[patch/rfc] An opt-in warning for functions whose availability(introduced) is newer than the deployment target

Ted Kremenek kremenek at apple.com
Fri Mar 20 08:10:22 PDT 2015 

Hi Nico,

I'm really sorry, but this is the first time I saw this.  When you first proposed the patch I was away from work for several weeks and wasn't reading email.  I then missed most of this.

I honestly am very concerned about this approach.  The problem is certainly well-motivated, but it feels like a really partial solution to the problem that doesn't provide any real safety.  Looking back at the thread I see you and Doug discussed using dataflow analysis, which really seems like the right approach to me.  Even some basic lexical analysis to check if a guard existed before use probably would have provided some reasonable checking, and I disagree with Doug that the dataflow approach was "a heck of a lot more work".

The thing I don't like about this approach is that as soon as you provide the redeclaration you lose all checking for uses of a method.  Here are my concerns:

(1) You get a warning once for a method that is newer than your minimum deployment target regardless of whether or not you are using it safely.

(2) You silence that warning by adding the redeclaration.  Then all future uses of that method that you introduce won't get a warning.

I don't see how this provides any real checking at all.  Even if the first warning was valid in identify and unguarded case, you get no help from the compiler if you add the guard and do it incorrectly.

My concern here is not that this problem isn't important to solve.  It's a very big problem.  I am concerned that this approach causes users to clutter their code with redeclarations and it provides them no much safety checking at all.  I know part of this was motivated by real issues you were seeing in Chrome, a large codebase that needs to run on multiple OS versions.  Do you think this will be a practical, and useful approach, to solving that problem in practice on a codebase of that size?

I'm very sorry to wade into this so late.

Ted

> On Mar 19, 2015, at 12:23 PM, Nico Weber <thakis at chromium.org> wrote:
> 
> r232750, thanks!
> 
> On Tue, Mar 17, 2015 at 9:44 AM, Douglas Gregor <dgregor at apple.com <mailto:dgregor at apple.com>> wrote:
> 
>> On Mar 2, 2015, at 2:25 PM, Nico Weber <thakis at chromium.org <mailto:thakis at chromium.org>> wrote:
>> 
>> One more tweak: Apparently for `@interface A @end @class A;`, a lookup for A finds the @interface decl, not the @class redecl.
> 
> Yeah, I think this is a longstanding hack from when we starting tracking redeclaration chains for Objective-C class declarations (and @class started being an ObjCInterfaceDecl). We (ahem, I) didn’t hunt down all of the places where we were expecting name lookup to return the definition.
> 
>> So for ObjCInterfaceDecls, the explicit loop is necessary – this patch adds it back for that case. With this change, I can build most of chrome with this warning enabled (and some declaration tweaks in chrome). (Only "most of" because the build is still running – no known bugs).
> 
> Okay. Everything else LGTM, I say “go for it!”.
> 
> 	- Doug
> 
>> On Sun, Mar 1, 2015 at 7:52 PM, Nico Weber <thakis at chromium.org <mailto:thakis at chromium.org>> wrote:
>> On Mon, Feb 2, 2015 at 10:26 PM, Douglas Gregor <dgregor at apple.com <mailto:dgregor at apple.com>> wrote:
>> Hi Nico,
>> 
>>> On Jan 8, 2015, at 6:14 PM, Nico Weber <thakis at chromium.org <mailto:thakis at chromium.org>> wrote:
>>> 
>>> Hi,
>>> 
>>> the Mac OS X and iOS SDKs add new functions in new releases. Apple recommends using the newest SDK and setting the deployment target to whatever old OS version one wants to support, and only calling new functions after checking that they are available at runtime.
>>> 
>>> In practice, we (Chromium) get this wrong. Others who support old OS X versions get this wrong too. Hence, we (Chromium) use a very old SDK and then manually declare new functions when we want to call them – this reduces the chance of us forgetting if they are available at runtime considerably, in practice. But using an old SDK has its problems – sometimes the frameworks check which SDK an app was linked against and only then activate bug fixes, and newer Xcodes don't ship include old SDKs.
>> 
>> That’s an interesting approach to handling the availability problem; I hadn’t heard of it before, but I see the logic there.
>> 
>>> Ideally, we could use a new SDK but get a warning when we use a new API without a manual redeclaration – this protects us against new APIs the same way using an old SDK does without the drawbacks that this brings.
>>> 
>>> The attached patch is a sketch how such a warning might work. How repulsive is this idea? Are there other approaches to this problem? If the basic idea is ok:
>> 
>> This is a drastically different approach than I’d imagined. Whenever I’ve thought about this problem, I’ve always come back to some form of dataflow analysis that checks whether uses of “not-yet-introduced” API is used in a sane way: is it dominated by some check that implies the availability, e.g., a -respondsToSelector: check on a method with at least that availability, or checking whether “[NSFoo class]” is non-null when the class has availability. I suspect that’s the idea behind Deploymate (http://www.deploymateapp.com <http://www.deploymateapp.com/>), although I’ve never used it, and it has the benefit that it should make idiomatic code (that does the right checking) just work.
>> 
>> It’s also a heck of a lot more work to implement than the approach you’re using.
>> 
>> Right :-)
>>  
>> 
>>> Any comments on the implementation?
>> 
>> The implementation generally looks fine. One minor comment:
>> 
>> +    case AR_NotYetIntroduced: {
>> +      // don't do this for enums, they can't be redeclared.
>> +      if (isa<EnumConstantDecl>(D) || isa<EnumDecl>(D))
>> +        break;
>> +      bool FoundRedecl = false;
>> +      for (Decl *Redecl = D->getMostRecentDecl(); Redecl && !FoundRedecl;
>> +           Redecl = Redecl->getPreviousDecl()) {
>> +        if (Redecl->getAttr<AvailabilityAttr>()->isInherited())
>> +          FoundRedecl = true;
>> +      }
>> +      if (!FoundRedecl)
>> +        S.EmitAvailabilityWarning(Sema::AD_Partial, D, Message, Loc,
>> +                                  UnknownObjCClass, ObjCPDecl,
>> +                                  ObjCPropertyAccess);
>> +      break;
>> +    }
>> 
>> Generally speaking, name lookup will always find the most recent declaration, so you might be able to skip the D->getMostRecentDecl() bit entirely and just check that the availability attribute was inherited.
>> 
>> That worked, done.
>> 
>> I also had to add some explicit code for handling redeclarations in @interfaces, as these aren't modeled as redeclarations in the AST. I also added the property note used in the other availability warnings, and I added lots of tests.
>> 
>> <clang-redecl.diff>
> 
> 
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150320/02f0db09/attachment.html>

More information about the cfe-commits mailing list