Interprocedural Memory Initialization

We currently have limited support for functions that initialize parameters. if you have an *@notnulll1 parameter (pointing into any region), you can use an attribute __attribute__((initializes(1))) (where it’s the first parameter, use a different number otherwise) to indicate that the function initializes through the parameter.

Obviously, this affects the definite-assignment analysis for the callee and the call-site. In the callee, we know the parameter is initialized, but not what it points to. The memory pointed to must be initialized before returning. Care must be taken to reject this code:

void f(int *@notnull*@notnull x) __attribute__((initializes(1))) { 
  x = new (new 0); 
  return x; 

In the caller, the actual argument must point to a known location. Furthermore, this location must not be reachable from any other actual arguments, i.e., there must be no aliases available to the callee.

Two common idioms not yet supported are:

  1. The parameter is initialized only if the return value satisfies some predicate; for example, it is 0.
  2. The caller can pass NULL, meaning do not initialize through this parameter.