iox-#1394 iox-#1196 Address Axivion and clang-tidy findings for cxx::function_ref

[mossmaurice]

Signed-off-by: Simon Hoinkis [email protected]

Pre-Review Checklist for the PR Author

1. Code follows the coding style of CONTRIBUTING.md
2. Tests follow the best practice for testing
3. Changelog updated in the unreleased section including API breaking changes
4. Branch follows the naming format (iox-#123-this-is-a-branch)
5. Commits messages are according to this guideline
   • Commit messages have the issue ID (iox-#123 commit text)
   • Commit messages are signed (git commit -s)
   • Commit author matches Eclipse Contributor Agreement (and ECA is signed)
6. Update the PR title
   • Follow the same conventions as for commit messages
   • Link to the relevant issue
7. Relevant issues are linked
8. Add sensible notes for the reviewer
9. All checks have passed (except task-list-completed)
10. Assign PR to reviewer

Notes for Reviewer

• Address AUTOSAR warnings with Axivion
• Fix clang-tidy warnings in cxx::function_ref
• Findings regardings Expects not considered will be addressed as part of ErrorHandling concept with user defined actions #1032 by @MatthiasKillat

Todo

• Some suppressions not considered by Axivion -> Fixed
• M7-1-2: Shall constness of 'target' be changed?
• Discuss A2-7-3 and A14-5-2

Checklist for the PR Reviewer

• Commits are properly organized and messages are according to the guideline
• Code according to our coding style and naming conventions
• Unit tests have been written for new behavior
  • Each unit test case has a unique UUID
• Public API changes are documented via doxygen
• Copyright owner are updated in the changed files
• PR title describes the changes

Post-review Checklist for the PR Author

1. All open points are addressed and tracked via issues

References

• Closes Address Autosar Violations using Axivion #1394 (partly)
• Closes Enable clang-tidy checks and fix warnings in code #1196 (partly)

[codecov]

Codecov Report

Merging #1456 (16fd6c2) into master (ebc67df) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1456      +/-   ##
==========================================
+ Coverage   78.75%   78.76%   +0.01%     
==========================================
  Files         379      379              
  Lines       14477    14477              
  Branches     2012     2012              
==========================================
+ Hits        11401    11403       +2     
+ Misses       2436     2435       -1     
+ Partials      640      639       -1     

Flag	Coverage Δ
unittests	78.42% <100.00%> (+0.01%)	⬆️
unittests_timing	14.87% <75.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...nclude/iceoryx_hoofs/internal/cxx/function_ref.inl	93.33% <100.00%> (ø)
iceoryx_posh/source/mepoo/memory_manager.cpp	97.08% <0.00%> (+1.94%)	⬆️

[elfenpiff]

Actually I have no idea what this is suppressing and why a <type_traits> makes it safe again. Could you elaborate this a little bit more detailed. With other warnings it is most of the time more clear since they are directly above the line which has the "warning" and one sees the context but in this case it could be easily also a cut&paste failure.

[MatthiasKillat]

I think it is about type_traits from STL being used but only included indirectly. I think the proper fix is to include it directly, as is customary in C++.

[mossmaurice]

@elfenpiff @MatthiasKillat For <type_traits> we have our trampoline type_traits.hpp which adds some type traits missing in C++14. I re-phrased the justification.

[elfenpiff]

Why did you add a reference here? Was it a warning? Should we do this for all copy assignments?

So this rule forbids code like:

std::move(a) = b;

Which is valid and well defined but on the first glimpse weird. But take a look at this here

template<typename T>
void initializeSomeArgs(T&& args) {
    std::forward<T>(args) = someT;
}

Here we take args as universal reference (so sometimes also as rvalue reference) and would like to assign a new value to it.
Why should we forbid that? What kind of error can possible originate from that?

[MatthiasKillat]

@elfenpiff In the example you provided it can have outside effect, depending on the type it is instantiated with so anything can go wrong but this is no reason not to allow since this holds for any references or pointers.

While it will not be useful often (or at all) for function_ref, I do not see it should be required to restrict the assignment operator to lvalues.

@mossmaurice Edit: I thought about this. For function_ref there is probably no good use case to assign to rvalues so it is fine to prohibit this explicitly. Same for all other places where I mentioned it.

It should not be done for all classes without considering their purpose, but it is rarely useful I think.

[mossmaurice]

@elfenpiff That's due to AUTOSAR rule A12-8-7. Indeed

std::move(a) = b;

is weird and does not make sense. You can find more examples in the AUTOSAR document.

For your 2nd example, I suppose if it is needed in some cases, we should explicitly define foo& operator=(const foo&) && and if desired call operator=() & from there explicitly.

[MatthiasKillat]

If both implementations (&& and &) exist and are identical it does not make sense to distinguish. Only if one should not exist (as here) or if they both exist but are different.

It is fine if we only have one like here.

[elfenpiff]

In what manner are the members initialized? What does NSDMI mean?

[MatthiasKillat]

https://www.cppstories.com/2015/02/non-static-data-members-initialization/

But I think this Axivion suppression is probably not the right way, @saif-at-github may know more (should it suppress the next Construct instead?). I do see any members in the next line and am not sure what this rule is about or why there is an issue.

Ideally there is nothing to suppress here, I cannot the any problem.

[mossmaurice]

@elfenpiff https://www.giybf.com 🙃

@MatthiasKillat Correct, I switchted it to Next Construct.

The rule just says either init via the : m_foo(foo) or inline via Type m_foo{defaultValue}, but don't mix things as you might forget it in another c'tor. However, doing it explicitly in both ways, is the best IMHO.

[elfenpiff]

With this argument the call operator must be noexcept.

[MatthiasKillat]

15-4-4 states that "A declaration of non-throwing function shall contain noexcept specification.". I have no problem with that. However, any function that might throw cannot have this specificier, which means any user-defined function cannot. Hence I do not see why Axivion should complain unless it is better analyzing whether a function can throw or not than the compiler.

And even modern compilers are in general not able to do this in general, non-trivial cases (like this one). Not sure the rule is useful to enforce with this tool for this reason. If the tool produces too many false positives/negatives it is useless for this rule (while the rule itself makes sense).

[mossmaurice]

@elfenpiff I don't get this, the operator()() is already noexcept.

@MatthiasKillat Correct, we need to monitor that.

[MatthiasKillat]

I think it is about type_traits from STL being used but only included indirectly. I think the proper fix is to include it directly, as is customary in C++.

[MatthiasKillat]

What is the problem here? Does it not recognize that something from this header is used? (maybe because it is a macro?) ...

[mossmaurice]

@MatthiasKillat AFAIU Axivion does not detect that the macro from requires.hpp is used.

[MatthiasKillat]

I dislike that tool failure results in these suppression comments.

-1 for the tool I guess

[MatthiasKillat]

@elfenpiff In the example you provided it can have outside effect, depending on the type it is instantiated with so anything can go wrong but this is no reason not to allow since this holds for any references or pointers.

While it will not be useful often (or at all) for function_ref, I do not see it should be required to restrict the assignment operator to lvalues.

@mossmaurice Edit: I thought about this. For function_ref there is probably no good use case to assign to rvalues so it is fine to prohibit this explicitly. Same for all other places where I mentioned it.

It should not be done for all classes without considering their purpose, but it is rarely useful I think.

[MatthiasKillat]

Type safety is ensured by the fact we only pass functions with this type as target, i.e. they are convertible.

This is entirely under the control of the class.

[MatthiasKillat]

@mossmaurice I still find the justification lacking here, hence my comment about the reason.

Without extra knowledge of how it works, I could not infer it from the justification.

More precisely
the class design ensures a cast to the actual type of target

[mossmaurice]

@elfenpiff @MatthiasKillat @elBoberido

The combination of clang-tidy and Axivion suppression has been confirmed to work in a call with Axivion yesterday:

// AXIVION Next Construct Ruleset-A1.2.3 : Because foo and bar
// NOLINTNEXTLINE (foobar)

[MatthiasKillat]

Looks good. I think some justifications wrt. type erasure are not quite clear and need some detail/rewording.

[MatthiasKillat]

If both implementations (&& and &) exist and are identical it does not make sense to distinguish. Only if one should not exist (as here) or if they both exist but are different.

It is fine if we only have one like here.

[MatthiasKillat]

@mossmaurice I still think the justification is not accurate/understandable. type erasure should be mentioned.

[MatthiasKillat]

@mossmaurice I still find the justification lacking here, hence my comment about the reason.

Without extra knowledge of how it works, I could not infer it from the justification.

More precisely
the class design ensures a cast to the actual type of target