[Diagnostics] Add an edu note explaining @_nonEphemeral diags #31649
Conversation
|
|
||
| Temporary pointers may only be passed as arguments to functions which do not store the pointer value or otherwise allow it to escape the function's scope. The Swift compiler is able to diagnose some, but not all, violations of this rule. Misusing a temporary pointer by allowing it to outlive the enclosing function call results in undefined behavior. | ||
|
|
||
| When calling functions which cannot safely accept temporary pointer arguments, use the `withUnsafe*` family of pointer APIs to explicitly manage pointer lifetimes. |
There was a problem hiding this comment.
This cries out for an example, or a link to a more elaborate explanation (e.g., the documentation for the APIs mentioned?), or both. I'd wager that there's approximately a 0% chance that someone who is learning about the topic anew from this education note will know what to do based on the dozen words here ("use ... to explicitly manage pointer lifetimes"). We've got a beautiful multi-paragraph explanation of the problem being diagnosed, and then when it comes to any possible solutions, it just...ends.
There was a problem hiding this comment.
I think I'll need to come up with some kind of simplified example here, even if it ends up being a bit contrived. The issue with linking to the documentation here is that it's hosted only on developer.apple.com, and there's no way of knowing when and if those links will change. It's the main disadvantage of shipping these notes in the toolchain.
|
|
||
| Temporary pointers may only be passed as arguments to functions which do not store the pointer value or otherwise allow it to escape the function's scope. The Swift compiler is able to diagnose some, but not all, violations of this rule. Misusing a temporary pointer by allowing it to outlive the enclosing function call results in undefined behavior. | ||
|
|
||
| When calling functions which cannot safely accept temporary pointer arguments, use the `withUnsafe*` family of pointer APIs to explicitly manage pointer lifetimes. |
There was a problem hiding this comment.
Thanks for doing this! I think it's great and agree with all the feedback so far.
When calling functions which cannot safely accept temporary pointer arguments, use the
withUnsafe*family of pointer APIs to explicitly manage pointer lifetimes.
Mentioning withUnsafePointer opens up a dangerous door. I think it's the biggest issue with the current warnings. The usual reaction will be to think that merely using withUnsafePointer imbues code with some extra safety--of course it doesn't, it just silences warnings. The educational note is the perfect place to clear this up.
If we leave it as "use withUnsafePointer to manage lifetime" without explaining how to "manage lifetimes", we'll just get a lot of this sort of thing:
struct PointerWrapper {
var ptr: UnsafePointer<Int>
}
func foo(x: Int) -> PointerWrapper {
return withUnsafePointer(to: x) {
PointerWrapper(ptr: $0)
}
}
It may help just to search through some common Swift packages to see common cases of programmers using withUnsafePointer correctly, and contrast that with incorrect usage.
owenv
force-pushed
the
ephemeral-edu-notes
branch
from
1ce4134
to
8e0f30f
Compare
|
I ended up adding a more in-depth example of incorrectly initializing an UnsafePointer with |
owenv
force-pushed
the
ephemeral-edu-notes
branch
from
8e0f30f
to
792fb87
Compare
|
Agree, this looks great! |
|
@swift-ci please smoke test |
The goal here is:
withUnsafe*APIsSuggestions on how to improve the explanations and/or provide better guidance on best practices are welcome, this isn't really my area of expertise. Once SR-12739 is done we should be able to link to that documentation from here as well.