Hello,

hereby, I'd like to give you a little heads-up warning about a change recently added to our staging branch: The compiler flags -Wextra, -Weffc++, and -Werror are now enabled in addition to -Wall for compiling C++ components.

If this strict warning level is inapplicable for a given component or library, it is possible to explicitly disable the strictness in the respective build-description file by adding following line:

CC_CXX_WARN_STRICT =

I adjusted almost all the code of the base, base-<kernel>, os, and demo repositories to comply with the new warning level. For most components hosted in the higher-level repositories (libports, ports, dde_*, gems), I disabled the strictness. My goal is to remove the 'CC_CXX_WARN_STRICT' declarations from those components, wherever feasible. But this is not for now.

While adjusting our code base, I identified the following patterns worth reporting (the items below are cited from my commit message):

* A class with virtual functions can no longer publicly inherit base classes without a vtable. The inherited object may either be moved to a member variable, or inherited privately. The latter would be used for classes that inherit 'List::Element' or 'Avl_node'. In order to enable the 'List' and 'Avl_tree' to access the meta data, the 'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes, we inherit the new 'Interface' class, which contains a virtual destructor. This way, single-line abstract base classes can stay as compact as they are now. The 'Interface' utility resides in base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly initialized. Basic types may be initialized with '='. All other types are initialized with braces '{ ... }' or as class initializers. If basic types and non-basic types appear in a row, it is nice to only use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a copy constructor and assignment operator. In the most cases, one would make them private, effectively disallowing the objects to be copied. Unfortunately, this warning cannot be fixed be inheriting our existing 'Noncopyable' class (the compiler fails to detect that the inheriting class cannot be copied and still gives the error). For now, we have to manually add declarations for both the copy constructor and assignment operator as private class members. Those declarations should be prepended with a comment like this:

/* * Noncopyable */ Thread(Thread const &); Thread &operator = (Thread const &);

In the future, we should revisit these places and try to replace the pointers with references. In the presence of at least one reference member, the compiler would no longer implicitly generate a copy constructor. So we could remove the manual declaration.

Even though at times, the strict warning level seems like a nuisance (like the need to explicitly call default constructors of all member variables even if they are objects), it rules out certain classes of bugs (like uninitialized member variables) and gently pushes us to better software design. In particular, I found that Weffc++ forces one to think more carefully about the role of a struct/class. In D, 'class' and 'struct' are two different things. A struct is essentially a record of data (it has no vtable). A class implements an interface (it always has a vtable). In regular C++, the line is blurry. Weffc++ points out the blurriness, which is good.

Should you encounter problems with compiling your components with the new Genode version, please consider commenting in the corresponding issue [1].

[1] https://github.com/genodelabs/genode/issues/465

The following caveats are expected, even if you disable the strictness in your component:

* If your component has a class called 'Interface', it may collide with the new 'Genode::Interface' class. You may have to disambiguate the names.

* The 'Genode::Rpc_client' is no longer a 'Genode::Capability'. Hence, classes inherited from 'Genode::Rpc_client' cannot refer to 'Capability' but must refer to 'Genode::Capability'.

* The 'Surface' class is no longer copyable, which led to API changes of users of this class. E.g., the 'Nitpicker_buffer' utility does no longer offer accessors for the contained surfaces but a new 'apply_to_surface' method that takes a lambda function as argument.

Cheers Norman