[cfe-dev] Who is working on/has worked on Capability analysis (-Wthread-safety)?
Aaron Puchert via cfe-dev
cfe-dev at lists.llvm.org
Sun Oct 31 12:36:00 PDT 2021
Thanks for letting me know. (I barely follow the list.)
>> On Sat, Oct 30, 2021 at 9:28 PM Randell Jesup via cfe-dev <cfe-dev at lists.llvm.org> wrote:
>>> One way to possibly handle the reader/writer vs readers case (where reads on the writing thread don't need to lock) would be to be able to say "guarded by this or that", in this case something like GUARDED_BY(mMutex, MainThread) (GUARDED_BY(mMutex || MainThread) ??).
There has been some work on logical expressions in capability attributes
in https://reviews.llvm.org/rG7c192b452fa2b3c63ed547e0ff88a5e62765b59f,
but I believe it's not functional yet. I thought about the semantics of
this a bit, but don't have a good understanding yet.
If you want accesses to a resource to be protected, it's in general not
sufficient to have one of a set of capabilities. There can only be one.
What happens in this scenario is that there is a certain period of time
where the resource is exclusive to the main thread, and another where
it's only accessible via mutex (even if the main thread were to access
it). So maybe logical expressions aren't the right way to understand
this situation, but rather there should be different types, one that has
GUARDED_BY(MainThread) and another that has GUARDED_BY(mMutex), and at
some point we convert between them. In some sense the protection regime
changes throughout the lifetime, and for static analysis that means we
need a new (static) type.
Aaron
More information about the cfe-dev
mailing list