Why not initialize all variables to zero?

By: gallier2 (gallier2.delete@this.gmx.de), March 29, 2020 11:32 pm
Room: Moderated Discussions
Doug S (foo.delete@this.bar.bar) on March 26, 2020 12:13 pm wrote:
> Its 2020 and exploits involving uninitialized variables are still very much a thing. Why in the
> world should that still be true, or more to the point why aren't we doing more about it?
>
> Is there any reason compilers shouldn't automatically zero all stack variables (as is already the case
> for global/extern/static variables) unless an explicit assignment was given in its declaration?
>
> In the past there may have been some reasonable objections about performance, but is that really an issue
> any longer? Any current compiler could easily remove most of the unnecessary zeroing instructions when
> it would detect the variable was assigned before use, so there would be few such assignments remaining.
> Unless you had a function with many large stack variables and/or was called many many times, the performance
> impact would be impossible to measure. For cases where it is, or for those who value absolute performance
> and trust their code the compiler would of course provide a switch to turn off this behavior.
>
> Now I don't claim this would completely cure the issue, as you can assign variables created via malloc, re-use
> variables without clearing them etc., but it would go a long way towards fixing the main source of uninitialized
> variables - which aren't a problem simply for exploits but also bugs and inconsistent behavior in general.
> How many man years of effort are wasted each year trying to track down such bugs, or worse trying and failing
> to do so? Personally I wouldn't mind a compiler changing malloc() calls into calloc() as part of a "--security-over-performance"
> switch that could make other similar "helpful" transforms.
>
> What good is it to gain additional performance from the hardware every year if you don't direct
> some of it as appropriate to address some of the actual software issues that plague us?

D does initialize with known values all variables. It uses as much as it can invalid but defined values as initializer. Floating points are initialized as NaN, char is initialized as 0xFF as it is illegal pattern in UTF-8. Integrals are initialized with 0 as there is no illegal value. Pointer are null initialized. Memory allocated from the GC heap is initialized with 0. Enum are by default initialized with the first defined value and can be set to any value chosen by the programme
enum : short { invalid=-42, one=1, two, whatever=36 }
arrrays and structures are initialized.
Structure can be declared with initial values.
struct xx {
int val=34;
int whatever;
}

will initialize by default all structures with {34,0}.

Initialization can be suppressed for specific variable by using void as initializer.

ubyte page[4096] = void;

will reserve 4096 on the stack without initializing it, like in C or C++. It has then all the same problems it has in C or C++ of undefined behaviour. In practice though it is not a problem as it must be explicitely stated and thus doesn't go under the programmers/reviewers radar.

The feature of default initialization in D almost never poses problems and afaict, nobody using the language complains about. The impact on performance are negligeable and in cases where it could be problematic, it is possible to bypass with the void initialization.


< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Why not initialize all variables to zero?Doug S2020/03/26 12:13 PM
  Most (all?) modern programming languages do this, right?Mark Roulo2020/03/26 04:44 PM
    Most (all?) modern programming languages do this, right?Konrad Scharz2020/03/27 01:09 AM
      Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 03:13 AM
        Most (all?) modern programming languages do this, right?Foo_2020/03/27 03:45 AM
          Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 09:19 AM
            Most (all?) modern programming languages do this, right?Foo_2020/03/28 02:32 AM
              Most (all?) modern programming languages do this, right?Montaray Jack2020/03/28 10:26 AM
      Most (all?) modern programming languages do this, right?Jeff S.2020/03/27 07:22 AM
        Most (all?) modern programming languages do this, right?anonymou52020/03/27 01:08 PM
  Why not initialize all variables to zero?Etienne2020/03/27 01:56 AM
    Why not initialize all variables to zero?NoSpammer2020/03/27 02:31 AM
  Why not initialize all variables to zero?Carlie Coats2020/03/27 06:17 AM
    Why not initialize all variables to zero?Jukka Larja2020/03/27 10:14 PM
      Why not initialize all variables to zero?Anon2020/03/28 12:01 AM
        Why not initialize all variables to zero?Jukka Larja2020/03/28 08:25 AM
          Why not initialize all variables to zero?Anon2020/03/28 11:20 AM
            Why not initialize all variables to zero?Jukka Larja2020/03/28 11:45 AM
              Why not initialize all variables to zero?Anon2020/03/28 01:21 PM
                Why not initialize all variables to zero?Jukka Larja2020/03/28 09:49 PM
    Why not initialize all variables to zero?Doug S2020/03/28 11:27 AM
      Why not initialize all variables to zero?Anon2020/03/28 01:24 PM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 06:56 AM
  Why not initialize all variables to zero?Gabriele Svelto2020/03/27 06:52 AM
    Why not initialize all variables to zero?Foo_2020/03/28 02:34 AM
      Why not initialize all variables to zero?Linus Torvalds2020/03/28 09:40 AM
        Why not initialize all variables to zero?Doug S2020/03/28 11:21 AM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 01:01 PM
            Why not initialize all variables to zero?Etienne2020/04/02 01:14 AM
              Why not initialize all variables to zero?gallier22020/04/02 05:41 AM
              Why not initialize all variables to zero?Doug S2020/04/02 09:51 AM
        Why not initialize all variables to zero?Gabriele Svelto2020/03/28 01:46 PM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 04:28 PM
            Why not initialize all variables to zero?Anon32020/03/29 04:23 AM
            Why not initialize all variables to zero?Gabriele Svelto2020/03/29 12:28 PM
              Why not initialize all variables to zero?Anon32020/03/29 01:05 PM
                Why not initialize all variables to zero?Gabriele Svelto2020/03/30 12:52 AM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 07:03 AM
        Why not initialize all variables to zero?gallier22020/03/29 11:48 PM
          Why not initialize all variables to zero?Michael S2020/03/30 02:24 AM
            Why not initialize all variables to zero?gallier22020/03/30 03:11 AM
        Why not discard variables after last use?2020/03/31 08:02 AM
          Makes no sense at allHeikki Kultala2020/03/31 01:01 PM
            An example (maybe)Mark Roulo2020/03/31 04:07 PM
              An example (maybe)Doug S2020/04/01 11:01 AM
                An example (maybe)Simon Farnsworth2020/04/02 02:21 AM
            Why not discard variables after last use?2020/04/02 12:41 PM
    Why not initialize all variables to zero?j2020/03/28 09:16 AM
    Why not initialize all variables to zero?Montaray Jack2020/03/28 11:42 AM
  Why not initialize all variables to zero?blaine2020/03/27 01:23 PM
    Why not initialize all variables to zero?James2020/03/28 03:18 AM
      Why not initialize all variables to zero?Anon32020/03/28 05:14 AM
      Why not initialize all variables to zero?Doug S2020/03/28 11:32 AM
        Why not initialize all variables to zero?Anon32020/03/28 11:45 AM
    Why not initialize all variables to zero?gallier22020/03/30 12:03 AM
  Why not initialize all variables to zero?gallier22020/03/29 11:32 PM
    Why not initialize all variables to zero?Michael S2020/03/30 02:30 AM
      Why not initialize all variables to zero?gallier22020/03/30 03:45 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell purple?