<div dir="ltr"><br><div>The annotations are already implemented. :-) You are free to experiment with your own version of unique_ptr that does not allow dereference after consume. See warn-consumed-analysis.cpp for examples. </div><div><br></div><div> -DeLesley</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 7, 2014 at 5:51 PM, Seth Fowler <span dir="ltr"><<a href="mailto:mark.seth.fowler@gmail.com" target="_blank">mark.seth.fowler@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Oct 7, 2014, at 8:49 AM, Delesley Hutchins <<a href="mailto:delesley@google.com">delesley@google.com</a>> wrote:<br>
<br>
> For a strict analysis, you can say "warn whenever a unique_ptr is dereferenced in any state other than unconsumed." A less strict version might say "only warn on dereference if it's in the consumed state." The less strict version will have a higher false negative rate, but a much lower false positive rate, especially for a widely-used type like unique_ptr.<br>
<br>
</span>These warnings seem like clear wins, and I’d definitely find them useful!<br>
<span class=""><br>
> That's where things get tricky, because the C++ standard says that std::move must leave the object in a valid state. Some people rely on that behavior in their code, and routinely use null unique_ptrs, whereas some other people don't. So for a widely-used type, it's difficult to come up with a set of annotations that works for everyone. It's much easier if you're willing to create a strict_unique_ptr class (or something similar), that absolutely does not allow use-after-move.<br>
<br>
</span>A new class where everyone agrees on the allowed use-after-move behavior would be ideal, definitely. If we had annotations that people could use to mark their own custom classes as forbidding use-after-move, that would be enough to let people experiment with this in their own codebases, and if this approach got popular enough I imagine you’d find a class similar to strict_unique_ptr appearing in Boost or some other popular library soon enough.<br>
<br>
So it sounds to me like so far, a refined proposal might have involve adding:<br>
<br>
(1) Warnings about dereferencing a unique_ptr in any state other than unconsumed. (Or maybe the less strict version above, if this version has too high a false-positive rate.)<br>
(2) A class annotation that tells the compiler to warn if objects of that class are touched at all in any state other than unconsumed.<br>
<br>
Can we generalize (1) to an annotation that might be more broadly applicable? A straw-man annotation version of might be:<br>
<br>
“(1) A class annotation that tells the compiler to warn if operator*, operator->, or operator[] is invoked on objects of that class in any state other than unconsumed.”<br>
<br>
This seems applicable to e.g. shared_ptr as well.<br>
<br>
I’d hope that the annotation version of (1) would be uncontroversial enough that it could be applied by default to smart pointer types in libc++. I’m not sure whether there are any types in the standard library that could get (2) by default without inconveniencing some users, but it doesn’t seem out of the question; std::unique_lock seems like a candidate.<br>
<br>
Do these annotations sound like reasonable things to implement?<br>
<span class="HOEnZb"><font color="#888888"><br>
- Seth</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>DeLesley Hutchins | Software Engineer | <a href="mailto:delesley@google.com" target="_blank">delesley@google.com</a> | 505-206-0315<br>
</div>