On Jun 27, 2022, at 11:44 AM, Ben Kennedy <ben-groups@...> wrote:

To my shock and surprise, I received a response from Apple on Friday, a mere 11 days after filing it (FB10228325) !

For reference, my report included the following code (lifted from the original thread):

@import Foundation;

void foo(NSMutableDictionary** mutableDictionary)
{
(*mutableDictionary)[@"hello"] = @"world";
}

int main(int argc, const char * argv[])
{
NSDictionary* dictionary = [[NSDictionary alloc] init];
foo(&dictionary); // no compilation error here!
return 0;
}

The Apple reply is as follows:

Is it necessary for foo to take parameter NSMutableDictionary**? Can you change it to NSMutableDictionary*`?

void foo(NSMutableDictionary* mutableDictionary)
{
mutableDictionary[@"hello"] = @"world";
}

We don’t think clang should reject the code just because it is passing a NSDictionary** to a function expecting a NSMutableDictionary**. We don’t want to reject the following code, for example:

void foo(NSMutableDictionary** mutableDictionary)
{
NSMutableDictionary* md = [[NSMutableDictionary alloc] init];
*mutableDictionary = md;
}

foo is assigning a pointer to a newly created NSMutableDictionary object to dictionary, which is an NSDictionary pointer, in main.

I don't think I understand the reasoning offered by the Apple respondent, but before I reply, I wanted to see if it's meaningful to anyone else.

Whether or not foo() takes a double indirection, and despite what it might do in its body, I don't see how the suggested change remedies the error of passing an immutable dictionary reference at the call site in main().

-ben

On Jun 27, 2022, at 12:44 PM, Ben Kennedy <ben-groups@...> wrote:

To my shock and surprise, I received a response from Apple on Friday, a mere 11 days after filing it (FB10228325) !

For reference, my report included the following code (lifted from the original thread):

@import Foundation;

void foo(NSMutableDictionary** mutableDictionary)
{
(*mutableDictionary)[@"hello"] = @"world";
}

int main(int argc, const char * argv[])
{
NSDictionary* dictionary = [[NSDictionary alloc] init];
foo(&dictionary); // no compilation error here!
return 0;
}

The Apple reply is as follows:

Is it necessary for foo to take parameter NSMutableDictionary**? Can you change it to NSMutableDictionary*`?

void foo(NSMutableDictionary* mutableDictionary)
{
mutableDictionary[@"hello"] = @"world";
}

We don’t think clang should reject the code just because it is passing a NSDictionary** to a function expecting a NSMutableDictionary**. We don’t want to reject the following code, for example:

void foo(NSMutableDictionary** mutableDictionary)
{
NSMutableDictionary* md = [[NSMutableDictionary alloc] init];
*mutableDictionary = md;
}

foo is assigning a pointer to a newly created NSMutableDictionary object to dictionary, which is an NSDictionary pointer, in main.

I don't think I understand the reasoning offered by the Apple respondent, but before I reply, I wanted to see if it's meaningful to anyone else.

Whether or not foo() takes a double indirection, and despite what it might do in its body, I don't see how the suggested change remedies the error of passing an immutable dictionary reference at the call site in main().

-ben

On Jun 28, 2022, at 9:38 AM, Keary Suska <cocoa-dev@...> wrote:

It seems to me that the point being made is that the reason for a method requesting a pointer to an object is that the method will set what is being pointed to, and not that the method will attempt to manipulate the object pointed to. If the latter was the case, requesting the object directly is the better choice. Further, from the caller’s perspective, the object pointed to will behave exactly as expected, as that is the inheritance contract.

If the intent of passing the indirection was to provide an object for manipulation, well, that is problematic coding on multiple levels, and the compiler can’t protect the programmer from all of that.

Not that I am arguing that the issue shouldn’t be flagged, as canonically it really should be, but I do see their point as to whether it is worth the effort to do so.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business”

On Jun 27, 2022, at 12:44 PM, Ben Kennedy <ben-groups@...> wrote:

To my shock and surprise, I received a response from Apple on Friday, a mere 11 days after filing it (FB10228325) !

For reference, my report included the following code (lifted from the original thread):

@import Foundation;

void foo(NSMutableDictionary** mutableDictionary)
{
  (*mutableDictionary)[@"hello"] = @"world";
}

int main(int argc, const char * argv[])
{
  NSDictionary* dictionary = [[NSDictionary alloc] init];
  foo(&dictionary); // no compilation error here!
  return 0;
}

The Apple reply is as follows:

Is it necessary for foo to take parameter NSMutableDictionary**? Can you change it to NSMutableDictionary*`?

void foo(NSMutableDictionary* mutableDictionary)
{
  mutableDictionary[@"hello"] = @"world";
}

We don’t think clang should reject the code just because it is passing a NSDictionary** to a function expecting a NSMutableDictionary**. We don’t want to reject the following code, for example:

void foo(NSMutableDictionary** mutableDictionary)
{
  NSMutableDictionary* md = [[NSMutableDictionary alloc] init];
  *mutableDictionary = md;
}

foo is assigning a pointer to a newly created NSMutableDictionary object to dictionary, which is an NSDictionary pointer, in main.

I don't think I understand the reasoning offered by the Apple respondent, but before I reply, I wanted to see if it's meaningful to anyone else.

Whether or not foo() takes a double indirection, and despite what it might do in its body, I don't see how the suggested change remedies the error of passing an immutable dictionary reference at the call site in main().

-ben

On Jun 27, 2022, at 1:44 PM, Ben Kennedy <ben-groups@...> wrote:

To my shock and surprise, I received a response from Apple on Friday, a mere 11 days after filing it (FB10228325) !

For reference, my report included the following code (lifted from the original thread):

@import Foundation;

void foo(NSMutableDictionary** mutableDictionary)
{
(*mutableDictionary)[@"hello"] = @"world";
}

int main(int argc, const char * argv[])
{
NSDictionary* dictionary = [[NSDictionary alloc] init];
foo(&dictionary); // no compilation error here!
return 0;
}

The Apple reply is as follows:

Is it necessary for foo to take parameter NSMutableDictionary**? Can you change it to NSMutableDictionary*`?

void foo(NSMutableDictionary* mutableDictionary)
{
mutableDictionary[@"hello"] = @"world";
}

We don’t think clang should reject the code just because it is passing a NSDictionary** to a function expecting a NSMutableDictionary**. We don’t want to reject the following code, for example:

void foo(NSMutableDictionary** mutableDictionary)
{
NSMutableDictionary* md = [[NSMutableDictionary alloc] init];
*mutableDictionary = md;
}

foo is assigning a pointer to a newly created NSMutableDictionary object to dictionary, which is an NSDictionary pointer, in main.

I don't think I understand the reasoning offered by the Apple respondent, but before I reply, I wanted to see if it's meaningful to anyone else.

Whether or not foo() takes a double indirection, and despite what it might do in its body, I don't see how the suggested change remedies the error of passing an immutable dictionary reference at the call site in main().

-ben

On Jun 28, 2022, at 6:34 PM, Jens Alfke <jens@...> wrote:

On Jun 27, 2022, at 11:44 AM, Ben Kennedy <ben-groups@...> wrote:

I don't think I understand the reasoning offered by the Apple respondent, but before I reply, I wanted to see if it's meaningful to anyone else.

It took some puzzling, but I think I understand what they meant. I also think they’re wrong.

In the example you gave them, the foo function is taking an input parameter (with more indirection than necessary) and operating on it. Here the compiler’s behavior is wrong: you shouldn’t be able to pass an NSDictionary* through a parameter typed as NSMutableDictionary* (even if there’s an additional indirection.) This kind of parameter passing is covariant.

The example they gave is the opposite, using an “out” parameter. The function creates an NSDictionary and returns it through the indirected parameter. This case is valid. Returning values is contravariant.

Unfortunately the function signature is the same for both cases, so the compiler can’t tell which one is going to happen, at least not in the limiting case where ‘foo’ and its caller are in different compilation units or different dylibs. Therefore the compiler shouldn’t allow this, in either direction. (I.e. if you tried to pass an NSMutableDictionary through an NSDictionary** param it should fail too.)

I am pretty certain that if you tried this same example in C++ using a simple class hierarchy it would fail with an error. That might be a more convincing argument to them.

[a few minutes pass] Yes, a trivial C++ example fails:

class A { };
class B : public A { };
void foo(B** b) { }
void bar(A** a) { }

int main(int argc, char *argv[]) {
A* a = new A;
foo(&a); // “no matching function for call to ‘foo’"

B* b = new B;
bar(&b); // “no matching function for call to ‘bar’"
}

—Jens

On Jul 1, 2022, at 3:32 PM, Jens Alfke <jens@...> wrote:

On Jun 29, 2022, at 6:44 PM, Roland King <rols@...> wrote:

There's been some discussion about what C++ would do in this case. Very simple, if NSDictionary were a superclass of NSMutableDictionary, which in a C++ hierarchy it would usually be, then supplying NSMutableDictionary pointer or reference to a method which took an NSDictionary pointer or reference would succeed

Argh. Am I the only person who noticed the double asterisks in the parameter types?
It’s NSDictionary** and NSMutableDictionary**
not NSDictionary* and NSMutableDictionary*
That makes a very large difference.

—Jens

On Jul 2, 2022, at 12:17 AM, Keary Suska <cocoa-dev@...> wrote:

I for one, did notice. I was simply taking for granted that manipulating an object passed by indirection is itself a bad coding practice and should be avoided at all costs, whether or not one is the author of the called code. The method should just request the object “directly” so the intent is clear. The use of indirection is pointless unless it is an out parameter (or an array of C strings, but that’s something altogether different). If it is both, then my argument stands, as the intent in unclear and is a bad code smell to boot.

As an out parameter, it is only problematic if the caller passes a subclass for a parent class. The caller might then be expecting the object to behave differently and errors could ensue. The reverse would be error free, which was my point that you missed.

So back to the complaint at hand—since the compiler may not be able to know the intent of the method, flagging the type mismatch may be a better thing to do, but it is also just the pedantic thing to do, and although technically correct, is it worth it to the compiler developers to implement it? The use cases for requiring flagging are outside of convention and involve edge cases. Should a compiler flag every possible stupid thing a programmer could do? The list would be endless! No, they pick and choose their battles, and hope that language conventions would prevent implementors from doing things, like, manipulating a parameter passed by indirection.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 1, 2022, at 3:32 PM, Jens Alfke <jens@...> wrote:

On Jun 29, 2022, at 6:44 PM, Roland King <rols@...> wrote:

There's been some discussion about what C++ would do in this case. Very simple, if NSDictionary were a superclass of NSMutableDictionary, which in a C++ hierarchy it would usually be, then supplying NSMutableDictionary pointer or reference to a method which took an NSDictionary pointer or reference would succeed

Argh. Am I the only person who noticed the double asterisks in the parameter types?
It’s NSDictionary** and NSMutableDictionary**
not NSDictionary* and NSMutableDictionary*
That makes a very large difference.

—Jens

On Jul 2, 2022, at 7:06 PM, Peter Teeson via groups.io <pteeson@...> wrote:

I noticed and sent this example of Apple’s code using CFDictionary… note the double asterisks for the keys and values parms.
hence an array of dictSize pointers, *keys[dictSize], and type const void *. No copmilation complaint.

I am not sure if this is a relevant example but this function, to get all the keys and values from a dictionary for you,
requires parameters for the keys and values to be

“ ...C arrays of pointer-sized elements to be filled with keys and values from the dictionary"
void CFDictionaryGetKeysAndValues(CFDictionaryRef theDict, const void **keys, const void **values);
hence
const void **keys[dictSize];
const void **values[dictSize];
CFDictionaryGetKeysAndValues(dictRef,*keys, *values);

On Jul 2, 2022, at 12:17 AM, Keary Suska <cocoa-dev@...> wrote:

I for one, did notice. I was simply taking for granted that manipulating an object passed by indirection is itself a bad coding practice and should be avoided at all costs, whether or not one is the author of the called code. The method should just request the object “directly” so the intent is clear. The use of indirection is pointless unless it is an out parameter (or an array of C strings, but that’s something altogether different). If it is both, then my argument stands, as the intent in unclear and is a bad code smell to boot.

As an out parameter, it is only problematic if the caller passes a subclass for a parent class. The caller might then be expecting the object to behave differently and errors could ensue. The reverse would be error free, which was my point that you missed.

So back to the complaint at hand—since the compiler may not be able to know the intent of the method, flagging the type mismatch may be a better thing to do, but it is also just the pedantic thing to do, and although technically correct, is it worth it to the compiler developers to implement it? The use cases for requiring flagging are outside of convention and involve edge cases. Should a compiler flag every possible stupid thing a programmer could do? The list would be endless! No, they pick and choose their battles, and hope that language conventions would prevent implementors from doing things, like, manipulating a parameter passed by indirection.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 1, 2022, at 3:32 PM, Jens Alfke <jens@...> wrote:

On Jun 29, 2022, at 6:44 PM, Roland King <rols@...> wrote:

There's been some discussion about what C++ would do in this case. Very simple, if NSDictionary were a superclass of NSMutableDictionary, which in a C++ hierarchy it would usually be, then supplying NSMutableDictionary pointer or reference to a method which took an NSDictionary pointer or reference would succeed

Argh. Am I the only person who noticed the double asterisks in the parameter types?
It’s NSDictionary** and NSMutableDictionary**
not NSDictionary* and NSMutableDictionary*
That makes a very large difference.

—Jens

On Jul 2, 2022, at 11:19 PM, Keary Suska <cocoa-dev@...> wrote:

Because void * type is so generic, you would not get a compilation error/warning for any pointer type, at least as of C11. I believe you can even omit the const, as that would result in an implicit cast for the callee, IIRC. 

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 2, 2022, at 7:06 PM, Peter Teeson via groups.io <pteeson@...> wrote:

I noticed and sent this example of Apple’s code using CFDictionary… note the double asterisks for the keys and values parms. 
hence an array of dictSize pointers, *keys[dictSize], and type const void *. No copmilation complaint.

I am not sure if this is a relevant example but this function, to get all the keys and values from a dictionary for you,
requires parameters for the keys and values to be

“ ...C arrays of pointer-sized elements to be filled with keys and values from the dictionary"
void CFDictionaryGetKeysAndValues(CFDictionaryRef theDict, const void **keys, const void **values);
hence
       const void **keys[dictSize];   
       const void **values[dictSize];
CFDictionaryGetKeysAndValues(dictRef,*keys, *values);

On Jul 2, 2022, at 12:17 AM, Keary Suska <cocoa-dev@...> wrote:

I for one, did notice. I was simply taking for granted that manipulating an object passed by indirection is itself a bad coding practice and should be avoided at all costs, whether or not one is the author of the called code. The method should just request the object “directly” so the intent is clear. The use of indirection is pointless unless it is an out parameter (or an array of C strings, but that’s something altogether different). If it is both, then my argument stands, as the intent in unclear and is a bad code smell to boot.

As an out parameter, it is only problematic if the caller passes a subclass for a parent class. The caller might then be expecting the object to behave differently and errors could ensue. The reverse would be error free, which was my point that you missed.

So back to the complaint at hand—since the compiler may not be able to know the intent of the method, flagging the type mismatch may be a better thing to do, but it is also just the pedantic thing to do, and although technically correct, is it worth it to the compiler developers to implement it? The use cases for requiring flagging are outside of convention and involve edge cases. Should a compiler flag every possible stupid thing a programmer could do? The list would be endless! No, they pick and choose their battles, and hope that language conventions would prevent implementors from doing things, like, manipulating a parameter passed by indirection.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 1, 2022, at 3:32 PM, Jens Alfke <jens@...> wrote:

On Jun 29, 2022, at 6:44 PM, Roland King <rols@...> wrote:

There's been some discussion about what C++ would do in this case. Very simple, if NSDictionary were a superclass of NSMutableDictionary, which in a C++ hierarchy it would usually be, then supplying NSMutableDictionary pointer or reference to a method which took an NSDictionary pointer or reference would succeed

Argh. Am I the only person who noticed the double asterisks in the parameter types?
It’s NSDictionary** and NSMutableDictionary**
not NSDictionary* and NSMutableDictionary*
That makes a very large difference.

—Jens

On Jul 3, 2022, at 11:01 AM, Peter Teeson via groups.io <pteeson@...> wrote:

If I remove the const, i.e. void**keys[dictSize], which was my original code, the compiler complains with "No matching function for call to ‘CFDictionaryGetKeysAndValues”

When I originally read up about const void* vs void* is why I tried omitting the const.
The documents actually discuss the fact the receiver does the cast.. but the compiler says “No matching…”
Took me a while to get it right and I still don’t really understand what is theoretically correct.

It seems to me that an array of const void* pointers should not be changed. But in fact the opaque code that fills in the keys with the value that point to the keys, and ditto for the value pointers, seems to not obey that.

The docs also point out that the mutability capability was added to the immutable code as opposed to being a separate TU.

Anyway from a pragmatic POV as long as it doesn’t crash at late binding time we move on.

respect…

Peter

On Jul 2, 2022, at 11:19 PM, Keary Suska <cocoa-dev@...> wrote:

Because void * type is so generic, you would not get a compilation error/warning for any pointer type, at least as of C11. I believe you can even omit the const, as that would result in an implicit cast for the callee, IIRC.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 2, 2022, at 7:06 PM, Peter Teeson via groups.io <pteeson@...> wrote:

I noticed and sent this example of Apple’s code using CFDictionary… note the double asterisks for the keys and values parms.
hence an array of dictSize pointers, *keys[dictSize], and type const void *. No copmilation complaint.

I am not sure if this is a relevant example but this function, to get all the keys and values from a dictionary for you,
requires parameters for the keys and values to be

“ ...C arrays of pointer-sized elements to be filled with keys and values from the dictionary"
void CFDictionaryGetKeysAndValues(CFDictionaryRef theDict, const void **keys, const void **values);
hence
const void **keys[dictSize];
const void **values[dictSize];
CFDictionaryGetKeysAndValues(dictRef,*keys, *values);

On Jul 2, 2022, at 12:17 AM, Keary Suska <cocoa-dev@...> wrote:

I for one, did notice. I was simply taking for granted that manipulating an object passed by indirection is itself a bad coding practice and should be avoided at all costs, whether or not one is the author of the called code. The method should just request the object “directly” so the intent is clear. The use of indirection is pointless unless it is an out parameter (or an array of C strings, but that’s something altogether different). If it is both, then my argument stands, as the intent in unclear and is a bad code smell to boot.

As an out parameter, it is only problematic if the caller passes a subclass for a parent class. The caller might then be expecting the object to behave differently and errors could ensue. The reverse would be error free, which was my point that you missed.

So back to the complaint at hand—since the compiler may not be able to know the intent of the method, flagging the type mismatch may be a better thing to do, but it is also just the pedantic thing to do, and although technically correct, is it worth it to the compiler developers to implement it? The use cases for requiring flagging are outside of convention and involve edge cases. Should a compiler flag every possible stupid thing a programmer could do? The list would be endless! No, they pick and choose their battles, and hope that language conventions would prevent implementors from doing things, like, manipulating a parameter passed by indirection.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 1, 2022, at 3:32 PM, Jens Alfke <jens@...> wrote:

On Jun 29, 2022, at 6:44 PM, Roland King <rols@...> wrote:

There's been some discussion about what C++ would do in this case. Very simple, if NSDictionary were a superclass of NSMutableDictionary, which in a C++ hierarchy it would usually be, then supplying NSMutableDictionary pointer or reference to a method which took an NSDictionary pointer or reference would succeed

Argh. Am I the only person who noticed the double asterisks in the parameter types?
It’s NSDictionary** and NSMutableDictionary**
not NSDictionary* and NSMutableDictionary*
That makes a very large difference.

—Jens

On Jul 3, 2022, at 11:45 AM, Keary Suska <cocoa-dev@...> wrote:

More modern versions of C compilers may be stricter about const, and I believe C++ is strict about it. I haven’t really kept up. Back in my C days I believe it was considered good practice to use const in argument parameters when you don’t plan to modify an argument, to keep you honest. In any cxase, it does look like it is a similar issue with a pedantic interpretation of type mismatch.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 3, 2022, at 11:01 AM, Peter Teeson via groups.io <pteeson@...> wrote:

If I remove the const, i.e. void**keys[dictSize], which was my original code, the compiler complains with "No matching function for call to ‘CFDictionaryGetKeysAndValues”

When I originally read up about const void* vs void* is why I tried omitting the const.
The documents actually discuss the fact the receiver does the cast.. but the compiler says “No matching…”
Took me a while to get it right and I still don’t really understand what is theoretically correct.

It seems to me that an array of const void* pointers should not be changed. But in fact the opaque code that fills in the keys with the value that point to the keys, and ditto for the value pointers, seems to not obey that.

The docs also point out that the mutability capability was added to the immutable code as opposed to being a separate TU.

Anyway from a pragmatic POV as long as it doesn’t crash at late binding time we move on.

respect…

Peter

On Jul 2, 2022, at 11:19 PM, Keary Suska <cocoa-dev@...> wrote:

Because void * type is so generic, you would not get a compilation error/warning for any pointer type, at least as of C11. I believe you can even omit the const, as that would result in an implicit cast for the callee, IIRC.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 2, 2022, at 7:06 PM, Peter Teeson via groups.io <pteeson@...> wrote:

I noticed and sent this example of Apple’s code using CFDictionary… note the double asterisks for the keys and values parms.
hence an array of dictSize pointers, *keys[dictSize], and type const void *. No copmilation complaint.

I am not sure if this is a relevant example but this function, to get all the keys and values from a dictionary for you,
requires parameters for the keys and values to be

“ ...C arrays of pointer-sized elements to be filled with keys and values from the dictionary"
void CFDictionaryGetKeysAndValues(CFDictionaryRef theDict, const void **keys, const void **values);
hence
const void **keys[dictSize];
const void **values[dictSize];
CFDictionaryGetKeysAndValues(dictRef,*keys, *values);

On Jul 2, 2022, at 12:17 AM, Keary Suska <cocoa-dev@...> wrote:

I for one, did notice. I was simply taking for granted that manipulating an object passed by indirection is itself a bad coding practice and should be avoided at all costs, whether or not one is the author of the called code. The method should just request the object “directly” so the intent is clear. The use of indirection is pointless unless it is an out parameter (or an array of C strings, but that’s something altogether different). If it is both, then my argument stands, as the intent in unclear and is a bad code smell to boot.

As an out parameter, it is only problematic if the caller passes a subclass for a parent class. The caller might then be expecting the object to behave differently and errors could ensue. The reverse would be error free, which was my point that you missed.

So back to the complaint at hand—since the compiler may not be able to know the intent of the method, flagging the type mismatch may be a better thing to do, but it is also just the pedantic thing to do, and although technically correct, is it worth it to the compiler developers to implement it? The use cases for requiring flagging are outside of convention and involve edge cases. Should a compiler flag every possible stupid thing a programmer could do? The list would be endless! No, they pick and choose their battles, and hope that language conventions would prevent implementors from doing things, like, manipulating a parameter passed by indirection.

Keary Suska
Esoteritech, Inc.
"Demystifying technology for your home or business"

On Jul 1, 2022, at 3:32 PM, Jens Alfke <jens@...> wrote:

On Jun 29, 2022, at 6:44 PM, Roland King <rols@...> wrote:

There's been some discussion about what C++ would do in this case. Very simple, if NSDictionary were a superclass of NSMutableDictionary, which in a C++ hierarchy it would usually be, then supplying NSMutableDictionary pointer or reference to a method which took an NSDictionary pointer or reference would succeed

Argh. Am I the only person who noticed the double asterisks in the parameter types?
It’s NSDictionary** and NSMutableDictionary**
not NSDictionary* and NSMutableDictionary*
That makes a very large difference.

—Jens