Why do local variables require initialization, but fields do not?

by

Yuval and David’s answers are basically correct; summing up:

  • Use of an unassigned local variable is a likely bug, and this can be detected by the compiler at low cost.
  • Use of an unassigned field or array element is less likely a bug, and it is harder to detect the condition in the compiler. Therefore the compiler makes no attempt to detect the use of an uninitialized variable for fields, and instead relies upon the initialization to the default value in order to make the program behavior deterministic.

A commenter to David’s answer asks why it is impossible to detect the use of an unassigned field via static analysis; this is the point I want to expand upon in this answer.

First off, for any variable, local or otherwise, it is in practice impossible to determine exactly whether a variable is assigned or unassigned. Consider:

bool x;
if (M()) x = true;
Console.WriteLine(x);

The question “is x assigned?” is equivalent to “does M() return true?” Now, suppose M() returns true if Fermat’s Last Theorem is true for all integers less than eleventy gajillion, and false otherwise. In order to determine whether x is definitely assigned, the compiler must essentially produce a proof of Fermat’s Last Theorem. The compiler is not that smart.

So what the compiler does instead for locals is implements an algorithm which is fast, and overestimates when a local is not definitely assigned. That is, it has some false positives, where it says “I can’t prove that this local is assigned” even though you and I know it is. For example:

bool x;
if (N() * 0 == 0) x = true;
Console.WriteLine(x);

Suppose N() returns an integer. You and I know that N() * 0 will be 0, but the compiler does not know that. (Note: the C# 2.0 compiler did know that, but I removed that optimization, as the specification does not say that the compiler knows that.)

All right, so what do we know so far? It is impractical for locals to get an exact answer, but we can overestimate not-assigned-ness cheaply and get a pretty good result that errs on the side of “make you fix your unclear program”. That’s good. Why not do the same thing for fields? That is, make a definite assignment checker that overestimates cheaply?

Well, how many ways are there for a local to be initialized? It can be assigned within the text of the method. It can be assigned within a lambda in the text of the method; that lambda might never be invoked, so those assignments are not relevant. Or it can be passed as “out” to anothe method, at which point we can assume it is assigned when the method returns normally. Those are very clear points at which the local is assigned, and they are right there in the same method that the local is declared. Determining definite assignment for locals requires only local analysis. Methods tend to be short — far less than a million lines of code in a method — and so analyzing the entire method is quite quick.

Now what about fields? Fields can be initialized in a constructor of course. Or a field initializer. Or the constructor can call an instance method that initializes the fields. Or the constructor can call a virtual method that initailizes the fields. Or the constructor can call a method in another class, which might be in a library, that initializes the fields. Static fields can be initialized in static constructors. Static fields can be initialized by other static constructors.

Essentially the initializer for a field could be anywhere in the entire program, including inside virtual methods that will be declared in libraries that haven’t been written yet:

// Library written by BarCorp
public abstract class Bar
{
    // Derived class is responsible for initializing x.
    protected int x;
    protected abstract void InitializeX(); 
    public void M() 
    { 
       InitializeX();
       Console.WriteLine(x); 
    }
}

Is it an error to compile this library? If yes, how is BarCorp supposed to fix the bug? By assigning a default value to x? But that’s what the compiler does already.

Suppose this library is legal. If FooCorp writes

public class Foo : Bar
{
    protected override void InitializeX() { } 
}

is that an error? How is the compiler supposed to figure that out? The only way is to do a whole program analysis that tracks the initialization static of every field on every possible path through the program, including paths that involve choice of virtual methods at runtime. This problem can be arbitrarily hard; it can involve simulated execution of millions of control paths. Analyzing local control flows takes microseconds and depends on the size of the method. Analyzing global control flows can take hours because it depends on the complexity of every method in the program and all the libraries.

So why not do a cheaper analysis that doesn’t have to analyze the whole program, and just overestimates even more severely? Well, propose an algorithm that works that doesn’t make it too hard to write a correct program that actually compiles, and the design team can consider it. I don’t know of any such algorithm.

Now, the commenter suggests “require that a constructor initialize all fields”. That’s not a bad idea. In fact, it is such a not-bad idea that C# already has that feature for structs. A struct constructor is required to definitely-assign all fields by the time the ctor returns normally; the default constructor initializes all the fields to their default values.

What about classes? Well, how do you know that a constructor has initialized a field? The ctor could call a virtual method to initialize the fields, and now we are back in the same position we were in before. Structs don’t have derived classes; classes might. Is a library containing an abstract class required to contain a constructor that initializes all its fields? How does the abstract class know what values the fields should be initialized to?

John suggests simply prohibiting calling methods in a ctor before the fields are initialized. So, summing up, our options are:

  • Make common, safe, frequently used programming idioms illegal.
  • Do an expensive whole-program analysis that makes the compilation take hours in order to look for bugs that probably aren’t there.
  • Rely upon automatic initialization to default values.

The design team chose the third option.

More Related Contents:

  1. Why is Multiple Inheritance not allowed in Java or C#?
  2. Why are C# 3.0 object initializer constructor parentheses optional?
  3. Why can’t I have abstract static methods in C#?
  4. What does void mean in C, C++, and C#?
  5. Why aren’t C# static class extension methods supported?
  6. Why is The Iteration Variable in a C# foreach statement read-only?
  7. Why are private fields private to the type, not the instance?
  8. Why isn’t Array a generic type?
  9. Why C# won’t allow field initializer with non-static fields?
  10. Why must we define both == and != in C#?
  11. Why aren’t variables declared in “try” in scope in “catch” or “finally”?
  12. Why does C# disallow readonly local variables? [closed]
  13. Case Statement Block Level Declaration Space in C#
  14. Why are const parameters not allowed in C#?
  15. Performance of “direct” virtual call vs. interface call in C#
  16. Why is adding null to a string legal?
  17. C# static member “inheritance” – why does this exist at all?
  18. Why can’t we define a variable inside an if statement?
  19. I don’t understand why we need the ‘new’ keyword
  20. Why must C# operator overloads be static?
  21. Why value-types are stored onto Stacks?
  22. How to implement a pipeline?
  23. Send values from one form to another form
  24. Create a strongly typed c# object from json object with ID as the name
  25. Nested using statements in C#
  26. Saving/loading data in Unity
  27. Convert an image (selected by path) to base64 string
  28. Load a .DLL file and access methods from class within?
  29. Find out battery charge capacity in percentage using C# or .NET
  30. How should I access a computed column in Entity Framework Code First?

Leave a Comment