ansaurus

Question

How to enforce interface contracts (in C) at compile time?

Answer 1

+1 A:

The idea with the headers is sound, but, depending on the interlacing between your components, it might be cleaner to divide the interface of each component into a number of sub-categories with their own header files instead of providing a header file for each component-component-connection.

The sub-categories need not necessarily be disjoint, but make sure (via preprocessor directives) that you can mix categories without getting re-definitions; this can be achieved in a systematic fashion by creating a header-file for each type or function declaration with its own inclusion guard, and then building the sub-category headers from these atomic blocks.

Christoph 2010-10-26 20:27:15

Thanks Christoph. That's pretty much exactly what I was thinking (although I didn't explain it in that level of detail in my already-verbose question). Basically, create a single file for each function prototype or type, and build different headers by including the relevant fine-granularity files. That way, we are sure to only have one definition of each function.

Dan 2010-10-27 16:50:55

Answer 2

+2 A:

#ifdef FOO_H_

   /* I considered allowing you to include this multiple times (probably indirectly)
      and have a new set of `#define`s switched on each time, but the interaction
      between that and the FOO_H_ got confusing. I don't doubt that there is a good
      way to accomplish that, but I decided not to worry with it right now. */

#warn foo.h included more than one time

#else /* FOO_H_ */

#include <message.h>

#ifdef FOO_COMPONENT_A

int foo_func1(int x);
static inline int foo_func2(message_t * msg) {
    return msg_send(foo, msg);
}
...

#else /* FOO_COMPONENT_A */

  /* Doing this will hopefully cause your compiler to spit out a message with
     an error that will provide a hint as to why using this function name is
     wrong. You might want to play around with your compiler (and maybe a few
     others) to see if there is a better illegal code for the body of the
     macros. */
#define foo_func1(x) ("foo_func1"=NULL)
#define foo_func2(x) ("foo_func2"=NULL)

...
#endif /* FOO_COMPONENT_A */

#ifdef FOO_COMPONENT_B

int foo_func3(int x);

#else /* FOO_COMPONENT_B */

#define foo_func3(x) ("foo_func3"=NULL)

#endif /* FOO_COMPONENT_B */

nategoose 2010-10-26 21:14:38

I like Dan's original approach better: if there's a component which will be accessed by nearly all other components, the `#if defined(FOO_COMPONENT_A) || defined(FOO_COMPONENT_B) || ...` will be far less readable than providing separate headers

Christoph 2010-10-27 06:53:58

Dan 2010-10-27 16:53:15

Answer 3

+1 A:

You should consider creating a mini-language and a simple tool to generate header files along the lines of what nategoose proposed in his answer.

To generate the header in that answer, something like this (call it foo.comp):

[COMPONENT_A]
int foo_func1(int x);
static inline int foo_func2(message_t * msg) {
    return msg_send(foo, msg);
}

[COMPONENT_B]
int foo_func3(int x);

(and extending the example to give an interface usable by multiple components):

[COMPONENT_B, COMPONENT_C]
int foo_func4(void);

This would be straightforward to parse and generate the header file. If your interfaces (I especially suspect the message passing might be) are even more boilerplate than I've assumed above, you can simplify the language somewhat.

The advantages here are:

A bit of syntactic sugar to make the maintenance easier.
You can change the protection scheme by changing the tool if you discover a better method later. There will be fewer places to change, which means you're more likely to be able to make the change. (For example, you might later find an alternative to the "illegal macro code" that nategoose proposes.)

bstpierre 2010-10-26 21:37:43

I don't really see the point of creating a custom preprocesor if all it does is replace `[COMPONENT_A, COMPONENT_B]` with `#if defined(COMPONENT_A) || defined(COMPONENT_B) ... #endif`

Christoph 2010-10-27 06:49:39

Depending on how often this would be used this could be overkill (since the language would have to understand C well enough not to mess it up), but it could help out by helping you keep all of the preprocessor conditional blocks straight. It would have to be careful if it reordered (to combine) blocks of code, though, since there may be order based dependencies.

nategoose 2010-10-27 13:38:20

It buys flexibility -- with a certain cost. If the relationships between the components are subject to change and maintenance, then the gain from flexibility may be worth it. It's not necessarily true that "all it does is replace..." -- it could generate separated header files. If the APIs and/or messages are boilerplate, all conforming to a given interface, then it could simplify the declarations. It can make refactoring easier since there's a single place to change. Again, I'm not saying it's necessary or even desirable in all circumstances. Just something to consider.

bstpierre 2010-10-27 14:30:56

@btspierre - thanks for the answer. Actually there is someone in the group who is chomping at the bit to create just such a tool. There are a couple pockets of resistance to this internally: 1) group has had bad experiences in the past with home-grown tools (before my time) - probably more complex tools however; 2) documentation (even simple documentation) would be required, and documentation tends to get bypassed/overlooked; 3) the "hit by a bus" idea - what if tool maintainer quits, etc. Also I suppose we'd need to ensure the tool is always run during build to re-generate the header.

Dan 2010-10-27 16:58:02

@Dan - Yes, those are all valid things to consider.

bstpierre 2010-10-27 20:20:24

ansaurus

tags:

views:

answers:

How to enforce interface contracts (in C) at compile time?

related questions