From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Uninitialized variables (was: Re: private types)
Date: Mon, 20 Mar 2006 18:22:23 -0600
Date: 2006-03-20T18:22:23-06:00 [thread overview]
Message-ID: <0JidneutULuq2oLZ4p2dnA@megapath.net> (raw)
In-Reply-To: dvgh0s$rtu$1@apollo.cs.kuleuven.ac.be
"Dirk Craeynest" <dirk@apollo.cs.kuleuven.ac.be> wrote in message
news:dvgh0s$rtu$1@apollo.cs.kuleuven.ac.be...
> [This thread really is about uninitialized variables now, so I changed
> the subject...]
>
> In article <e_mdncFXrsg5wobZnZ2dnUVZ_t2dnZ2d@megapath.net>,
> Randy Brukardt <randy@rrsoftware.com> wrote:
> >So I recommend initalizing everything (or assigning it immediately
> >after the begin) that could be significant to performance.
>
> We did (and do) feel this is not a good approach, at least not when
> using GNAT or another compiler that supports something like the pragma
> Initialize_Scalars and enhanced validity checking.
>
> For much more about uninitialized variables in Ada code, the following
> paper might be useful:
>
> "Exposing Uninitialized Variables: Strengthening and Extending
> Run-Time Checks in Ada" [1],
> Robert Dewar, Olivier Hainque, Dirk Craeynest, and Philippe
> Waroquiers,
> In "Proceedings of the 7th International Conference on Reliable
> Software Technologies - Ada-Europe 2002" [2], Vienna, Austria,
> June 17-21, 2002, Johan Blieberger and Alfred Strohmeier (Eds.),
> volume 2361 of Lecture Notes in Computer Science, pages 193-204,
> Springer-Verlag, 2002.
>
> The conclusion of that paper contains our recommendation:
>
> ---start-quote---
>
> 5.3 Impact of Usage of Initialize Scalars on How to Program
>
> There is a trend in programming guidelines to "force" initializing
> everything at declaration resulting in code like:
>
> B : Natural := 0;
>
> if .... then
> B := 5;
> else
> B := 8;
> end if;
>
> The difficulty with such an approach is that the initial value is
> meaningless. If this value is used accidentally, the results are
> potentially just as wrong as the use of an uninitialized value, and
> furthermore, the explicit initialization precludes the approach we
> have described in this paper, and thus may introduce bugs that are much
> harder to find and fix. The automatic initialization under control of
> the compiler using Initialize Scalars is a far preferable approach.
>
> We therefore recommend that when a scalar is declared, the programmer
> should avoid initializing it if the code is supposed to set the value
> on all paths. It is better to let Initialize Scalars + gnatVa detect
> the bug in the code logic rather than trying to deal with meaningless
> initial values. Even for safety-critical programs, we can first compile
> with Initialize Scalars + gnatVa + invalid values and then, if needed,
> field the code with Initialize Scalars + all zero values (if it is the
> case that zero values give the code a better chance of avoiding
> seriously improper behavior).
>
> ---end-quote---
>
> The GNAT manuals provide more information on GNAT's pragma
> Initialize_Scalars [3] and on enhanced validity checking [4].
> Reference [3] mentions:
>
> ---start-quote---
>
> Note that pragma Initialize_Scalars is particularly useful in
> conjunction with the enhanced validity checking that is now provided
> in GNAT, which checks for invalid values under more conditions.
> Using this feature (see description of the -gnatV flag in the users
> guide) in conjunction with pragma Initialize_Scalars provides a
> powerful new tool to assist in the detection of problems caused by
> uninitialized variables.
>
> ---end-quote---
>
> We can assure everyone that from a developers and testers point of view
> the combination of Initialize_Scalars and enhanced validity checking is
> indeed "particularly useful".
>
> References:
> [1] <http://www.cs.kuleuven.be/~dirk/papers/ae02cfmu-paper.pdf>
> [2] <http://www.springer.de/cgi/svcat/search_book.pl?isbn=3-540-43784-3>
> [3]
<http://www.adacore.com/wp-content/files/auto_update/gnat-unw-docs/html/gnat
_rm_2.html#SEC48>
> [4]
<http://www.adacore.com/wp-content/files/auto_update/gnat-unw-docs/html/gnat
_ugn_4.html#SEC47>
>
> Dirk
> Dirk.Craeynest@cs.kuleuven.be (for Ada-Belgium/-Europe/SIGAda/WG9 mail)
>
> *** 11th Intl.Conf.on Reliable Software Technologies - Ada-Europe'2006
> *** June 5-9, 2006 ** Porto, Portugal ** http://www.ada-europe.org ***
next prev parent reply other threads:[~2006-03-21 0:22 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-13 19:58 private types ada_student
2006-03-13 20:27 ` Mark Lorenzen
2006-03-13 21:05 ` Pascal Obry
2006-03-13 21:07 ` ada_student
2006-03-13 21:45 ` Simon Wright
2006-03-14 4:51 ` Jeffrey R. Carter
2006-03-14 7:44 ` Brian May
2006-03-14 8:25 ` Ludovic Brenta
2006-03-14 8:47 ` Alex R. Mosteo
2006-03-17 4:33 ` Justin Gombos
2006-03-17 5:17 ` Brian May
2006-03-17 22:50 ` Justin Gombos
2006-03-18 1:17 ` Randy Brukardt
2006-03-18 2:17 ` Justin Gombos
2006-03-21 0:08 ` Randy Brukardt
2006-03-18 8:39 ` Uninitialized variables (was: Re: private types) Dirk Craeynest
2006-03-18 14:06 ` Gautier
2006-03-18 14:36 ` Uninitialized variables Jeffrey Creem
2006-03-21 0:22 ` Randy Brukardt [this message]
2006-03-21 0:38 ` Uninitialized variables (was: Re: private types) Randy Brukardt
2006-03-18 12:06 ` private types Martin Dowie
2006-03-18 12:47 ` Robert A Duff
2006-03-17 7:40 ` Maciej Sobczak
2006-03-17 16:41 ` Frank J. Lhota
2006-03-17 23:36 ` Justin Gombos
2006-03-18 1:32 ` Randy Brukardt
2006-03-18 3:21 ` Handling invalid objects Justin Gombos
2006-03-18 7:35 ` Jeffrey R. Carter
2006-03-18 16:10 ` Justin Gombos
2006-03-19 11:00 ` Simon Wright
2006-03-20 23:57 ` Randy Brukardt
2006-03-22 2:06 ` Justin Gombos
2006-03-22 5:23 ` tmoran
2006-03-22 8:48 ` Dmitry A. Kazakov
2006-03-22 9:24 ` Maciej Sobczak
2006-03-22 11:05 ` Dmitry A. Kazakov
2006-03-22 16:42 ` Maciej Sobczak
2006-03-22 18:06 ` Stefan Lucks
2006-03-23 13:20 ` Dmitry A. Kazakov
2006-03-18 8:57 ` Jacob Sparre Andersen
2006-03-19 19:07 ` Dr. Adrian Wrigley
2006-03-20 15:25 ` Robert A Duff
2006-03-19 22:06 ` Brian May
2006-03-20 21:17 ` Jeffrey R. Carter
2006-03-20 23:44 ` Randy Brukardt
2006-03-22 1:27 ` Justin Gombos
2006-03-18 9:20 ` private types Dmitry A. Kazakov
2006-03-17 13:18 ` Robert A Duff
2006-03-17 23:44 ` Justin Gombos
2006-03-18 9:24 ` Dmitry A. Kazakov
2006-03-18 12:56 ` Robert A Duff
2006-03-18 15:06 ` Justin Gombos
2006-03-19 9:35 ` Martin Krischik
2006-03-19 14:52 ` Peter C. Chapin
2006-03-19 15:08 ` Björn Persson
2006-03-19 16:34 ` Martin Krischik
2006-03-20 9:57 ` Maciej Sobczak
2006-03-20 10:58 ` Peter C. Chapin
2006-03-20 11:19 ` Peter C. Chapin
2006-03-20 13:06 ` Maciej Sobczak
2006-03-20 15:19 ` Robert A Duff
2006-03-20 16:47 ` James Dennett
2006-03-20 19:12 ` Martin Krischik
2006-03-21 7:27 ` Maciej Sobczak
2006-03-20 19:32 ` Martin Krischik
2006-03-21 7:41 ` Maciej Sobczak
2006-03-20 20:29 ` Simon Wright
2006-03-19 17:43 ` Larry Kilgallen
2006-03-19 22:11 ` Peter C. Chapin
2006-03-19 18:15 ` Robert A Duff
2006-03-19 19:20 ` Martin Krischik
2006-03-19 20:43 ` Dr. Adrian Wrigley
2006-03-20 15:01 ` Robert A Duff
2006-03-27 4:07 ` Dave Thompson
2006-03-20 9:40 ` Maciej Sobczak
2006-03-20 15:09 ` Robert A Duff
2006-03-21 8:07 ` Maciej Sobczak
2006-03-26 18:53 ` Robert A Duff
2006-03-19 19:27 ` Jeffrey R. Carter
2006-03-25 21:40 ` Robert A Duff
2006-03-26 0:10 ` Justin Gombos
2006-03-26 1:00 ` Robert A Duff
2006-03-26 6:37 ` Jeffrey R. Carter
2006-03-26 15:43 ` Justin Gombos
2006-03-26 16:32 ` Robert A Duff
2006-03-26 16:51 ` Robert A Duff
2006-03-26 19:41 ` Jeffrey R. Carter
2006-03-26 3:15 ` Frank J. Lhota
2006-03-26 18:28 ` Robert A Duff
2006-03-26 19:43 ` Jeffrey R. Carter
2006-03-26 19:59 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox