On 11/29/20 6:56 PM, Iain Sandoe wrote:
Hi Martin,
Martin Sebor via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
On 11/10/20 12:38 PM, Iain Sandoe wrote:
—— commit message.
If an interface is marked 'deprecated' then, presumably, at some
point it
will be withdrawn and no longer available. The 'unavailable' attribute
makes it possible to mark up interfaces to indicate this status.
Making an interface unavailable isn't the intent of deprecation in
standards like C, C++, or POSIX. Rather, the intended next stage
after deprecation is to make the interface available for other uses,
either by the standards themselves, or by implementations, or by
programs (if its name is not in the reserved namespace). So unless
you have other kinds of deprecation in mind this doesn't seem like
a fitting use case.
coming at things from the standards perspective .. perhaps.
.. however, in the first set of cases above, one never needs to indicate
unavailability since the entity never becomes unavailable, it changes
meaning.
In practice, we don’t have markup of keywords etc. to indicate this (such
deprecation has been handled specifically in the FEs).
The practical (and actual) use of these attributes is in describing the
lifecycle
of system APIs.
In that context, one could see it being used to describe APIs withdrawn
in, say,
a Posix standard (as implemented by a given system or according to specific
compile-time flags).
Just for the sake of clarity, to make sure we are both talking about
the same thing, the term POSIX uses for "withdrawn" when referring
to APIs is removed. Withdrawn is a term that ISO tends to apply to
whole standards. For example, ISO 9945:2003 AKA SUSv3 is a withdrawn
revision of POSIX (likewise, C99 and C11 are withdrawn revisions of
C).
With that, the APIs that have been removed in recent POSIX versions
would not be appropriately described by the attribute, either on
paper, in the POSIX spec (if the hypothetical case when the attribute
was specified the C standard), or in implementations. The APIs simply
don't exist and so are open to use by programs (unless they are in
the reserved namespace), or by implementations as extensions.
The latter typically means that the APIs are defined (i.e., can
continue to be linked to by legacy applications) but not declared
in the system's header so they can be defined by programs. Declaring
removed APIs with the unavailable attribute would prevent that and so
would not be conforming.
An example from C (not yet POSIX) is the gets() function that was
removed in C11 (it's still SUSv4). It's only declared in <stdio.h>
when targeting older versions of C and C++. Because in more recent
versions of the standards gets is not a reserved name it's valid
for programs to declare symbols named gets (of any kind). So
declaring gets in <stdio.h> with attribute unavailable would be
nonconforming.
My point here is not necessarily to object to the idea behind
the attribute but to draw attention to the fact that it's not
suitable for standard APIs.
It is used
quite extensively in some codebases where a single set of headers can
be used
to permit code generation for multiple system versions.
This sounds like a different use case than the next stage after
deprecation. I haven't come across it but I imagine its purpose
is to foster portability between variants or flavors (rather
than versions) of APSs? Say one set of APIs for a feature-rich
desktop variant of an OS versus a subset of the same APIs for
an embedded, more limited variant of the same OS.
In the case of Darwin, the compilers are capable of targeting multiple
versions
of the system (one doesn’t need a separate GCC or clang to target each
version,
there is a -mmacosx-version-min= flag that allows the target version to
be specified
on the command line).
Rather than install many versions of headers (and libraries) for all the
system
versions, the designers elected to have one copy with markup that
describes the
availability of APIs.
the lifecycle is typically:
introduced from version P.Q (ergo, unavailable before that)
perhaps deprecated at version R.S (ergo the user should be warned)
withdrawn at version X.Y (and unavailable thereafter).
The headers contain macros that are expanded according to the version
for which the code is being compiled - to produce deprecation warnings or
unavailability errors if such APIs are *used* in the code.
I see. That seems like a Darwin-specific use case, or one that may
be suitable for proprietary APIs not covered by the three language
standards (C, C++, or POSIX) where the attribute could only be used
this way as a non-conforming extension. I suppose it might also be
applicable in the case of Linux distributions whose vendors support
multiple versions simultaneously, although I haven't come across
this use case.
From a configuration perspective, it also allows a compile test to
determine
that an interface is missing - rather than requiring a link test.
The implementation follows the pattern of attribute deprecated, but
produces
an error (where deprecation produces a warning).
This attribute has been implemented in clang for some years.
The Clang manual says the attribute is useful in conjunction with
the enable_if and overloadble attributes in C, to remove overloads
of C functions from the overload set. I'm trying to think how
the GCC implementation of the attribute might be useful in
the subset of cases that don't depend on the other two attributes
but I'm coming up empty (exceot for the different variants of
an API use case that seems rather esoteric). It seems to me
the use case is close to #pragma GCC poison except more nunanced
(i.e., it doesn't poison a name but its uses in the given namespace,
as in functions, types, members, etc.)
Hopefully, the description above clarifies the intent.
It is possible, even likely, that the implementations in clang have
additional
capabilities above those implemented in this first cut - and perhaps we
might
adopt some of those in follow-on work.
however the immediate use-case is the hundreds of instances where APIs
are marked up in the manner I’ve outlined above.
+@cindex @code{unavailable} function attribute
+The @code{deprecated} attribute results in an error if the function
^^^^^^^^^^
This should presumably read unavailable.
yes, good catch
+It is expected that items marked as @code{deprecated} will
eventually be
+withdrawn from interfaces, and then become unavailable. This attribute
+allows for marking them appropriately.
In Clang, declaring a member unavailable doesn't have the same effect
as withdrawing it (which I would interpret as removing). The member
still takes up space, so if this patch does the same I think this
effect should be made clear here.
The intent is to match the behaviour of clang sufficiently closely that
GCC can
make more effective use of the system headers on Darwin platforms (and, of
course, allow for the same kind of life cycle markup on other platforms).
Like attribute deprecated, I suspect attribute unavailable in GCC
will also be subject to the same catch 22 of marking up both a type
and its uses in APIs. E.g., in:
struct __attribute__ ((deprecated)) A { ... };
struct B {
// Clang accepts this w/o warning, GCC warns.
struct A a __attribute__ ((deprecated));
int i;
};
With unavailable, the problem will be made worse due to the error.
so this is a bug in GCC’s availability attributes (not specifically
caused by
this patch) - addressing it for deprecation would naturally carry over
to the
unavailable case.
To be generally usable, I think GCC needs to change to behave more
like Clang. As a motivating example, consider the deprecated POSIX
getitimer API:
struct itimerval { int it_interval, it_value; };
int getitimer (int, struct itimerval*);
int setitimer (int, const struct itimerval*, struct itimerval*);
All three names are deprecated and so using each one alone outside
the header that declares them should trigger a deprecation message;
the declarations themselves must not. If/when the APIs are removed,
marking them unavailable in the headers must likewise not trigger
errors.
Is there a PR for this ?
(IMO it’s still a separate issue, curing the problem for deprecation
will also
cure it for unavailability).
There are a number of bugs for attribute deprecated. The one that's
probably the closest to this problem is:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61754
It's been open since 2014. Bugs about attributes don't tend to get
a lot of attention, either in GCC or within standards committees
(the standard form came to C from C++ where all attributes are
unspecified for templates). Which is in part why I view with
skepticism enhancements built on top of the same poorly specified
foundation.
Martin
thanks for the review,
Iain
