Increased C++ warning level

Sat Jan 6 22:51:28 CET 2018

Hello,

hereby, I'd like to give you a little heads-up warning about a change
recently added to our staging branch: The compiler flags -Wextra,
-Weffc++, and -Werror are now enabled in addition to -Wall for compiling
C++ components.

If this strict warning level is inapplicable for a given component or
library, it is possible to explicitly disable the strictness in the
respective build-description file by adding following line:

  CC_CXX_WARN_STRICT =

I adjusted almost all the code of the base, base-<kernel>, os, and demo
repositories to comply with the new warning level. For most components
hosted in the higher-level repositories (libports, ports, dde_*, gems),
I disabled the strictness. My goal is to remove the 'CC_CXX_WARN_STRICT'
declarations from those components, wherever feasible. But this is not
for now.

While adjusting our code base, I identified the following patterns worth
reporting (the items below are cited from my commit message):

* A class with virtual functions can no longer publicly inherit base
  classes without a vtable. The inherited object may either be moved
  to a member variable, or inherited privately. The latter would be
  used for classes that inherit 'List::Element' or 'Avl_node'. In order
  to enable the 'List' and 'Avl_tree' to access the meta data, the
  'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes,
  we inherit the new 'Interface' class, which contains a virtual
  destructor. This way, single-line abstract base classes can stay
  as compact as they are now. The 'Interface' utility resides in
  base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly
  initialized. Basic types may be initialized with '='. All other types
  are initialized with braces '{ ... }' or as class initializers. If
  basic types and non-basic types appear in a row, it is nice to only
  use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a
  copy constructor and assignment operator. In the most cases, one
  would make them private, effectively disallowing the objects to be
  copied. Unfortunately, this warning cannot be fixed be inheriting
  our existing 'Noncopyable' class (the compiler fails to detect that
  the inheriting class cannot be copied and still gives the error).
  For now, we have to manually add declarations for both the copy
  constructor and assignment operator as private class members. Those
  declarations should be prepended with a comment like this:

        /*
         * Noncopyable
         */
        Thread(Thread const &);
        Thread &operator = (Thread const &);

  In the future, we should revisit these places and try to replace
  the pointers with references. In the presence of at least one
  reference member, the compiler would no longer implicitly generate
  a copy constructor. So we could remove the manual declaration.

Even though at times, the strict warning level seems like a nuisance
(like the need to explicitly call default constructors of all member
variables even if they are objects), it rules out certain classes of
bugs (like uninitialized member variables) and gently pushes us to
better software design. In particular, I found that Weffc++ forces one
to think more carefully about the role of a struct/class. In D, 'class'
and 'struct' are two different things. A struct is essentially a record
of data (it has no vtable). A class implements an interface (it always
has a vtable). In regular C++, the line is blurry. Weffc++ points out
the blurriness, which is good.

Should you encounter problems with compiling your components with the
new Genode version, please consider commenting in the corresponding
issue [1].

[1] https://github.com/genodelabs/genode/issues/465

The following caveats are expected, even if you disable the strictness
in your component:

* If your component has a class called 'Interface', it may collide with
  the new 'Genode::Interface' class. You may have to disambiguate the
  names.

* The 'Genode::Rpc_client' is no longer a 'Genode::Capability'. Hence,
  classes inherited from 'Genode::Rpc_client' cannot refer to
  'Capability' but must refer to 'Genode::Capability'.

* The 'Surface' class is no longer copyable, which led to API
  changes of users of this class. E.g., the 'Nitpicker_buffer'
  utility does no longer offer accessors for the contained surfaces
  but a new 'apply_to_surface' method that takes a lambda function as
  argument.

Cheers
Norman

-- 
Dr.-Ing. Norman Feske
Genode Labs

https://www.genode-labs.com · https://genode.org

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth