Hello, I have the idea of a flag that emulates D behavior on variable initialization, I mean initialize all members to 0 by default, and allow explicit modify this behavior on performance sensitive code.
I think this could be an interesting compilation flag or pragma.
What's your opinion?
As a D user I can say that this is a feature that is really, really nice to have. But I would guess that Clang would go in the direction of static analysis instead.
I quite like this idea as a language feature, but it has limited use as a compiler-specific extension. You can't write code that relies on this behaviour without becoming completely compiler-dependent, and it will hide bugs that will appear with other compilers. Given the reality of C, I'd prefer improvements to the used-uninitialised warnings, if there are any cases that they still miss.
Adding = 0 to a declaration is not much effort if required, and it's often useful to have a variable in an undefined state at the start so that the compiler can check that it is initialised in every code path. It's easy for a default initialisation to accidentally propagate when it isn't intended.
This does seem like something a tool could do, though. Normally we have the '= 0' fixit on a note for -Wuninitialized; maybe we could have a mode where that particular fixit is applied anyway? (An extension to 'clang-check -fixit'?)
Just throwing out ideas!
I agree with David though, the problem of uninitialized integrals is that they do not have any sentinel values (unlike pointers, by the way, for which null initialization never hurts).
If you ever set a default, then you lose the capability of the compiler to tell you that the default may leak outside the current scope, because as far as the compiler is concerned this default is a perfectly reasonable value to have for an integer.
In other words, you are just trading technical automatically detectable defects for functional hidden ones.
I find it much easier to run with
-Wmaybe-uninitialized on. And in the cases it’s missed, I’d prefer for debug builds to stop zero-initializing everything and let the software crash… that’s what debug builds are for!
I'd possibly actually prefer debug builds to initialise with some value like 0x7777777777777777, which is very unlikely to be a valid pointer even with some arithmetic and is also likely to give obviously-wrong errors when used as arithmetic. The problem with 0 is that 0 quite often is a valid, but wrong, value.
In D these are the default values for all types:
D always tries to use a sentinel value if possible. Unfortunately it's not for integer types.
And I find this annoying. I would have preferred that they decided that - (2**(N-1)) be a sentinel value, since anyway it’s a loosy value as you cannot get its positive counterpart… But a “default” value ? Then it’s impossible to decide whether it’s intentional or not that this default is returned.
The philosophy of D is, (memory) safe by default, possible to write some extra code to get it fast(er).
You can always specify that you don't what a variable to be default initialized:
int a = void;