[cfe-dev] Thread Safety Analysis: negative capabilities and visibility

[Delesley Hutchins]

> Public mutexes are hopefully not something you find in the wild,

Every variety of mutex can be found in the wild.  :-)

> I wonder how often you'd see extern'ed mutexes in the real world?

Frequently.  One common case is to have a small library that uses a
single global mutex to protect library operations.  The mutex is
declared in a .h file, and then used in several .cpp files.  Since
many libraries do not have separate internal vs. external headers, the
mutex ends up being visible outside of its intended translation units.
This could be fixed by moving the mutex declaration out of the header
file, but that could require a lot of refactoring.

What I'm thinking of doing right now is to write a whole-program
inference pass for the negative capabilities, and run that on our code
base.  The inference results would give me better statistical data on
what common usage patterns actually are.  :-)

  -DeLesley

-- 
DeLesley Hutchins | Software Engineer | delesley at google.com | 505-206-0315