Page MenuHomePhabricator

[clang-tidy] New check to warn when writing to a dispatch_once_t variable.
Needs ReviewPublic

Authored by mwyman on Sep 13 2019, 3:23 PM.

Details

Summary

Libdispatch documentation specifies that dispatch_once_ts must never have been non-zero, and assigning to them violates this.

Currently adding this to the misc module. Per discussion in https://reviews.llvm.org/D67567, perhaps this should be moved to a new, more specific module.

Diff Detail

Event Timeline

mwyman created this revision.Sep 13 2019, 3:23 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 13 2019, 3:23 PM
Eugene.Zelenko retitled this revision from New ClangTidy check to warn when writing to a dispatch_once_t variable. to [clang-tidy] New check to warn when writing to a dispatch_once_t variable..Sep 13 2019, 4:33 PM
Eugene.Zelenko added a project: Restricted Project.
Eugene.Zelenko added inline comments.
clang-tools-extra/docs/clang-tidy/checks/misc-dispatch-once-assignment.rst
9

Does library documentation contain this recommendation? If so, will be good idea to add link. Same for other check.

stephanemoore added inline comments.Sep 16 2019, 3:30 PM
clang-tools-extra/docs/clang-tidy/checks/misc-dispatch-once-assignment.rst
9

I don't recall if there is explicit GCD documentation anywhere. The closest thing I could find was a post from Greg Parker: https://stackoverflow.com/a/19845164.

I think the general issue is that GCD performs atomic operations internally on dispatch_once_t memory. A recent snapshot of a version of GCD suggests that C11 atomic operations are used but the general issue is that GCD does not publicly declare how it internally guarantees atomicity while managing dispatch_once_t state. The safest way to make mutations to dispatch_once_t memory is by using the same atomic operations library that the particular version of GCD loaded into your process uses (in theory this can vary depending on a number of factors including the system version). Given that this information is not exposed and it seems unlikely, if not unreasonable, to be exposed, the safest approach is presumably to to let GCD handle all mutations.