This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: gcc - setting the uninitialized state (tainting variables)
- From: Anthony Foiani <tkil at scrye dot com>
- To: Campbell Barton <ideasman42 at gmail dot com>
- Cc: gcc at gcc dot gnu dot org
- Date: Sun, 26 May 2013 22:01:16 -0600
- Subject: Re: gcc - setting the uninitialized state (tainting variables)
- References: <CAEcf3NwNYF5su_TRkQ_3aVLm4NBAPgYiVsgDoSWBXLz3J+ChUA at mail dot gmail dot com>
- Reply-to: Anthony Foiani <tkil at scrye dot com>
Campbell Barton <ideasman42@gmail.com> writes:
> Hi, I was looking into the possibility of setting a variable as
> uninitialized again (after its been initialized at least once
> already).
>
> [...]
>
> Is this possible or has it been considered before?
What languages are you targetting?
In modern C and C++, I would expect programmers to use limited
variable scope to control this kind of exposure.
For example, I think you want something like this (note that the
attribute I'm using doesn't actually exist, I'm just trying to
paraphrase your request).
int x = 1; // initialized
int y; // uninitialized
x = y; // use of uninitialized value 'y'
y = 2; // no longer uninitialized
x = y; // fine
y = ((__attr__ uninitialized))0; // tell gcc it's uninitialized again
x = y; // warn here please.
If so, I would use additional scopes in C99 (or later) or C++ (pretty
sure it's had "declare at point of use" since at least ARM in
1993...):
int x = 1; // initialized
{
int y; // uninitialized
x = y; // warn here
y = 2; // ok, now it's initialized
x = y; // fine, no warning
}
{
int y; // uninitialized again!
x = y; // warns here
}
The extra scopes are a bit off-putting, but I'm very used to them in
C++ (from heavy use of RAII techniques.)
Since there is an answer for this in mainstream languages, I don't
think it's worth adding to the compiler.
Looking at your example on OS, it seems you're concerned with an
array. The above technique should work just as well with arrays, and
there should be no extra runtime cost, since the entire stack frame is
allocated on function entry (SFAIK).
Hope this helps,
Anthony Foiani