Example for Initialization Analysis

class Test {
    static void test(int p) {
	int n;
	p = p - 1;
	if (p > 0) {
	    n = 100;
	}
	while (n != 0) {
	    System.out.println(n);
	    n = n - p;
	}
    }
}

What does compiler do with the above program?

laralaptop03:~/t$ javac Test.java 
Test.java:8: variable n might not have been initialized
	while (n > 0) {
               ^
1 error

Corrected program:

class Test {
    static void test(int p) {
	int n;
	p = p - 1;
	if (p > 0) {
	    n = 100;
	}
	else {
	    n = -100;
	}
	while (n != 0) {
	    System.out.println(n);
	    n = n - p;
	}
    }
}

compiles without errors.

We would like variables to be initialized on all execution paths. Otherwise, the program execution could be undesirable affected by the value that was in the variable initially:

junk value that was there in the memory
a value that an attacker purposely put into memory, especially in the presence of
- buffer overlow
- stack buffer overflow
- other cases of unusual language design decisions
  - do not require variables to be declared before use
  - allow URL argument to set initial values of global variables
  - no checking if variable is initialized
  - a typo in variable name leads to attacker being able to set initial values of variables

A tool that checks PHP errors, including initialization: Phantm