[openssl-users] Warnings Compiling openssl 1.0.2d

Jeffrey Walton noloader at gmail.com
Wed Jul 22 11:14:50 UTC 2015

On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 22/07/2015 01:21, Jeffrey Walton wrote:
> For the stragglers, I don't think its a stretch to ask C99 in 2015.
> Visual Studio is often used on Windows, and it is not C99.
> Oh my, I was not aware it was still struggling for C99 :) I guess
> Microsoft is still putting their energies into the "one-size, tablet
> interface known as Windows 8, fits all, even on desktops without a
> touchscreen".
> On the good side, MSVC does not need to be 100% compliant. It just
> needs to support initialization at time of declaration. That
> particular feature works.
> Isn't that a C89 (or maybe even K&R) feature?

I thought that was C99. I think Ben Laurie even corrected me with some
OpenSSL sample code because I initialized a variable without using

> There is another problem though: Blindly initializing
> every variable with dummy values (because the correct
> value comes from one or more if() branches), only
> achieves two things, both bad:
> - It hides correct warnings in case one of those if()
>  branches forgets to set the variable, before it is
>  read.
> - It potentially confuses less-than-halting-problem-
>  solving optimizers to needlessly generate code that
>  allocates and initializes the variable because they
>  cannot detect (within their compile time resource
>  limits) that the dummy value is (hopefully) never
>  used.
> The second problem is almost guaranteed to happen on
> any compiler/option combination that would otherwise
> falsely warn about the variable being maybe-
> uninitialized.  This is because most compilers
> generate that warning as a side effect of the
> optimizer trying to figure out if the garbage or
> dummy value will be used by the code.
What, exactly is the problem? The program is in a known state. As far
as I know, that's the best state to be in.

And that's why managed languages like Java and .Net are so popular.
When a variable is declared, it gets placed in a known state
immediately. It relieves the programmer of remembering pesky details
like, "remember to initialize your variables to a known state".


More information about the openssl-users mailing list