[tz] proposed changes for Win32 and a improved mktime() algorithm

Guy Harris guy at alum.mit.edu
Thu May 11 08:33:39 UTC 2017 

On May 11, 2017, at 12:26 AM, Kees Dekker <Kees.Dekker at infor.com> wrote:

>> On Wed, 10 May 2017, Kees Dekker wrote:
>>> 2. Adding int value = 0 (or any initializing value what is wanted) does not reduce the readability of the code. If it does, I canʼt imagine how.
> 
>> Killing warnings this way - kills warnings from all compilers, good and 
>> bad.  Warnings are meant to expose problems in code, and if they are 
>> killed, bugs introduced later might not be detected.  In code that will be 
>> maintained for thousands of years (I hope) this counts.
> 
> It is a good practice to write code like:
> 
> int f ()
> {
> 	// error return at default
> 	int ret = -1;
> 	if (all-ok) {
> 		// success
> 		ret = 0;
> 	}
> 	return ret;
> }

It is not necessarily a good practice to write code such as

	int foo = 0;

		...

	switch (bar) {

	case ORIGINAL:

			...

		foo = original_foo(...);
		break;

	case NEW:

			...

		foo = new_foo(...);
		break;
	}

If the code is later modified to have a case "NEWER", and that case doesn't do

		foo = newer_foo(...);

then, with a compiler that does good enough data flow analysis to detect foo not being set, then, if foo *weren't* initialized at the beginning of the function, the compiler would catch that; the initialization prevents that.

This is, BTW, not a hypothetical example, although, for some reason, my compiler (clang Apple LLVM version 8.1.0 (clang-802.0.42)) didn't seem to catch that; somebody else's compiler (probably some version of GCC) *did* catch that.  Their fix was to initialize the variable in its declaration; my fix, after checking the code, was to add code to set it in the case that was missing it, and then adding a default case that set the variable (the variable switched on came from a file, and it *should* have only one of a limited number of values, but nothing other than the code writing the file would prevent it having another value, which the code should *somehow* handle).

So it's a tradeoff between "compiler with weaker data flow analysis won't catch the use of an uninitialized variable if you *don't* do a forcible initialization" and "compiler with better data flow analysis won't catch the failure to set the variable if you *do* a forcible initialization".

(And I need to figure out how to beat clang into doing the right data flow analysis here - I won't settle for "see, your compiler sux0rs, you need to initialize the variable".)

More information about the tz mailing list