotes/guides/jni/spec/intro.html
  34. https://www.baeldung.com/jni
  35. https://golang.org/issue/47168
  36. https://golang.org/src/runtime/mbitmap.go
  37. https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
  38. https://learn.microsoft.com/en-us/archive/msdn-magazine/2002/february/inside-windows-win32-portable-executable-file-format-in-detail
  39. https://learn.microsoft.com/en-us/cpp/preprocessor/bss-seg?view=msvc-170
  40. https://learn.microsoft.com/en-us/cpp/build/reference/headers?view=msvc-170
  41. https://www.blackhat.com/presentations/bh-dc-09/Iozzo/BlackHat-DC-09-Iozzo-let-your-mach0-fly-whitepaper.pdf
  42. https://www.kernel.org/doc/man-pages/online/pages/man5/elf.5.html
  43. https://www.ti.com/lit/pdf/slaa534
  44. https://www-users.cse.umn.edu/~smccaman/courses/8980/spring2020/lectures/04-elf-v2-8up.pdf
  45. https://notes.shichao.io/tlpi/ch6/
  46. https://0xax.gitbook.io/linux-insides/summary/booting/linux-bootstrap-1
  47. https://github.com/torvalds/linux/blob/master/arch/x86/boot/header.S
  48. https://en.cppreference.com/w/cpp/language/siof.html
  49. https://en.cppreference.com/w/cpp/language/initialization.html
  50. https://jeffreystedfast.blogspot.com/2010/01/weird-bugs-due-to-gcc-44-and-strict.html
Add your contribution
Related Hubs
User Avatar
No comments yet.