Why not initialize all variables to zero?

By: Linus Torvalds (torvalds.delete@this.linux-foundation.org), March 28, 2020 1:01 pm
Room: Moderated Discussions
Doug S (foo.delete@this.bar.bar) on March 28, 2020 11:21 am wrote:
>
> Is this an option you have considered for the kernel? What do you
> see as potential issues that might arise if you took that step?

It's been discussed quite a bit, and the main issues we've worried about is that in most cases, adding automatic zero initialization ends up then meaning that you lose the warnings about uninitialized variables.

And since we can't rely on it in general with all compiler versions, we really do want the warning, and we really can't just say "code that doesn't initialize is correct, because the compiler is initializing for us".

Similarly, because it's not a standard compiler option, some of the prototyping (and actual use) was/is done with gcc plugins, which ends up making people (very much including me) worried about stability - compiler plugins can be very powerful and useful, but they've also been a source of problems.

Using a compiler plugin also means that if there are inefficiencies (ie "look, the compiler should have seen that this wasn't necessary, because it ends up initializing it later"), you can't make a compiler bug report about it, because it's your own damn stupid plugin that introduces the problem, and the upstream compiler people - quite reasonably - will not care.

So people do use plugins, but honestly, I would never want to rely on them. They are for special cases, and for special cases only.

With modern clang builds, the compiler has a supported option, and you can already choose to enable it for the kernel. Except we then use the "pattern" option (which uses a 0xAA pattern to initialize instead of zero).

Using a non-zero pattern (that generally causes faults if it's used as a pointer, for example, but also shows up as a pattern in register contents etc if you use it) can be useful for debugging, but honestly, if it was an actual standard language feature I think zero initialization is a better model - because at that point it doesn't just help debugging, it can help simplifying the actual source code.

Since we can't rely on that "simply the source code", a magic pattern is better for us.

Anyway, if we were to have reliable zero-filling available to us with all the compilers we use for the kernel, I'd probably aim to eventually move us to a "special C" version where we just rely on that and don't consider uninitialized local variables to be a bug at all. We already obviously use "extended C" for the kernel rather than coding for some theoretical standard C model, so making that kind of extension wouldn't be a conceptual problem.

But realistically, with the speed that infrastructure changes like this move, that's at least five years away.

So in the meantime, we have the (imho inferior) "use a pattern for debugging and not leaking old stack contents" as an option, and we can't do the source level simplifications that would come from "local variables are initialized to zero, just like static ones are".

Linus
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Why not initialize all variables to zero?Doug S2020/03/26 12:13 PM
  Most (all?) modern programming languages do this, right?Mark Roulo2020/03/26 04:44 PM
    Most (all?) modern programming languages do this, right?Konrad Scharz2020/03/27 01:09 AM
      Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 03:13 AM
        Most (all?) modern programming languages do this, right?Foo_2020/03/27 03:45 AM
          Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 09:19 AM
            Most (all?) modern programming languages do this, right?Foo_2020/03/28 02:32 AM
              Most (all?) modern programming languages do this, right?Montaray Jack2020/03/28 10:26 AM
      Most (all?) modern programming languages do this, right?Jeff S.2020/03/27 07:22 AM
        Most (all?) modern programming languages do this, right?anonymou52020/03/27 01:08 PM
  Why not initialize all variables to zero?Etienne2020/03/27 01:56 AM
    Why not initialize all variables to zero?NoSpammer2020/03/27 02:31 AM
  Why not initialize all variables to zero?Carlie Coats2020/03/27 06:17 AM
    Why not initialize all variables to zero?Jukka Larja2020/03/27 10:14 PM
      Why not initialize all variables to zero?Anon2020/03/28 12:01 AM
        Why not initialize all variables to zero?Jukka Larja2020/03/28 08:25 AM
          Why not initialize all variables to zero?Anon2020/03/28 11:20 AM
            Why not initialize all variables to zero?Jukka Larja2020/03/28 11:45 AM
              Why not initialize all variables to zero?Anon2020/03/28 01:21 PM
                Why not initialize all variables to zero?Jukka Larja2020/03/28 09:49 PM
    Why not initialize all variables to zero?Doug S2020/03/28 11:27 AM
      Why not initialize all variables to zero?Anon2020/03/28 01:24 PM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 06:56 AM
  Why not initialize all variables to zero?Gabriele Svelto2020/03/27 06:52 AM
    Why not initialize all variables to zero?Foo_2020/03/28 02:34 AM
      Why not initialize all variables to zero?Linus Torvalds2020/03/28 09:40 AM
        Why not initialize all variables to zero?Doug S2020/03/28 11:21 AM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 01:01 PM
            Why not initialize all variables to zero?Etienne2020/04/02 01:14 AM
              Why not initialize all variables to zero?gallier22020/04/02 05:41 AM
              Why not initialize all variables to zero?Doug S2020/04/02 09:51 AM
        Why not initialize all variables to zero?Gabriele Svelto2020/03/28 01:46 PM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 04:28 PM
            Why not initialize all variables to zero?Anon32020/03/29 04:23 AM
            Why not initialize all variables to zero?Gabriele Svelto2020/03/29 12:28 PM
              Why not initialize all variables to zero?Anon32020/03/29 01:05 PM
                Why not initialize all variables to zero?Gabriele Svelto2020/03/30 12:52 AM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 07:03 AM
        Why not initialize all variables to zero?gallier22020/03/29 11:48 PM
          Why not initialize all variables to zero?Michael S2020/03/30 02:24 AM
            Why not initialize all variables to zero?gallier22020/03/30 03:11 AM
        Why not discard variables after last use?2020/03/31 08:02 AM
          Makes no sense at allHeikki Kultala2020/03/31 01:01 PM
            An example (maybe)Mark Roulo2020/03/31 04:07 PM
              An example (maybe)Doug S2020/04/01 11:01 AM
                An example (maybe)Simon Farnsworth2020/04/02 02:21 AM
            Why not discard variables after last use?2020/04/02 12:41 PM
    Why not initialize all variables to zero?j2020/03/28 09:16 AM
    Why not initialize all variables to zero?Montaray Jack2020/03/28 11:42 AM
  Why not initialize all variables to zero?blaine2020/03/27 01:23 PM
    Why not initialize all variables to zero?James2020/03/28 03:18 AM
      Why not initialize all variables to zero?Anon32020/03/28 05:14 AM
      Why not initialize all variables to zero?Doug S2020/03/28 11:32 AM
        Why not initialize all variables to zero?Anon32020/03/28 11:45 AM
    Why not initialize all variables to zero?gallier22020/03/30 12:03 AM
  Why not initialize all variables to zero?gallier22020/03/29 11:32 PM
    Why not initialize all variables to zero?Michael S2020/03/30 02:30 AM
      Why not initialize all variables to zero?gallier22020/03/30 03:45 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell purple?