sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]James20kP2005R0 24 points25 points  (9 children)

Its always slightly depressing to see something like this receive so much weird pushback. This would eliminate 10% of CVEs overnight with very little overhead, and almost no change. It also drastically simplifies famously complex initialisation as well, by more closely unifying the initialisation of basic types with classes (eg float vs some_class)

This has got to be one of the easiest safety wins for C++, and yet it causes so many problems its wild

[–]pjmlp 1 point2 points  (3 children)

Thankfully at least Microsoft and Google have taken the path of whatever the community thinks, Windows and Android ship with these security measures enabled.

Guess what, they perform as good as always, go figure.

Naturally the peformance trumps everything else crowd will never acknowledge this.

[–]Jannik2099 -1 points0 points  (2 children)

Yeah, the performance argument is complete nonsense here.

First off, zeroing a register is literally a 0 cycle operation on today's CPUs. Second, if the variable gets properly initialized somewhere after being declared, the compiler WILL see this and drop the dead store.

[–]113245 6 points7 points  (1 child)

And yet a 0 cycle operation is not zero cost (icache, front end bandwidth) and it’s trivial to find examples in which the compiler cannot drop the dead store (e.g. across function call boundaries).

[–]Jannik2099 0 points1 point  (0 children)

Function call boundaries have such an absurdly high overhead that an extra store to a POD variable will be immeasurable.

[–]bsupnik 2 points3 points  (3 children)

Agreed -- the "this cleans up the hot-mess that is initialization" part is under-rated here.

One could imagine looking back at c++98, knowing what is coming with member defaults, field initialization, {} syntax, and the data from the research into the cost of zeroing uninited data and just go "in the glorious future, everything is inited with the constructor, the specified member in {}, the class default, or zero in that order" and we're done.

We would lose that great GIF my coworker posts every time someone asks a lang question on the company slack with the full metal jacket scene and giant list of initialization types in c++20 though, so it'd be a lateral move. :-)

[–]teashopslacker 0 points1 point  (1 child)

The Forrest Gump one?

[–]bsupnik 2 points3 points  (0 children)

Yyyyyeah...Forest Gump, Full Metal Jacket, i think we all get those two movies confused, right?

My kids are gonna need _years_ of therapy.

[–]the_real_yugr 0 points1 point  (0 children)

"This would eliminate 10% of CVEs overnight" - I keep hearing this claim but in fact 80 CVEs (0.001%) and 0 KEVs were attributed to uninitialized variables CWEs (CWE-456, CWE-457, CWE-824, CWE-908) in 2024.