In general, you shouldn't remove the existing test lines; just modify them to not report a diagnostic.

This should still be diagnosed; it doesn't make any sense to apply this to parameters.

cast<VarDecl>(D)->hasInit() seems to always return true here - presumably the error needs to be emitted sometime before this

Can you explain a bit about how this interacts with C++ constructors? Will this object not have its constructor called at startup; or is it that the constructor will be called but the memory simply won't have been zeroed before calling the constructor?

For P1144 relocation (D50114, D61761, etc), Anton Zhilin and I have been discussing the possibility of a similar-sounding attribute that would skip the constructor of a local variable altogether, allowing someone to write e.g.

T relocate(T *source) {
    [[unconstructed]] T result;
    memcpy(result, source, sizeof(T));
    return result;
}

If your attribute does exactly that, then I'm interested. If your attribute doesn't do that, but is occupying real estate that implies that it does, then I'm also interested.

This change is orthogonal I think. No change to object lifetime. Without the attribute, a global is zero initialized and then the constructor is called before main. With it, the global is undef before the constructor call.

A different attribute that suppresses the con(de)structor call entirely is also of interest to me. A freestanding implementation is likely to accept global constructors without warning, and emit code for them, but not actually run them at startup. That's not a great UX.

We try to always add documentation for any new attribute.

I'm not sure I like the new name; it doesn't read right to me. Maybe loader_uninitialized makes the intent clear enough?

Thinking more about it, I agree with you that this is orthogonal to C++ initialization. Users on targets like yours probably ought to be able to disable C++ initialization without having to disable zero-initialization, or vice-versa.

initialised -> initialized

If you don't need any custom semantic checking, you can remove that function and instead call handleSimpleAttribute<LoaderUninitializedAttr>(S, D, AL);

What should happen with redeclarations? e.g., in C:

int a;

int foo() { return a; }

int a __attribute__((loader_uninitialized));

(This would be a useful test case to add.)

Also, I'd like to see a test case where the attributed global is an array.

I'd also like to see a test demonstrating it doesn't accept any arguments.

I think this patch does need some custom semantic checking, I just haven't been able to work out how to implement it. Specifically, the attribute is an initializer, so

int foo __attribute__((loader_uninitialised)) = some_value;

should be a warning, as the = some_value is going to be ignored.

Ah, yes. I was thinking about tentative definitions before changing this test to C++. Fixed the name to be less misleading.

C++ just rejects it. Multiple definitions => error. Added test to sema.

C accepts it in either order. Which I believe it should. Either one is a tentative definition, and the other provides an actual definition (of undef), or the definition (of undef) is followed by a redeclaration.

This leaves the hole that while the following is rightly rejected in C for having multiple definitions:

int a __attr__(...);
int a = 10;

This is erroneously accepted, with the attribute ignored:

int a = 10;
int a __attr__(...);

How about:

The `loader_uninitialized` attribute can be placed on global variables to
indicate that the variable does not need to be zero initialized by the loader.
On most targets, zero-initialization does not incur any additional cost.
For example, most general purpose operating systems deliberately ensure
that all memory is properly initialized in order to avoid leaking privileged
information from the kernel or other programs. However, some targets
do not make this guarantee, and on these targets, avoiding an unnecessary
zero-initialization can have a significant impact on load times and/or code
size.

A declaration with this attribute is a non-tentative definition just as if it
provided an initializer. Variables with this attribute are considered to be
uninitialized in the same sense as a local variable, and the programs must
write to them before reading from them. If the variable's type is a C++ class
type with a non-trivial default constructor, or an array thereof, this attribute
only suppresses the static zero-initialization of the variable, not the dynamic
initialization provided by executing the default constructor.

This should be an error, not a warning, unless there's a specific need to be lenient.

Agreed that this should be an error rather than a warning.

Not 100% certain, but I suspect you'll need to add that checking to Sema::AddInitializerToDecl() because I'm guessing that the initializer has not been processed by the time the attributes are being applied to the variable declaration. You can check VarDecl::hasInit() within handleLoaderUninitializedAttr() to see if that specific declaration has an initializer, but I'm betting that gives you the wrong answer.

This is erroneously accepted, with the attribute ignored:

I think you will probably want to add another case to mergeDeclAttribute() following the similar patterns there so that you can reject when you need to merge declarations that should not be merged.

This test case is identical to line 36 of clang/test/Sema/attr-loader-uninitialized.cpp, where you say you don't want it to compile at all.

I think you need a clearer idea of how this interacts with initializers. Is it merely supposed to eliminate the zero-initialization that happens before the user-specified construction/initialization, or is it supposed to compete with the user-specified construction/initialization?

That is, for

nontrivial unt [[clang::loader_uninitialized]];

is it merely supposed to call unt::unt() on a chunk of undef memory (instead of the usual chunk of zeroed memory), or is it supposed to skip the constructor entirely? And for

int x [[clang::loader_uninitialized]] = foo();

is it merely supposed to call foo() and assign the result to a chunk of undef memory (instead of the usual chunk of zeroed memory), or is it supposed to skip the initialization entirely?

That's a lot better! Thank you. Updated the patch to use your wording verbatim.

Nice, Yes, that's much better - I should have searched for the opencl __local handling. As you suspected, hasInit() just returns true at that point.

I think you commented while the first working piece of sema landed. My thinking is relatively clear but my understanding of clang's semantic analysis is a work in progress!

Initializers (= foo()) are straightforward. Error on the basis that the attribute effectively means = undef, and one should not have two initializers. A test case is now added for that (and now passes).

The codegen I want for a default constructed global marked with this variable is:

• global variable allocated, with undef as the original value
• default constructor call synthesized
• said default constructor set up for invocation from crt, before main, writing over the undef value

Where the default constructor can be optimized as usual, e.g. if it always writes a constant, we can init with that constant instead of the undef and elide the constructor.

I don't have that actually working yet - the constructor call is not being emitted, so we just have the undef global.

I think it's important to distinguish between the values of the bits when the program is loaded and whether constructor/destructors are called, as one could want any combination of the two.

I think Arthur is suggesting that it would be useful to allow the attribute to be used in conjunction with an initializer in C++, since if the initializer has to be run dynamically, we can still meaningfully suppress the static zero-initialization. That is, we've accepted that it's useful to do this when *default-initializing* a global, but it's actually useful when doing *any* kind of dynamic initialization.

Maybe we can leave it as an error in C++ when the initializer is a constant expression. Although that might be unnecessarily brittle if e.g. the constructor is constexpr in one library version but not another.

No, that's exctly what I mean. You seem to be holding two contradictory ideas simultaneously:

[[loader_uninitialized]] X x = X{};  // two initializers, therefore error

[[loader_uninitialized]] X x {}; // one initializer plus one constructor, therefore fine

In C++, these two declarations have identical semantics. It doesn't make sense to say that one of them "calls a constructor" and the other one "has an initializer." They're literally the same thing.

Similarly in both C99 and C++ with plain old ints:

[[loader_uninitialized]] int x = foo();

This means "call foo and dynamically initialize x with the result," just as surely as

[[loader_uninitialized]] X x = X();

means "call X::X and dynamically initialize x with the result." Having one rule for dynamic initializers of primitive types and a separate rule for dynamic initializers of class types doesn't work.

Furthermore, "dynamic initialization" can be promoted to compile-time:

[[loader_uninitialized]] int x = 42;
[[loader_uninitialized]] std::string_view x = "hello world";

It wouldn't make semantic sense to say that one of these has "two initializers" and the other has "one initializer," because both of the initializations end up happening at compile time and getting put into .data.

I'm under the impression that the constructs are:

X x = X{};  // default construct an X and then call the copy constructor at x
X x {}; // default construct an X at the location of x
X x; // default construct an X at the location of x

The C++ initialisation rules are very complicated so I won't be shocked to have got that wrong.

If your toolchain actually runs global constructors then there isn't much use to marking C++ objects with this attribute, unless said constructor does nothing and would thus leave the bytes still undef.

Accepting default constructors (or, perhaps only accepting trivial types?) would allow people to use this attribute with the approximation of C++ available on systems that don't actually run the global constructors.

Equally, if this seems too complicated, I'm happy to restrict this to C as that's still an improvement on the asm and/or linker scripts I have available today.

Similarly in both C99 and C++ with plain old ints:

C does not allow non-constant initialization of global variables.

Let me try to explain what we're thinking here. If the variable provides both an initializer and this attribute, and the compiler can successfully perform constant initialization (as it's required to do in C, and as it often does in C++), then the attribute has probably become meaningless because we're not going to suppress that constant initialization. The compiler strongly prefers to diagnose meaningless attributes in some way, because they often indirectly indicate a bug. For example, maybe the initializer isn't supposed to be there but it's hidden behind a huge mess of macros; or maybe somebody added a constant initializer because they changed the variable schema to make that possible, and so the programmer should now remove the attribute and the dynamic initialization code that went along with it. Compared to that, the C++ use case of "allow a dynamic initializer but suppress static zero-initialization" is pretty marginal; that doesn't mean we absolutely shouldn't support it, but it does suggest that we shouldn't prioritize it over other aspects of the feature, like catching that possible bug.

If your toolchain actually runs global constructors then there isn't much use to marking C++ objects with this attribute, unless said constructor does nothing and would thus leave the bytes still undef.

That's not totally true. C++ still requires globals to be zero-initialized before it runs dynamic initializers, and the dynamic initializer is very likely to make that zero-initialization totally redundant. Arthur is right that there's no inherent reason that that only applies to dynamic *default* initialization, though, as opposed to any non-constant initialization.

I'd prefer to avoid making this C-specific; Clang takes a lot of pride in trying to make feature cross-language as much as possible. We could just make the error about providing both the attribute and an initializer C-specific, though.

Ah, I was wrong when I said "in both C99 and C++" int x = foo(); would be supported. You're right, that's a C++ism. Even C11 doesn't seem to support dynamic initializers, not even for function-local static variables.

I suppose I should also mention that I totally don't understand the domain here. :) To me, the way you avoid storing an explicit initializer in the ELF file is you allocate the variable into .bss instead of .data; and the way you avoid paying for zero-initialization at runtime would be that you allocate the variable into a hand-crafted section instead of .bss (example from Keil docs). In ordinary ELF-land, there's no way to say "I want this variable in .data but not initialized," nor "I want this variable in .bss but not zero-initialized" — the file format literally can't represent those concepts.

Missing a full stop at the end of the sentence. The comment can probably be re-flowed with the preceding sentence too.

Missing full stop.

Should this either be calling VarDecl::hasExternalStorage() or looking at the linkage of the variable, rather than at the storage class written in the source?

I thought err_loader_uninitialized_extern says that the variable cannot have external linkage?

I thought err_loader_uninitialized_extern says that the variable cannot have external linkage?

Interesting question, thank you. SC_Extern is right.

hasExternalStorage is true if extern or private_extern. I hadn't seen private_extern before, but it appears to be a way to model hidden visibility. It accepts a normal initializer, e.g.
__private_extern__ int private_extern_can_be_initialised = 10;
therefore should also work with undef.

Added a test for this (which will fail if SC_Extern is replaced with hasExternalStorage).

Replying to linkage out of line as it comes up on a few inline comments.

Better, thanks. Also discovered clang-format has learned to do sensible things with tablegen so applied it to the new defs.