<div dir="ltr"><br><div>This is expected behavior. Returning foo by reference does not involve an actual read from memory; the read doesn't happen until later, when the reference is used. Thus there is no warning in get_foo_reference().</div><div><br></div><div>If thread safety annotations were integrated with the C++ type system, then we could do better. What's actually happening is an implicit type cast from a guarded reference (int GUARDED_BY(...)&) to an unguarded reference (int&), which is kind of like a cast from a const to a non-const pointer. Unfortunately, the attributes are NOT part of the type, so it's difficult to check such "implicit casts" in a comprehensive manner. If you turn on -Wthread-safety-reference, it will catch some cases, but not all. Trying to track implicit casts also involves a lot of false positives (much like const), so Wthread-safety-reference is not on by default.</div><div><br></div><div>Moreover, even with better type information, you could still get false negatives. Assume that the analysis issued a warning if it detected an implicit cast when the lock wasn't held. You could still acquire a lock, grab the reference (no warning), release the lock, and then use the reference to write to the underlying memory.</div><div><br></div><div>In order to fix THAT case, you need to have pointer lifetime analysis and escape analysis (a-la Rust), combined with a type system where the thread-safety attributes are built-in. An implicit cast should return a temporary reference, that cannot escape the scope of the lock()/unlock(). That level of analysis is well beyond the capabilities of the current implementation.</div><div><br></div><div> -DeLesley</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 27, 2016 at 5:36 PM, RJ Ryan via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">+cfe-dev -- in case anyone knows why this happens.<div><br></div><div>Thanks!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Apr 23, 2016 at 1:41 PM, RJ Ryan <span dir="ltr"><<a href="mailto:rryan@alum.mit.edu" target="_blank">rryan@alum.mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi there,<div><br></div><div>The following code only produces thread safety warnings for me in get_foo_copy, not get_foo_reference. Is this expected? Sorry if this is a FAQ / known issue.</div><div><br></div><div><div>$ clang --version</div><div>Apple LLVM version 7.0.2 (clang-700.1.81)</div><div>Target: x86_64-apple-darwin15.3.0</div><div>Thread model: posix</div></div><div><br></div><div>The problem also seems present on clang 3.8.0:</div><div><a href="https://godbolt.org/g/37DqNy" target="_blank">https://godbolt.org/g/37DqNy</a><br></div><div><br></div><div>Best,</div><div>RJ</div><div><br></div><div>(with the usual thread annotation definitions)</div><div><br></div><div><div>class CAPABILITY("mutex") Mutex {</div><div> public:</div><div> Mutex() {}</div><div> inline void lock() ACQUIRE() {}</div><div> inline void unlock() RELEASE() {}</div><div>};</div><div><br></div><div>class Foo {</div><div> public:</div><div> int& get_foo_reference() {</div><div> return foo_;</div><div> }</div><div><br></div><div> int get_foo_copy() {</div><div> return foo_;</div><div> }</div><div><br></div><div> private:</div><div> Mutex foo_lock_;</div><div> int foo_ GUARDED_BY(foo_lock_);</div><div>};</div></div><div><br></div></div>
</blockquote></div><br></div>
<br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">DeLesley Hutchins | Software Engineer | <a href="mailto:delesley@google.com" target="_blank">delesley@google.com</a> | 505-206-0315<br></div>
</div>