"Joachim Schmitz" <j...@schmitz-digital.de> writes:

> OK, so let's have a look at code, current git,
> builtin/cat-file.c, line 196:
>         void *contents = contents;
> This variable is set later in an if branch (if (print_contents == BATCH),
> but not in the else branch. It is later used always under the same condition
> as the one under which it is set.
> Apparently is is malloc_d storage (there a "free(content);"), so there's no
> harm al all in initializing it with NULL, even if it only appeases a stupid
> compiler.

It actually is harmful.  See below.

> The next one, builtin/fast-export.c, line 486:
>                 struct commit *commit = commit;
> it is set in a switch statement, but not in every case, as far as I can see.
> Hmm, maybe it is, and I just get lost in the code
> And it is used directly after the switch, hopefully set to something
> reasonable.
> Why take the risk and not set it to NULL?


> Next one, builtin/rev-list.c, line 390:
>                 int reaches = reaches, all = all;
>                 revs.commits = find_bisection(revs.commits, &reaches, &all,
>                                               bisect_find_all);
> Seem pretty pointless to initialize them, provided find_bisection doesn't
> read them. Does it?

That is why they are not initializations but marks to the compiler
to signal "you may be stupid enough to think they are used before
initialized or assigned, but that is not the case".  Initializing
them would be pointless.

> Next one, fast-import.c, line 2268:
>         struct object_entry *oe = oe;
> os gets set in en if and an else branch, but not in then intermediate else
> if branch!

Look again.  If the recent code is too complex for you to
understand, go back to 10e8d68 (Correct compiler warnings in
fast-import., 2007-02-06) and read the function.

The control flow of the early part of that function dictates that
either oe is assigned *or* inline_data is set to 1.  When inline_data
is false, oe is always set.

The compiler was too stupid to read that, and that is why the
(confusing) idiom to mark it for the stupid compiler was used.

There are a few reasons why I do not think this self-assignment
idiom or initializing the variable to an innocuous-looking random
value is a particularly good thing to do when you see compiler

If the compiler suspects the variable might be unused, you should
always look at it and follow the flow yourself.  Once you know it is
a false alarm, you can use the idiom to squelch the warning, and it
at the same serves as a note to others that you verified the flow
and made sure it is a false warning.

When the next person wants to touch the code, if the person knows
the use of the idiom, it only serves as a warning to be extra
careful not to introduce a new codepath that reads the variable
without setting, as the compiler no longer helps him.  If the person
who touches the code is as clueless as the compiler and cannot
follow the codepath to see the variable is never used uninitialized,
the result will be a lot worse.

That is the reason why I do not think the idiom to squelch the
compiler is such a good thing.  Careless people touch the code, so
"oe = oe" initialization carefully placed in the original version
does not necessarily stay as a useful documentation.

But if you use "oe = NULL" as a way to squelch the warning in the
first place, it is no better than "oe = oe".  In a sense, it is even
worse, as it just looks like any other initialization and gives a
false impression that the remainder of the code is written in such a
way that it tolerates oe being NULL in any codepath, or there is
some assignment before that before the code reaches places where oe
cannot be NULL.  That is different from what "oe = oe" initializaion
documents---in the codepath protected by "if (inline_data)", it
isn't just "oe can safely be NULL there"; instead it is "oe can
safely be *any* value there, because we don't use it".  Of course,
if you explicitly initialized oe to NULL, even if you introduce a
codepath where oe cannot be NULL later, you won't get a warning from
the compiler, so it is no better than "oe = oe".

And that is the reason why I do not think initialization to an
innocuous-looking random value (e.g. NULL) is a good answer, either.

When both are not good, replacing "oe = oe" with "oe = NULL" didn't
make much sense, especially when the former _could_ be used better
by more careful people.  And that is the resistance J6t remembers.

But when recent compilers started to warn "oe = oe" that itself is
undefined, the equation changed.  The idiom ceased to be a way to
squelch the incorrect compiler warning (which was the primary point
of its use---the documentation value is secondary, as what we
document is "we are squelching a false alarm", but we no longer are
squelching anything).

See 4a5de8d (vcs-svn: avoid self-assignment in dummy initialization
of pre_off, 2012-06-01), and 58ebd98 (vcs-svn/svndiff.c: squelch
false "unused" warning from gcc, 2012-01-27) that it updated, for an
example of how we are migrating away from "oe = oe" idiom.

In any case, I already said initializing to 0 is OK in my previous
message, I think, so if you are seeing warning from the compiler on
uninitialized variables in your new code, you know you should

 (1) first follow the codepath to make sure it is a false alarm (if
     it isn't, fix the code);

 (2) then see if you can simplify your code so that it is crystal
     clear even to the stupid compiler that you are not using an
     uninitialized variable; and

 (3) if you can't, then initialize it to some known bad value,
     avoiding the "oe = oe" idiom.

Is there anything more to discuss on this topic?

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to