[swift-evolution] SR-104: Improve Crash-Safety when Importing Objective-C Code Without Nullability Attributes

Chris Lattner clattner at apple.com
Wed Dec 9 00:11:21 CST 2015


> On Dec 8, 2015, at 4:09 AM, Fabian Ehrentraud via swift-evolution <swift-evolution at swift.org> wrote:
> 
> Swift code accessing Objective-C methods can easily crash - if the Objective-C code does not include nullability attributes, the code is brought as implicitly unwrapped into Swift, where unsafe accesses do not produce compiler warnings.
> 
> I created issue SR-104 for this, but as suggested by Jordan Rose it should be discussed on this mailing list first.
> 
> Short example:
> 
> // Objective-C  
> - (NSString *)giveMeAString { return nil; }  
> 
> // Swift  
> func thisWillCrash() {  
>    let string = someObjectiveCObject.giveMeAString()  
>    let length = string.length // crash  
> }
> 
> The ClangImporter could handle this issue in several safer ways:
> 
> 1. Only import declarations that are nullability annotated (as proposed by Greg Parker)
> Positive side effect would be that it would motivate to write nullability annotations.

This seems unfortunate to me, because it would severely hamper interoperating with Objective-C and *C* APIs that have not been audited.  While Apple is keen to audit their APIs, I doubt that all the linux system headers will get updated in a timely manner and users don’t generally have a way to do anything about that.

> 2. Import un-annotated code as Optional
> Values would need to be unwrapped every time, which does not hurt too much due to the easy use of the `?` syntactic sugar.

This is a very interesting idea, one I haven’t considered recently.  I agree with you that this is worth considering, and I would love to see IUO just get summarily deleted :-)

-Chris


More information about the swift-evolution mailing list