Merge pull request #6693 from qlyoung/doc-value-initialization-practices

Document value initialization practices
2025-08-07 17:18:56 +00:00 · 2020-07-08 11:04:14 +03:00 · 2020-07-08 11:04:14 +03:00 · c4c3330652
commit c4c3330652
parent c501155c38 431dd37e6f
8 changed files with 33 additions and 9 deletions
--- a/doc/developer/workflow.rst
+++ b/doc/developer/workflow.rst
@ -573,6 +573,30 @@ following requirements have achieved consensus:
  constant in these cases.  (Rationale:  changing a buffer to another size
  constant may leave the write operations on a now-incorrect size limit.)

+- For stack allocated structs and arrays that should be zero initialized,
+  prefer initializer expressions over ``memset()`` wherever possible. This
+  helps prevent ``memset()`` calls being missed in branches, and eliminates the
+  error class of an incorrect ``size`` argument to ``memset()``.
+
+  For example, instead of:
+
+  .. code-block:: c
+
+     struct foo mystruct;
+     ...
+     memset(&mystruct, 0x00, sizeof(struct foo));
+
+  Prefer:
+
+  .. code-block:: c
+
+     struct foo mystruct = {};
+
+- Do not zero initialize stack allocated values that must be initialized with a
+  nonzero value in order to be used. This way the compiler and memory checking
+  tools can catch uninitialized value use that would otherwise be suppressed by
+  the (incorrect) zero initialization.
+
 Other than these specific rules, coding practices from the Linux kernel as
 well as CERT or MISRA C guidelines may provide useful input on safe C code.
 However, these rules are not applied as-is;  some of them expressly collide