Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758073AbcCCPEz (ORCPT <rfc822;w@1wt.eu>);
	Thu, 3 Mar 2016 10:04:55 -0500
Received: from mail-wm0-f68.google.com ([74.125.82.68]:33763 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751420AbcCCPEw (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 3 Mar 2016 10:04:52 -0500
Date: Thu, 3 Mar 2016 16:04:48 +0100
From: Ingo Molnar <mingo@kernel.org>
To: Jakub Jelinek <jakub@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Colin King <colin.king@canonical.com>, Ingo Molnar <mingo@redhat.com>,
        linux-kernel@vger.kernel.org, Richard Henderson <rth@twiddle.net>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andrew Morton <akpm@linux-foundation.org>
Subject: Re: Q: why didn't GCC warn about this uninitialized variable? (was:
 Re: [PATCH] perf tests: initialize sa.sa_flags)
Message-ID: <20160303150448.GA11594@gmail.com>
References: <20160302125901.GF6356@twins.programming.kicks-ass.net>
 <20160302130350.GO3604@kernel.org>
 <20160302132127.GG6356@twins.programming.kicks-ass.net>
 <20160302132323.GP3604@kernel.org>
 <20160303121944.GB2484@gmail.com>
 <20160303125542.GD3017@tucnak.redhat.com>
 <20160303132433.GA9460@gmail.com>
 <20160303134716.GA9860@gmail.com>
 <20160303141907.GG3017@tucnak.redhat.com>
 <20160303145322.GB11181@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160303145322.GB11181@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1002
Lines: 26


* Ingo Molnar <mingo@kernel.org> wrote:

> Yes, -Ow would be very useful, if it can 'guarantee' that no false negatives slip 
> through:
> [...]

> This way no undeterministic, random, uninitialized (and worst-case: attacker 
> controlled) values can ever enter the program flow (from the stack) [...]

Note that mainstream Linux distro kernels already enable various options that 
cause noticeable runtime overhead: such as stackprotector, or -pg.

So if GCC could simply warn about _all_ uninitialized variables that it cannot 
prove are initialized before use, and implicitly initialize them to 0 in that 
case, that would be really valuable. (Combined with a function argument attribute 
mechanism that tells the compiler that an object pointed to by a pointer gets 
fully initialized by the function.)

The runtime overhead can be eliminated by addressing the warnings. If no warnings 
are emitted then the generated code should be equivalent to regularly optimized 
code, right?

Thanks,

	Ingo