Why not initialize all variables to zero?

By: Etienne (etienne_lorrain.delete@this.yahoo.fr), April 2, 2020 1:14 am
Room: Moderated Discussions
Linus Torvalds (torvalds.delete@this.linux-foundation.org) on March 28, 2020 1:01 pm wrote:
> Doug S (foo.delete@this.bar.bar) on March 28, 2020 11:21 am wrote:
> >
> > Is this an option you have considered for the kernel? What do you
> > see as potential issues that might arise if you took that step?
>
> It's been discussed quite a bit, and the main issues we've worried about is that in most cases, adding automatic
> zero initialization ends up then meaning that you lose the warnings about uninitialized variables.
>
> And since we can't rely on it in general with all compiler versions, we really do want the warning, and we really
> can't just say "code that doesn't initialize is correct, because the compiler is initializing for us".
>
> Similarly, because it's not a standard compiler option, some of the prototyping (and actual use) was/is
> done with gcc plugins, which ends up making people (very much including me) worried about stability
> - compiler plugins can be very powerful and useful, but they've also been a source of problems.
>
> Using a compiler plugin also means that if there are inefficiencies (ie "look, the compiler
> should have seen that this wasn't necessary, because it ends up initializing it later"), you
> can't make a compiler bug report about it, because it's your own damn stupid plugin that introduces
> the problem, and the upstream compiler people - quite reasonably - will not care.
>
> So people do use plugins, but honestly, I would never want to rely
> on them. They are for special cases, and for special cases only.
>
> With modern clang builds, the compiler has a supported option, and you can already choose to enable it for the
> kernel. Except we then use the "pattern" option (which uses a 0xAA pattern to initialize instead of zero).
>
> Using a non-zero pattern (that generally causes faults if it's used as a pointer, for example, but also
> shows up as a pattern in register contents etc if you use it) can be useful for debugging, but honestly,
> if it was an actual standard language feature I think zero initialization is a better model - because
> at that point it doesn't just help debugging, it can help simplifying the actual source code.
>
> Since we can't rely on that "simply the source code", a magic pattern is better for us.
>
> Anyway, if we were to have reliable zero-filling available to us with all the compilers
> we use for the kernel, I'd probably aim to eventually move us to a "special C" version where
> we just rely on that and don't consider uninitialized local variables to be a bug at all.
> We already obviously use "extended C" for the kernel rather than coding for some theoretical
> standard C model, so making that kind of extension wouldn't be a conceptual problem.
>
> But realistically, with the speed that infrastructure changes
> like this move, that's at least five years away.
>
> So in the meantime, we have the (imho inferior) "use a pattern for debugging and not leaking
> old stack contents" as an option, and we can't do the source level simplifications that would
> come from "local variables are initialized to zero, just like static ones are".
>
> Linus

I see another problem, about double initialisation: how the compiler detects a variable/structure is initialised?
Obviously:
- struct { int word[8]; } localvar ; memset (localvar, 0, sizeof(localvar));
is initialised (unless memset is overwritten by LD_PRELOAD or -ffreestanding)
but then there are more complex cases:
- struct { int word[8]; } localvar ; my_memset (localvar, 0, sizeof(localvar));
- struct { int word[8]; } localvar ; my_localvar_init (&localvar);
- struct { int word[8]; } localvar ; if ( read(&localvar, buf, sizeof(localvar)) != sizeof(localvar)) return; ...
- struct { int word[8]; } localvar ; if ( read(&localvar, buf, sizeof(localvar)) != sizeof(localvar)) { perror(""); return; } ...
And would the compiler initialise gaps in structures/unions?
And should the compiler initialise fields in structure/unions that he knows are not used?


< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Why not initialize all variables to zero?Doug S2020/03/26 12:13 PM
  Most (all?) modern programming languages do this, right?Mark Roulo2020/03/26 04:44 PM
    Most (all?) modern programming languages do this, right?Konrad Scharz2020/03/27 01:09 AM
      Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 03:13 AM
        Most (all?) modern programming languages do this, right?Foo_2020/03/27 03:45 AM
          Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 09:19 AM
            Most (all?) modern programming languages do this, right?Foo_2020/03/28 02:32 AM
              Most (all?) modern programming languages do this, right?Montaray Jack2020/03/28 10:26 AM
      Most (all?) modern programming languages do this, right?Jeff S.2020/03/27 07:22 AM
        Most (all?) modern programming languages do this, right?anonymou52020/03/27 01:08 PM
  Why not initialize all variables to zero?Etienne2020/03/27 01:56 AM
    Why not initialize all variables to zero?NoSpammer2020/03/27 02:31 AM
  Why not initialize all variables to zero?Carlie Coats2020/03/27 06:17 AM
    Why not initialize all variables to zero?Jukka Larja2020/03/27 10:14 PM
      Why not initialize all variables to zero?Anon2020/03/28 12:01 AM
        Why not initialize all variables to zero?Jukka Larja2020/03/28 08:25 AM
          Why not initialize all variables to zero?Anon2020/03/28 11:20 AM
            Why not initialize all variables to zero?Jukka Larja2020/03/28 11:45 AM
              Why not initialize all variables to zero?Anon2020/03/28 01:21 PM
                Why not initialize all variables to zero?Jukka Larja2020/03/28 09:49 PM
    Why not initialize all variables to zero?Doug S2020/03/28 11:27 AM
      Why not initialize all variables to zero?Anon2020/03/28 01:24 PM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 06:56 AM
  Why not initialize all variables to zero?Gabriele Svelto2020/03/27 06:52 AM
    Why not initialize all variables to zero?Foo_2020/03/28 02:34 AM
      Why not initialize all variables to zero?Linus Torvalds2020/03/28 09:40 AM
        Why not initialize all variables to zero?Doug S2020/03/28 11:21 AM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 01:01 PM
            Why not initialize all variables to zero?Etienne2020/04/02 01:14 AM
              Why not initialize all variables to zero?gallier22020/04/02 05:41 AM
              Why not initialize all variables to zero?Doug S2020/04/02 09:51 AM
        Why not initialize all variables to zero?Gabriele Svelto2020/03/28 01:46 PM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 04:28 PM
            Why not initialize all variables to zero?Anon32020/03/29 04:23 AM
            Why not initialize all variables to zero?Gabriele Svelto2020/03/29 12:28 PM
              Why not initialize all variables to zero?Anon32020/03/29 01:05 PM
                Why not initialize all variables to zero?Gabriele Svelto2020/03/30 12:52 AM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 07:03 AM
        Why not initialize all variables to zero?gallier22020/03/29 11:48 PM
          Why not initialize all variables to zero?Michael S2020/03/30 02:24 AM
            Why not initialize all variables to zero?gallier22020/03/30 03:11 AM
        Why not discard variables after last use?2020/03/31 08:02 AM
          Makes no sense at allHeikki Kultala2020/03/31 01:01 PM
            An example (maybe)Mark Roulo2020/03/31 04:07 PM
              An example (maybe)Doug S2020/04/01 11:01 AM
                An example (maybe)Simon Farnsworth2020/04/02 02:21 AM
            Why not discard variables after last use?2020/04/02 12:41 PM
    Why not initialize all variables to zero?j2020/03/28 09:16 AM
    Why not initialize all variables to zero?Montaray Jack2020/03/28 11:42 AM
  Why not initialize all variables to zero?blaine2020/03/27 01:23 PM
    Why not initialize all variables to zero?James2020/03/28 03:18 AM
      Why not initialize all variables to zero?Anon32020/03/28 05:14 AM
      Why not initialize all variables to zero?Doug S2020/03/28 11:32 AM
        Why not initialize all variables to zero?Anon32020/03/28 11:45 AM
    Why not initialize all variables to zero?gallier22020/03/30 12:03 AM
  Why not initialize all variables to zero?gallier22020/03/29 11:32 PM
    Why not initialize all variables to zero?Michael S2020/03/30 02:30 AM
      Why not initialize all variables to zero?gallier22020/03/30 03:45 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell purple?