RFR: 8214976: Warn about uses of functions replaced for portability [v2]

Kim Barrett kbarrett at openjdk.java.net
Wed Jun 8 19:22:48 UTC 2022


> Please review this new mechanism for "poisoning" uses of certain functions,
> along with marking specific uses as still being permitted.  One use for this
> is to discourage use of external library functions for which HotSpot provides
> extended versions or portability shims.  Another is to prevent uses of certain
> functions considered "insecure", promoting alternatives or requiring strong
> scrutiny.
> 
> The new mechanism is defined in compilerWarnings.hpp, with compiler-specific
> implementations.  Comments in the code describe the details.  For some
> compilers we didn't find any features that would permit such poisoning.  As a
> result, only shared code has complete coverage.
> 
> For gcc and clang we use an attribute that warns about references to an
> annotated function, and scoped suppression of that warning.  This
> functionality is provided since gcc9 and clang14.  (I haven't tested with
> clang; version 14 is more recent than I have access for.  But the docs
> describe an explicit match to the gcc functionality.)
> 
> For Visual Studio I was unable to find a workable poisoning mechanism.  Using
> deprecation annotations and scoped suppression of the consequent warnings
> seemed plausible, but ran into problems.  (See comments in code for details.)
> But we provide scoped suppression of deprecation warnings anyway.  Many of the
> functions we'd poison are already conditionally deprecated under the control
> of macros like _CRT_SECURE_NO_WARNINGS and _CRT_NONSTDC_NO_DEPRECATE.  Once
> we've removed or annotated all calls associated with one of those macros we
> can remove the macro from our builds, preventing new uses from creeping into
> unshared code.
> 
> The aix-ppc port doesn't provide poisoning support.  The version of clang used
> by xlclang is older than the warning attribute and suppression.
> 
> Along with the new mechanisms, a few functions are poisoned by this change.
> More functions can be added as folks have time to address their uses.
> 
> The poisoning declarations are in globalDefinitions.hpp, since the signatures
> may use types that have platform-specific definitions or locations that are
> provided within that header.  That header is included (directly or indirectly)
> nearly everywhere, so provides good coverage.
> 
> The rest of the changes are to address existing uses of the newly forbidden
> functions, either using something else or annotating them as permitted uses.

Kim Barrett has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:

 - Merge branch 'master' into disallow-functions
 - fix alignment of macro continuations
 - forbid direct calls to ::exit and ::_exit
 - forbid some functions
 - define macros

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/8982/files
  - new: https://git.openjdk.java.net/jdk/pull/8982/files/b9cd6f3f..616b201b

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8982&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8982&range=00-01

  Stats: 62326 lines in 929 files changed: 35418 ins; 20042 del; 6866 mod
  Patch: https://git.openjdk.java.net/jdk/pull/8982.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/8982/head:pull/8982

PR: https://git.openjdk.java.net/jdk/pull/8982


More information about the hotspot-dev mailing list