Checked Uninitialized Memory

Like C, all stack variables in Rust are uninitialized until a value isexplicitly assigned to them. Unlike C, Rust statically prevents you from everreading them until you do:

  1. fn main() {
  2.     let x: i32;
  3.     println!("{}", x);
  4. }
  1.   |
  2. 3 |     println!("{}", x);
  3.   |                    ^ use of possibly uninitialized `x`

This is based off of a basic branch analysis: every branch must assign a valueto x before it is first used. Interestingly, Rust doesn’t require the variableto be mutable to perform a delayed initialization if every branch assignsexactly once. However the analysis does not take advantage of constant analysisor anything like that. So this compiles:

  1. fn main() {
  2.     let x: i32;
  4.     if true {
  5.         x = 1;
  6.     } else {
  7.         x = 2;
  8.     }
  10.     println!("{}", x);
  11. }

but this doesn’t:

  1. fn main() {
  2.     let x: i32;
  3.     if true {
  4.         x = 1;
  5.     }
  6.     println!("{}", x);
  7. }
  1.   |
  2. 6 |     println!("{}", x);
  3.   |                    ^ use of possibly uninitialized `x`

while this does:

  1. fn main() {
  2.     let x: i32;
  3.     if true {
  4.         x = 1;
  5.         println!("{}", x);
  6.     }
  7.     // Don't care that there are branches where it's not initialized
  8.     // since we don't use the value in those branches
  9. }

Of course, while the analysis doesn’t consider actual values, it doeshave a relatively sophisticated understanding of dependencies and controlflow. For instance, this works:

  1. let x: i32;
  3. loop {
  4.     // Rust doesn't understand that this branch will be taken unconditionally,
  5.     // because it relies on actual values.
  6.     if true {
  7.         // But it does understand that it will only be taken once because
  8.         // we unconditionally break out of it. Therefore `x` doesn't
  9.         // need to be marked as mutable.
  10.         x = 0;
  11.         break;
  12.     }
  13. }
  14. // It also knows that it's impossible to get here without reaching the break.
  15. // And therefore that `x` must be initialized here!
  16. println!("{}", x);

If a value is moved out of a variable, that variable becomes logicallyuninitialized if the type of the value isn’t Copy. That is:

  1. fn main() {
  2.     let x = 0;
  3.     let y = Box::new(0);
  4.     let z1 = x; // x is still valid because i32 is Copy
  5.     let z2 = y; // y is now logically uninitialized because Box isn't Copy
  6. }

However reassigning y in this example would require y to be marked asmutable, as a Safe Rust program could observe that the value of y changed:

  1. fn main() {
  2.     let mut y = Box::new(0);
  3.     let z = y; // y is now logically uninitialized because Box isn't Copy
  4.     y = Box::new(1); // reinitialize y
  5. }

Otherwise it’s like y is a brand new variable.