Planeta again

[Capital-Asterisk]

Major terrain-related changes:

• Add session to upload terrain mesh to GPU
• Add temporary 'heightmap' function to terrain. (two cosine waves added together)
• Increase number of terrain skeleton subdivision level from 10 to 24
• Rejiggle terrain test scenario(s): Earth-sized planet for terrain scenario, and tiny planet for terrain_small scenario
• A bunch of internal changes to planeta that are difficult to explain, to make the stuff above actually work.

Non-terrain-related changes:

• Add src/osp/core/buffer_format.h, based on and improved from the "StrideDesc" nonsense from src/osp/universe/universe.h

[Capital-Asterisk]

Empty braces like this will zero-initialize (initialize to zero) to prevent an uninitialized value.

I don't have this in guidelines.md, but I'd intend that empty braces means "don't care what this value is, but don't keep it uninitialized," whereas {0} would imply that the zero is important.

[jonesmz]

Kind of a philosophical question here, but is there any actual difference between "Don't care what the value is, but don't leave it uninitialized" and "don't initialize" ?

Using empty-brace initialization for variables where you don't care what the resulting value is means that automated tools like clang-tidy / msvc-analyzer can't identify "read-from-uninitialized" bugs in the code, which i think is a big risk.

[jonesmz]

Note that I have no problem with the variables here being initialized to zero if that's what's intended. But "initialize them, but i don't care to what" is, in my opinion, worse than 'don't initialize'.

[jonesmz]

And, of course, this whole concept only applies to primative types. Class types / types with constructors implicitly manage their initial state.

[Capital-Asterisk]

Kind of a philosophical question here, but is there any actual difference between "Don't care what the value is, but don't leave it uninitialized" and "don't initialize" ?

If I look at code that looks like this:

int value;
do_something(value);

value is uninitialized and there may be weird inconsistent errors when it's used wrong. static analysis may also scream at it. However, the intention is clear that the initial value of value is dont-care.

If I instead do...

int value = 0;
do_something(value);

there's no risk of using uninitialized values, but the zero looks significant, as if it was a start of a count for example.

Instead using...

int value{};
do_something(value);

value would be zero-initialized, there's no risk of any weird inconsistent errors. The intention is default or don't-care, nothing is explicitly specified.

Using empty-brace initialization for variables where you don't care what the resulting value is means that automated tools like clang-tidy / msvc-analyzer can't identify "read-from-uninitialized" bugs in the code, which i think is a big risk.

Are you implying that uninitialized values can help find logic errors?

I believe we should avoid uninitialized values whenever possible. Using uninitialized memory as part of regular calculation logic something I'd mostly consider a bad idea nowadays.

PREfast also tends to scream at every uninitialized value.

[Capital-Asterisk]

I don't remember where I originally learned this from. I did find this recent similar discussion through google search results: https://www.reddit.com/r/cpp/comments/1dm2y2t/is_empty_brace_initialization_considered_best/

Since I'm noticing I'm throwing around the term "don't care" quite a bit, I would note that this is a term from digital logic; I'm not sure if it's used in other parts of computing.

[jonesmz]

Are you implying that uninitialized values can help find logic errors?

Not quite.

I'm saying that from the perspective of a static analyzer

int bob;

and

int alice{};

are very different looking.

If the programmer doesn't care about the value, then the programmer doesn't want the value to be read from until something is put there. A static analyzer (e.g. PREfast) can detect this kind of problem with bob, but alice looks initialized.

My advice is that empty brace initialization for primitive types is a bad idea exactly because of this, and explicitly setting a value is better.

I'd be interested to see an example where PREfast was saying "read from uninitialized!" when that wasn't happening. I suppose it could happen with non-const reference args to functions in other translation units, but that seems like a bug in PREfast that it isn't going and looking at the other translation unit.

[Capital-Asterisk]

Are you implying that uninitialized values can help find logic errors?

Not quite.

The further explanation makes this a yes? In your explanation, bob is kept uninitialized to use it to help find a potential logic error.

So from your point of view, would this example also be unacceptable?

int value = 0; // This can be anything, will be overwritten immediately
do_something(value);

Since this is more about using uninitialized memory (less about zero-initialization), we're not the first to have this discussion:

https://softwareengineering.stackexchange.com/questions/305886/doesnt-always-initialize-variables-lead-to-important-bugs-being-hidden

I'm mostly on the side of just disallowing uninitialized memory. Undefined behaviour that does stuff like being different between debug vs release is far harder to debug IMO, compared to accidentally reading a zero.

Clang-tidy does have an option for this: cppcoreguidelines-init-variables

I'd be interested to see an example where PREfast was saying "read from uninitialized!" when that wasn't happening....

This alert is from this PR:

https://github.com/TheOpenSpaceProgram/osp-magnum/security/code-scanning/333

It doesn't even care about whether the variable is being read or not. It just doesn't like uninitialized members.

[jonesmz]

Since this class is only supposed to be used with ArrayView or StridedArrayView, you might want to consider adding template specializations for only those two, and leaving the "default" template declaration of the struct undefined.

The lazy way of just leaving it like this is also fine, of course.

[jonesmz]

Or a requires clause.

either way.

[Capital-Asterisk]

I guess you mean a concept for array views?

I'll be lazy on this as there's already a short comment explaining what this type is, and it's a little too simple.

[jonesmz]

empty-brace-init instead of = 0 ?

[Capital-Asterisk]

I think I mentioned this in another review comment: my intention for an empty brace is "don't care what this value is, just not uninitialized." A zero explicitly indicates that the value is important to some business logic somewhere.

[Capital-Asterisk]

oh, it's this one: https://github.com/TheOpenSpaceProgram/osp-magnum/pull/293/files#r1642043900

[jonesmz]

why switch to double?

[Capital-Asterisk]

The previous implementation here just doesn't work for the Earth-sized distances. I'd rather keep it simple and not write something ultra-optimized here.

[jonesmz]

Personally i don't find switching from assignment initialization to braced initialization easier to read.

Are you doing this to force an error if the type of the result of absdelta is not the same as the type of the variable?

[Capital-Asterisk]

I agree. Not particularly a sane move to do this on my end. Curly braces will enforce the type; however, these are those error-prone round braces that have a silly chance of being interpreted as a function declaration. I'm intentionally implicit-casting int64 from absdelta to a double.

[jonesmz]

You could check and see if the codegen is better or worse when using https://en.cppreference.com/w/cpp/numeric/math/hypot here.

[jonesmz]

I could def see an argument that using the sum of squares is faster than doing a square root, so i have no concerns about this code. Just pointing out that there's a special function for a different way to slice this.

[jonesmz]

unsigned char, specifically?

not std::byte, or just char?

[jonesmz]

could you document where the initial values of this are from? Is it icosahedron_tables.py ?

[Capital-Asterisk]

There's already comment; it's just not visible on the diff.

[jonesmz]

double brace init here? that seems like maybe a typo?

[Capital-Asterisk]

I don't remember the exact details, but this is required for some of the other tables in this file for arrays of structs. This is harmless afaik