Warning: shared mutable data

Warning: shared mutable data

[Helmut Zeisel]

Recently I read about Value-Oriented Programming
( https://accu.org/journals/overload/31/173/teodorescu/ )
There it is pointed out that sharing mutable data. i. e., code like

my_push_back(vec, vec[0]);

can lead to subtle errors. Of course GCC cannot change C++ to a language like Val that forbids such code.
From my understanding, however, sharing of mutable data can be detected by the compiler on caller side
(looking at the prototype of the function - are all shared arguments const or is there some mutable argument?)
and it might be possible to add a warning "shared mutable data".

How difficult is it to implement such a warning?

If we have such a warning, it will be possible to get some information

.) How often such code occurs in real programs?
.) Is it difficult to fix such code (e.g. by making a copy of the data before passing it to the function)
.) Is it possible to find all such possbible errors when the complete program is compiled with this warning enabled?

Even if it were not possible to detect all cases, also detecting some cases might prevent some bugs.

What do you think about adding a warning "shared mutable data" to GCC?

Helmut Zeisel

Re: Warning: shared mutable data

[Jonathan Wakely]

[-- Attachment #1: Type: text/plain, Size: 1468 bytes --]

On Fri, 17 Feb 2023, 13:15 Helmut Zeisel via Gcc, <gcc@gcc.gnu.org> wrote:

> Recently I read about Value-Oriented Programming
> ( https://accu.org/journals/overload/31/173/teodorescu/ )
> There it is pointed out that sharing mutable data. i. e., code like
>
> my_push_back(vec, vec[0]);
>
> can lead to subtle errors. Of course GCC cannot change C++ to a language
> like Val that forbids such code.
> From my understanding, however, sharing of mutable data can be detected by
> the compiler on caller side
> (looking at the prototype of the function - are all shared arguments const
> or is there some mutable argument?)
> and it might be possible to add a warning "shared mutable data".
>
> How difficult is it to implement such a warning?
>

What exactly are you suggesting for the semantics of the warning? You
haven't described what you want it to do, for anybody to say how difficult
it would be.



> If we have such a warning, it will be possible to get some information
>
> .) How often such code occurs in real programs?
> .) Is it difficult to fix such code (e.g. by making a copy of the data
> before passing it to the function)
> .) Is it possible to find all such possbible errors when the complete
> program is compiled with this warning enabled?
>
> Even if it were not possible to detect all cases, also detecting some
> cases might prevent some bugs.
>
> What do you think about adding a warning "shared mutable data" to GCC?
>
> Helmut Zeisel
>
>
>

Aw: Re: Warning: shared mutable data

[Helmut Zeisel]

Von: "Jonathan Wakely" <jwakely.gcc@gmail.com>


 > What exactly are you suggesting for the semantics of the warning? 

Good question. It is difficult to detect all suspiscious cases, but at least some of the can be defined:

If we have a function prototype 

f(...,Ti xi,...Tj xj,...)

and call the function f(... xi, ... xj,...) with some xi, xj with aliasing / data sharing,

and both Ti and Tj are references/pointers and at least one is a non-const pointer / reference,
then the warning should be given.

E.g. for both int:

Ti int: no warning
Ti int& or int*: warning if Tj is int*, const int*, int&, or const int&; no warning for Tj int.
Ti const int& or const int*: warning if Tj is int*, or int&; no warning if Tj is const int*, const int&, or int. 

Or maybe some code example:

void increase_x_by_y_and_z(int& x, const int& y, const int& z)
{
  x+=y;
  x+=z;
}

This should be OK (no sharing, no warning):

x=1;
y=1;
z=1;

increase_x_by_y_and_z(x,y,z);

This should give a warning (sharing of int& and const int&):

x=1;
y=1;

increase_x_by_y_and_z(x,y,x);

On the other hand, this is OK (y is shared but not mutable - two times const int&):

x=1;
y=1;

increase_x_by_y_and_z(x,y,y);


Helmut