Why not initialize all variables to zero?

By: gallier2 (gallier2.delete@this.gmx.de), March 30, 2020 3:45 am
Room: Moderated Discussions
Michael S (already5chosen.delete@this.yahoo.com) on March 30, 2020 2:30 am wrote:
> gallier2 (gallier2.delete@this.gmx.de) on March 29, 2020 11:32 pm wrote:
> > Doug S (foo.delete@this.bar.bar) on March 26, 2020 12:13 pm wrote:
> > > Its 2020 and exploits involving uninitialized variables are still very much a thing. Why in the
> > > world should that still be true, or more to the point why aren't we doing more about it?
> > >
> > > Is there any reason compilers shouldn't automatically zero all stack variables (as is already the case
> > > for global/extern/static variables) unless an explicit assignment was given in its declaration?
> > >
> > > In the past there may have been some reasonable objections about performance, but is that really an issue
> > > any longer? Any current compiler could easily remove most of the unnecessary zeroing instructions when
> > > it would detect the variable was assigned before use, so there would be few such assignments remaining.
> > > Unless you had a function with many large stack variables
> > > and/or was called many many times, the performance
> > > impact would be impossible to measure. For cases where it is, or for those who value absolute performance
> > > and trust their code the compiler would of course provide a switch to turn off this behavior.
> > >
> > > Now I don't claim this would completely cure the issue,
> > > as you can assign variables created via malloc, re-use
> > > variables without clearing them etc., but it would go a long
> > > way towards fixing the main source of uninitialized
> > > variables - which aren't a problem simply for exploits but also bugs and inconsistent behavior in general.
> > > How many man years of effort are wasted each year trying
> > > to track down such bugs, or worse trying and failing
> > > to do so? Personally I wouldn't mind a compiler changing malloc()
> > > calls into calloc() as part of a "--security-over-performance"
> > > switch that could make other similar "helpful" transforms.
> > >
> > > What good is it to gain additional performance from the hardware every year if you don't direct
> > > some of it as appropriate to address some of the actual software issues that plague us?
> >
> > D does initialize with known values all variables. It uses as much as it can invalid but defined
> > values as initializer. Floating points are initialized as NaN, char is initialized as 0xFF as it
> > is illegal pattern in UTF-8. Integrals are initialized with 0 as there is no illegal value. Pointer
> > are null initialized. Memory allocated from the GC heap is initialized with 0. Enum are by default
> > initialized with the first defined value and can be set to any value chosen by the programme
> > enum : short { invalid=-42, one=1, two, whatever=36 }
> > arrrays and structures are initialized.
> > Structure can be declared with initial values.
> > struct xx {
> > int val=34;
> > int whatever;
> > }
> >
> > will initialize by default all structures with {34,0}.
> >
> > Initialization can be suppressed for specific variable by using void as initializer.
> >
> > ubyte page[4096] = void;
> >
> > will reserve 4096 on the stack without initializing it, like in C or C++. It has then all the
> > same problems it has in C or C++ of undefined behaviour. In practice though it is not a problem
> > as it must be explicitely stated and thus doesn't go under the programmers/reviewers radar.
> >
> > The feature of default initialization in D almost never poses problems and afaict, nobody
> > using the language complains about. The impact on performance are negligeable and in cases
> > where it could be problematic, it is possible to bypass with the void initialization.
> >
> >
> >
>
> The main complaint, as you can see even in this thread, is not about performance
> impact, but about suppression of useful compiler warning.
>

Yes, and the experience in the D community after having that feature for 20 years is that it's a non problem. I'm just reporting what 5 years of D forum discussions had about the subject. It comes up from time to time when a newby asks about it, and the majority answer is that preinitialising of variable is a good thing and better than not doing it. Few features in D have such a consensus opinion.
It's just a data point and you (not specifically you Michael but the whole thread) can do what you will with it.

As for my personal experience, it is mostly in pure C (D is more a hobby even if I managed to sneak it in in some parts in my day job) and I had had the missing warning problem but it disappeared when I refactored the code to avoid defining the variable at block scope when it is only used far below in the function. This made a big difference, as it reduces the scope of the variable, i.e. you can often see the whole lifetime of the variable in one look.
This is just an anecdote with my experience and I cannot generalize it to a universal rule as there were other code smells that were touched by my refactoring.
< Previous Post in Thread 
TopicPosted ByDate
Why not initialize all variables to zero?Doug S2020/03/26 12:13 PM
  Most (all?) modern programming languages do this, right?Mark Roulo2020/03/26 04:44 PM
    Most (all?) modern programming languages do this, right?Konrad Scharz2020/03/27 01:09 AM
      Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 03:13 AM
        Most (all?) modern programming languages do this, right?Foo_2020/03/27 03:45 AM
          Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 09:19 AM
            Most (all?) modern programming languages do this, right?Foo_2020/03/28 02:32 AM
              Most (all?) modern programming languages do this, right?Montaray Jack2020/03/28 10:26 AM
      Most (all?) modern programming languages do this, right?Jeff S.2020/03/27 07:22 AM
        Most (all?) modern programming languages do this, right?anonymou52020/03/27 01:08 PM
  Why not initialize all variables to zero?Etienne2020/03/27 01:56 AM
    Why not initialize all variables to zero?NoSpammer2020/03/27 02:31 AM
  Why not initialize all variables to zero?Carlie Coats2020/03/27 06:17 AM
    Why not initialize all variables to zero?Jukka Larja2020/03/27 10:14 PM
      Why not initialize all variables to zero?Anon2020/03/28 12:01 AM
        Why not initialize all variables to zero?Jukka Larja2020/03/28 08:25 AM
          Why not initialize all variables to zero?Anon2020/03/28 11:20 AM
            Why not initialize all variables to zero?Jukka Larja2020/03/28 11:45 AM
              Why not initialize all variables to zero?Anon2020/03/28 01:21 PM
                Why not initialize all variables to zero?Jukka Larja2020/03/28 09:49 PM
    Why not initialize all variables to zero?Doug S2020/03/28 11:27 AM
      Why not initialize all variables to zero?Anon2020/03/28 01:24 PM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 06:56 AM
  Why not initialize all variables to zero?Gabriele Svelto2020/03/27 06:52 AM
    Why not initialize all variables to zero?Foo_2020/03/28 02:34 AM
      Why not initialize all variables to zero?Linus Torvalds2020/03/28 09:40 AM
        Why not initialize all variables to zero?Doug S2020/03/28 11:21 AM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 01:01 PM
            Why not initialize all variables to zero?Etienne2020/04/02 01:14 AM
              Why not initialize all variables to zero?gallier22020/04/02 05:41 AM
              Why not initialize all variables to zero?Doug S2020/04/02 09:51 AM
        Why not initialize all variables to zero?Gabriele Svelto2020/03/28 01:46 PM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 04:28 PM
            Why not initialize all variables to zero?Anon32020/03/29 04:23 AM
            Why not initialize all variables to zero?Gabriele Svelto2020/03/29 12:28 PM
              Why not initialize all variables to zero?Anon32020/03/29 01:05 PM
                Why not initialize all variables to zero?Gabriele Svelto2020/03/30 12:52 AM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 07:03 AM
        Why not initialize all variables to zero?gallier22020/03/29 11:48 PM
          Why not initialize all variables to zero?Michael S2020/03/30 02:24 AM
            Why not initialize all variables to zero?gallier22020/03/30 03:11 AM
        Why not discard variables after last use?2020/03/31 08:02 AM
          Makes no sense at allHeikki Kultala2020/03/31 01:01 PM
            An example (maybe)Mark Roulo2020/03/31 04:07 PM
              An example (maybe)Doug S2020/04/01 11:01 AM
                An example (maybe)Simon Farnsworth2020/04/02 02:21 AM
            Why not discard variables after last use?2020/04/02 12:41 PM
    Why not initialize all variables to zero?j2020/03/28 09:16 AM
    Why not initialize all variables to zero?Montaray Jack2020/03/28 11:42 AM
  Why not initialize all variables to zero?blaine2020/03/27 01:23 PM
    Why not initialize all variables to zero?James2020/03/28 03:18 AM
      Why not initialize all variables to zero?Anon32020/03/28 05:14 AM
      Why not initialize all variables to zero?Doug S2020/03/28 11:32 AM
        Why not initialize all variables to zero?Anon32020/03/28 11:45 AM
    Why not initialize all variables to zero?gallier22020/03/30 12:03 AM
  Why not initialize all variables to zero?gallier22020/03/29 11:32 PM
    Why not initialize all variables to zero?Michael S2020/03/30 02:30 AM
      Why not initialize all variables to zero?gallier22020/03/30 03:45 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell purple?