Why not initialize all variables to zero?

By: gallier2 (gallier2.delete@this.gmx.de), April 2, 2020 5:41 am
Room: Moderated Discussions
Etienne (etienne_lorrain.delete@this.yahoo.fr) on April 2, 2020 1:14 am wrote:
> Linus Torvalds (torvalds.delete@this.linux-foundation.org) on March 28, 2020 1:01 pm wrote:
> > Doug S (foo.delete@this.bar.bar) on March 28, 2020 11:21 am wrote:
> > >
> > > Is this an option you have considered for the kernel? What do you
> > > see as potential issues that might arise if you took that step?
> >
> > It's been discussed quite a bit, and the main issues we've
> > worried about is that in most cases, adding automatic
> > zero initialization ends up then meaning that you lose the warnings about uninitialized variables.
> >
> > And since we can't rely on it in general with all compiler
> > versions, we really do want the warning, and we really
> > can't just say "code that doesn't initialize is correct, because the compiler is initializing for us".
> >
> > Similarly, because it's not a standard compiler option, some of the prototyping (and actual use) was/is
> > done with gcc plugins, which ends up making people (very much including me) worried about stability
> > - compiler plugins can be very powerful and useful, but they've also been a source of problems.
> >
> > Using a compiler plugin also means that if there are inefficiencies (ie "look, the compiler
> > should have seen that this wasn't necessary, because it ends up initializing it later"), you
> > can't make a compiler bug report about it, because it's your own damn stupid plugin that introduces
> > the problem, and the upstream compiler people - quite reasonably - will not care.
> >
> > So people do use plugins, but honestly, I would never want to rely
> > on them. They are for special cases, and for special cases only.
> >
> > With modern clang builds, the compiler has a supported option,
> > and you can already choose to enable it for the
> > kernel. Except we then use the "pattern" option (which uses a 0xAA pattern to initialize instead of zero).
> >
> > Using a non-zero pattern (that generally causes faults if it's used as a pointer, for example, but also
> > shows up as a pattern in register contents etc if you use it) can be useful for debugging, but honestly,
> > if it was an actual standard language feature I think zero initialization is a better model - because
> > at that point it doesn't just help debugging, it can help simplifying the actual source code.
> >
> > Since we can't rely on that "simply the source code", a magic pattern is better for us.
> >
> > Anyway, if we were to have reliable zero-filling available to us with all the compilers
> > we use for the kernel, I'd probably aim to eventually move us to a "special C" version where
> > we just rely on that and don't consider uninitialized local variables to be a bug at all.
> > We already obviously use "extended C" for the kernel rather than coding for some theoretical
> > standard C model, so making that kind of extension wouldn't be a conceptual problem.
> >
> > But realistically, with the speed that infrastructure changes
> > like this move, that's at least five years away.
> >
> > So in the meantime, we have the (imho inferior) "use a pattern for debugging and not leaking
> > old stack contents" as an option, and we can't do the source level simplifications that would
> > come from "local variables are initialized to zero, just like static ones are".
> >
> > Linus
>
> I see another problem, about double initialisation: how the
> compiler detects a variable/structure is initialised?
> Obviously:
> - struct { int word[8]; } localvar ; memset (localvar, 0, sizeof(localvar));

memset (&localvar, 0, sizeof(localvar));

> is initialised (unless memset is overwritten by LD_PRELOAD or -ffreestanding)
> but then there are more complex cases:
> - struct { int word[8]; } localvar ; my_memset (localvar, 0, sizeof(localvar));
> - struct { int word[8]; } localvar ; my_localvar_init (&localvar);
> - struct { int word[8]; } localvar ; if ( read(&localvar,
> buf, sizeof(localvar)) != sizeof(localvar)) return; ...
> - struct { int word[8]; } localvar ; if ( read(&localvar, buf, sizeof(localvar))
> != sizeof(localvar)) { perror(""); return; } ...
> And would the compiler initialise gaps in structures/unions?
> And should the compiler initialise fields in structure/unions that he knows are not used?
>
>
>

< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Why not initialize all variables to zero?Doug S2020/03/26 12:13 PM
  Most (all?) modern programming languages do this, right?Mark Roulo2020/03/26 04:44 PM
    Most (all?) modern programming languages do this, right?Konrad Scharz2020/03/27 01:09 AM
      Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 03:13 AM
        Most (all?) modern programming languages do this, right?Foo_2020/03/27 03:45 AM
          Most (all?) modern programming languages do this, right?Gionatan Danti2020/03/27 09:19 AM
            Most (all?) modern programming languages do this, right?Foo_2020/03/28 02:32 AM
              Most (all?) modern programming languages do this, right?Montaray Jack2020/03/28 10:26 AM
      Most (all?) modern programming languages do this, right?Jeff S.2020/03/27 07:22 AM
        Most (all?) modern programming languages do this, right?anonymou52020/03/27 01:08 PM
  Why not initialize all variables to zero?Etienne2020/03/27 01:56 AM
    Why not initialize all variables to zero?NoSpammer2020/03/27 02:31 AM
  Why not initialize all variables to zero?Carlie Coats2020/03/27 06:17 AM
    Why not initialize all variables to zero?Jukka Larja2020/03/27 10:14 PM
      Why not initialize all variables to zero?Anon2020/03/28 12:01 AM
        Why not initialize all variables to zero?Jukka Larja2020/03/28 08:25 AM
          Why not initialize all variables to zero?Anon2020/03/28 11:20 AM
            Why not initialize all variables to zero?Jukka Larja2020/03/28 11:45 AM
              Why not initialize all variables to zero?Anon2020/03/28 01:21 PM
                Why not initialize all variables to zero?Jukka Larja2020/03/28 09:49 PM
    Why not initialize all variables to zero?Doug S2020/03/28 11:27 AM
      Why not initialize all variables to zero?Anon2020/03/28 01:24 PM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 06:56 AM
  Why not initialize all variables to zero?Gabriele Svelto2020/03/27 06:52 AM
    Why not initialize all variables to zero?Foo_2020/03/28 02:34 AM
      Why not initialize all variables to zero?Linus Torvalds2020/03/28 09:40 AM
        Why not initialize all variables to zero?Doug S2020/03/28 11:21 AM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 01:01 PM
            Why not initialize all variables to zero?Etienne2020/04/02 01:14 AM
              Why not initialize all variables to zero?gallier22020/04/02 05:41 AM
              Why not initialize all variables to zero?Doug S2020/04/02 09:51 AM
        Why not initialize all variables to zero?Gabriele Svelto2020/03/28 01:46 PM
          Why not initialize all variables to zero?Linus Torvalds2020/03/28 04:28 PM
            Why not initialize all variables to zero?Anon32020/03/29 04:23 AM
            Why not initialize all variables to zero?Gabriele Svelto2020/03/29 12:28 PM
              Why not initialize all variables to zero?Anon32020/03/29 01:05 PM
                Why not initialize all variables to zero?Gabriele Svelto2020/03/30 12:52 AM
        Why not initialize all variables to zero?Carlie Coats2020/03/29 07:03 AM
        Why not initialize all variables to zero?gallier22020/03/29 11:48 PM
          Why not initialize all variables to zero?Michael S2020/03/30 02:24 AM
            Why not initialize all variables to zero?gallier22020/03/30 03:11 AM
        Why not discard variables after last use?2020/03/31 08:02 AM
          Makes no sense at allHeikki Kultala2020/03/31 01:01 PM
            An example (maybe)Mark Roulo2020/03/31 04:07 PM
              An example (maybe)Doug S2020/04/01 11:01 AM
                An example (maybe)Simon Farnsworth2020/04/02 02:21 AM
            Why not discard variables after last use?2020/04/02 12:41 PM
    Why not initialize all variables to zero?j2020/03/28 09:16 AM
    Why not initialize all variables to zero?Montaray Jack2020/03/28 11:42 AM
  Why not initialize all variables to zero?blaine2020/03/27 01:23 PM
    Why not initialize all variables to zero?James2020/03/28 03:18 AM
      Why not initialize all variables to zero?Anon32020/03/28 05:14 AM
      Why not initialize all variables to zero?Doug S2020/03/28 11:32 AM
        Why not initialize all variables to zero?Anon32020/03/28 11:45 AM
    Why not initialize all variables to zero?gallier22020/03/30 12:03 AM
  Why not initialize all variables to zero?gallier22020/03/29 11:32 PM
    Why not initialize all variables to zero?Michael S2020/03/30 02:30 AM
      Why not initialize all variables to zero?gallier22020/03/30 03:45 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell purple?