From 289a8a41ab03081a26aec64f0cc29134c6ee8844 Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 16 Oct 2025 12:43:34 +0200 Subject: [PATCH 1/9] [runtime] Adopt safer native compiler flags: Wignored-qualifiers Example warning: ``` macios/runtime/xamarin/runtime.h:232:14: error: 'const' type qualifier on return type has no effect [-Werror,-Wignored-qualifiers] 232 | const char * const xamarin_get_original_working_directory_path (); ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/monotouch-main.m | 2 +- runtime/xamarin/runtime.h | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/mk/rules.mk b/mk/rules.mk index d7d79eba029f..2febfebb2006 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -36,6 +36,7 @@ CFLAGS=\ -Werror=format-security \ -fdiagnostics-absolute-paths \ -Wno-objc-protocol-property-synthesis \ + -Wignored-qualifiers \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/monotouch-main.m b/runtime/monotouch-main.m index 6e30c877984b..0933127c6876 100644 --- a/runtime/monotouch-main.m +++ b/runtime/monotouch-main.m @@ -29,7 +29,7 @@ static char original_working_directory_path [MAXPATHLEN]; -const char * const +const char * xamarin_get_original_working_directory_path () { return original_working_directory_path; diff --git a/runtime/xamarin/runtime.h b/runtime/xamarin/runtime.h index ffcf95b4f136..54b8b878f01a 100644 --- a/runtime/xamarin/runtime.h +++ b/runtime/xamarin/runtime.h @@ -229,7 +229,7 @@ void xamarin_bridge_raise_unhandled_exception_event (GCHandle exception_gchand bool xamarin_register_monoassembly (MonoAssembly *assembly, GCHandle *exception_gchandle); void xamarin_install_nsautoreleasepool_hooks (); void xamarin_enable_new_refcount (); -const char * const xamarin_get_original_working_directory_path (); +const char * xamarin_get_original_working_directory_path (); int xamarin_get_runtime_arch (); MonoObject * xamarin_new_nsobject (id self, MonoClass *klass, GCHandle *exception_gchandle); From f3079d113f0b8368e9d54e968ab80dd1bfb489d6 Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 16 Oct 2025 12:43:34 +0200 Subject: [PATCH 2/9] [runtime] Adopt safer native compiler flags: Wmissing-field-initializers Example warning: ``` In file included from macios/appex-deduplicate-frameworks/macios/runtime/runtime.m:98: macios/runtime/delegates.inc:189:41: error: missing field 'register_assembly' initializer [-Werror,-Wmissing-field-initializers] 189 | static struct Delegates delegates = { 0 }; | ^ ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/coreclr-bridge.m | 2 +- runtime/delegates.inc.t4 | 2 +- runtime/runtime.m | 2 +- runtime/trampolines.m | 8 ++++---- tools/common/StaticRegistrar.cs | 12 +++--------- 6 files changed, 11 insertions(+), 16 deletions(-) diff --git a/mk/rules.mk b/mk/rules.mk index 2febfebb2006..90618b3143bf 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -37,6 +37,7 @@ CFLAGS=\ -fdiagnostics-absolute-paths \ -Wno-objc-protocol-property-synthesis \ -Wignored-qualifiers \ + -Wmissing-field-initializers \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/coreclr-bridge.m b/runtime/coreclr-bridge.m index 033f9eef6677..8554e64980c9 100644 --- a/runtime/coreclr-bridge.m +++ b/runtime/coreclr-bridge.m @@ -425,7 +425,7 @@ return NULL; } - struct stat stat_buf = { 0 }; + struct stat stat_buf = { }; if (fstat (fd, &stat_buf) == -1) { LOG (PRODUCT ": Could not stat the runtime config file '%s' in the app bundle: %s\n", path, strerror (errno)); close (fd); diff --git a/runtime/delegates.inc.t4 b/runtime/delegates.inc.t4 index 264298c528bc..d26361ee6698 100644 --- a/runtime/delegates.inc.t4 +++ b/runtime/delegates.inc.t4 @@ -25,7 +25,7 @@ struct Delegates { <# } #> }; -static struct Delegates delegates = { 0 }; +static struct Delegates delegates = { }; static GCHandle create_linked_away_exception (const char *func) diff --git a/runtime/runtime.m b/runtime/runtime.m index 2bcb863f988c..03c45fa995a8 100644 --- a/runtime/runtime.m +++ b/runtime/runtime.m @@ -186,7 +186,7 @@ (void *) &xamarin_get_nsobject_data_trampoline, }; -static struct InitializationOptions options = { 0 }; +static struct InitializationOptions options = { }; #if !defined (CORECLR_RUNTIME) void diff --git a/runtime/trampolines.m b/runtime/trampolines.m index 9baf267b1a7c..a0e927e7ec05 100644 --- a/runtime/trampolines.m +++ b/runtime/trampolines.m @@ -905,7 +905,7 @@ pthread_mutex_lock (&gchandle_hash_lock); if (gchandle_hash == NULL) { - CFDictionaryValueCallBacks value_callbacks = { 0 }; + CFDictionaryValueCallBacks value_callbacks = { }; value_callbacks.release = release_gchandle_dictionary_entry; gchandle_hash = CFDictionaryCreateMutable (kCFAllocatorDefault, 0, NULL, &value_callbacks); } @@ -1411,7 +1411,7 @@ element_class = e_class; } - struct conversion_data data = { 0 }; + struct conversion_data data = { }; data.domain = mono_domain_get (); data.element_class = element_class; data.element_type = mono_class_get_type (data.element_class); @@ -1437,7 +1437,7 @@ element_class = e_class; } - struct conversion_data data = { 0 }; + struct conversion_data data = { }; data.domain = mono_domain_get (); data.element_class = element_class; data.element_type = mono_class_get_type (data.element_class); @@ -1463,7 +1463,7 @@ element_class = e_class; } - struct conversion_data data = { 0 }; + struct conversion_data data = { }; data.element_class = element_class; data.element_type = mono_class_get_type (data.element_class); data.iface_token_ref = iface_token_ref; diff --git a/tools/common/StaticRegistrar.cs b/tools/common/StaticRegistrar.cs index 3bfbb503a647..6522a5855520 100644 --- a/tools/common/StaticRegistrar.cs +++ b/tools/common/StaticRegistrar.cs @@ -3107,7 +3107,7 @@ void Specialize (AutoIndentStringBuilder sb, out string initialization_method) sb.WriteLine (); } - map.AppendLine ("{ NULL, 0 },"); + map.AppendLine ("{ NULL, 0, 0 },"); map.AppendLine ("};"); map.AppendLine (); @@ -4342,14 +4342,8 @@ void SpecializePrepareReturnValue (AutoIndentStringBuilder sb, ObjCMethod method if (isVoid) return; - switch (rettype) { - case "CGRect": - body_setup.AppendLine ("{0} res = {{{{0}}}};", rettype); - break; - default: - body_setup.AppendLine ("{0} res = {{0}};", rettype); - break; - } + body_setup.AppendLine ("{0} res = {{ }};", rettype); + var isArray = returntype is ArrayType; var type = returntype.Resolve () ?? returntype; var retain = method.RetainReturnValue; From 294fa889107d46fbbe565e75e384f3530de3945f Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Wed, 22 Oct 2025 23:39:35 +0200 Subject: [PATCH 3/9] [runtime] Adopt safer native compiler flags: Wcast-function-type-mismatch (#24072) Example warning: ``` macios/runtime/trampolines.m:1784:9: error: cast from 'void *(*)(MonoObject *, void *, GCHandle *)' (aka 'void *(*)(_MonoObject *, void *, void **)') to 'xamarin_managed_to_id_func' (aka 'id (*)(_MonoObject *, void *, void **)') converts to incompatible function type [-Werror,-Wcast-function-type-mismatch] 1784 | return (xamarin_managed_to_id_func) xamarin_smart_enum_to_nsstring; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/trampolines.m | 4 ++-- runtime/xamarin/trampolines.h | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mk/rules.mk b/mk/rules.mk index 90618b3143bf..9ec5fd7a58a0 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -38,6 +38,7 @@ CFLAGS=\ -Wno-objc-protocol-property-synthesis \ -Wignored-qualifiers \ -Wmissing-field-initializers \ + -Wcast-function-type-mismatch \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/trampolines.m b/runtime/trampolines.m index a0e927e7ec05..609561207a0e 100644 --- a/runtime/trampolines.m +++ b/runtime/trampolines.m @@ -714,7 +714,7 @@ xamarin_set_gchandle_with_flags (self, INVALID_GCHANDLE, XamarinGCHandleFlags_None); // Call the managed implementation - id (*invoke) (id, SEL, NSZone*) = (id (*)(id, SEL, NSZone*)) xamarin_trampoline; + id (*invoke) (id, SEL, NSZone*) = (id (*)(id, SEL, NSZone*)) (void *) xamarin_trampoline; rv = invoke (self, sel, zone); // Restore our GCHandle @@ -1674,7 +1674,7 @@ return (xamarin_managed_to_id_func) xamarin_get_nsvalue_converter (managedType, method, false, exception_gchandle); } -void * +id xamarin_smart_enum_to_nsstring (MonoObject *value, void *context /* token ref */, GCHandle *exception_gchandle) { guint32 context_ref = GPOINTER_TO_UINT (context); diff --git a/runtime/xamarin/trampolines.h b/runtime/xamarin/trampolines.h index 9b904a07a33e..2ad9cb097f60 100644 --- a/runtime/xamarin/trampolines.h +++ b/runtime/xamarin/trampolines.h @@ -121,7 +121,7 @@ NSArray * xamarin_convert_managed_to_nsarray_with_func (MonoArray *array, xama MonoArray * xamarin_convert_nsarray_to_managed_with_func (NSArray *array, MonoClass *managedElementType, xamarin_id_to_managed_func convert, void *context, GCHandle *exception_gchandle); void * xamarin_nsstring_to_smart_enum (id value, void *ptr, MonoClass *managedType, void *context, GCHandle *exception_gchandle); -void * xamarin_smart_enum_to_nsstring (MonoObject *value, void *context /* token ref */, GCHandle *exception_gchandle); +id xamarin_smart_enum_to_nsstring (MonoObject *value, void *context /* token ref */, GCHandle *exception_gchandle); // Returns a pointer to the value type, which must be freed using xamarin_free. void *xamarin_nsnumber_to_bool (NSNumber *number, void *ptr, MonoClass *managedType, void *context, GCHandle *exception_gchandle); From 8b07310bdfebf68ed11cc471fafe667d29f40525 Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 16 Oct 2025 12:43:34 +0200 Subject: [PATCH 4/9] [runtime] Adopt safer native compiler flags: Wsemicolon-before-method-body Example warning: ``` macios/runtime/shared.m:50:106: error: semicolon before method body is ignored [-Werror,-Wsemicolon-before-method-body] 50 | -(id) initWithData: (void *) targ selector:(SEL) sel argument:(id) arg is_direct_binding:(bool) is_direct; | ^ ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/shared.m | 8 ++++---- tests/test-libraries/libtest.m | 10 +++++----- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/mk/rules.mk b/mk/rules.mk index 9ec5fd7a58a0..5db86e182ccf 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -39,6 +39,7 @@ CFLAGS=\ -Wignored-qualifiers \ -Wmissing-field-initializers \ -Wcast-function-type-mismatch \ + -Wsemicolon-before-method-body \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/shared.m b/runtime/shared.m index 2731bdd49c05..47c4c75bd54b 100644 --- a/runtime/shared.m +++ b/runtime/shared.m @@ -47,7 +47,7 @@ -(void) dealloc; @implementation XamarinNSThreadObject { } --(id) initWithData: (void *) targ selector:(SEL) sel argument:(id) arg is_direct_binding:(bool) is_direct; +-(id) initWithData: (void *) targ selector:(SEL) sel argument:(id) arg is_direct_binding:(bool) is_direct { target = targ; if (is_direct) @@ -58,7 +58,7 @@ -(id) initWithData: (void *) targ selector:(SEL) sel argument:(id) arg is_direct return self; } --(void) start: (id) arg; +-(void) start: (id) arg { if (is_direct_binding) { id (*invoke) (id, SEL, id) = (id (*)(id, SEL, id)) objc_msgSend; @@ -69,7 +69,7 @@ -(void) start: (id) arg; } } --(void) dealloc; +-(void) dealloc { // Cast to void* so that ObjC doesn't do any funky retain/release // on these objects when capturing them for the block, since we @@ -125,7 +125,7 @@ -(void) entryPoint: (NSObject *) obj the_func (); [pool drain]; } --(id) initWithFunc: (init_cocoa_func *) func; +-(id) initWithFunc: (init_cocoa_func *) func { self = [super init]; if (self != nil) { diff --git a/tests/test-libraries/libtest.m b/tests/test-libraries/libtest.m index 1319a0a30fa1..6db61172d600 100644 --- a/tests/test-libraries/libtest.m +++ b/tests/test-libraries/libtest.m @@ -357,7 +357,7 @@ -(BOOL) isKindOfClass: (Class) cls; @implementation FakeType2 { } -- (BOOL) isKindOfClass: (Class) cls; +- (BOOL) isKindOfClass: (Class) cls { if (cls == objc_getClass ("FakeType1")) return YES; @@ -873,7 +873,7 @@ static void block_called () #pragma clang diagnostic pop } -+(void) callProtocolWithBlockProperties: (id) obj required: (bool) required instance: (bool) instance; ++(void) callProtocolWithBlockProperties: (id) obj required: (bool) required instance: (bool) instance { if (required) { if (instance) { @@ -890,7 +890,7 @@ +(void) callProtocolWithBlockProperties: (id) obj r } } -+(void) callProtocolWithBlockReturnValue: (id) obj required: (bool) required instance: (bool) instance; ++(void) callProtocolWithBlockReturnValue: (id) obj required: (bool) required instance: (bool) instance { if (required) { if (instance) { @@ -1438,7 +1438,7 @@ - (void) add: (id) value self.count = 1; } -- (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id __unsafe_unretained _Nullable [_Nonnull])buffer count:(NSUInteger)len; +- (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id __unsafe_unretained _Nullable [_Nonnull])buffer count:(NSUInteger)len { if (len > 0) buffer [0] = self.element; @@ -1493,7 +1493,7 @@ @implementation VeryGenericFactory @end @implementation WeakReferencedObject : NSObject --(int) doSomething; +-(int) doSomething { return 666; } From 4572a97097c1816494154075fbdbb89fdab35206 Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 23 Oct 2025 08:32:24 +0200 Subject: [PATCH 5/9] [runtime] Adopt safer native compiler flags: Wsign-compare Example warning: ``` macios/runtime/trampolines-arm64.m:214:21: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare] 214 | for (int i = 1; i < struct_length; i++) | ~ ^ ~~~~~~~~~~~~~ ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/trampolines-arm64.h | 4 ++-- runtime/trampolines-arm64.m | 8 ++++---- tests/test-libraries/libtest.m | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/mk/rules.mk b/mk/rules.mk index 5db86e182ccf..6fff48fa1bf7 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -40,6 +40,7 @@ CFLAGS=\ -Wmissing-field-initializers \ -Wcast-function-type-mismatch \ -Wsemicolon-before-method-body \ + -Wsign-compare \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/trampolines-arm64.h b/runtime/trampolines-arm64.h index 60e1fb6ea063..30d3046e173f 100644 --- a/runtime/trampolines-arm64.h +++ b/runtime/trampolines-arm64.h @@ -57,8 +57,8 @@ struct XamarinCallState { struct ParamIterator { struct XamarinCallState *state; - int ngrn; // Next General-purpose Register Number - int nsrn; // Next SIMD and Floating-point Register Number + unsigned int ngrn; // Next General-purpose Register Number + unsigned int nsrn; // Next SIMD and Floating-point Register Number size_t ngrn_offset; // Offset into the current general purpose register number uint8_t *nsaa; // Next stacked argument address. diff --git a/runtime/trampolines-arm64.m b/runtime/trampolines-arm64.m index 5969be4368e6..6d94905aad62 100644 --- a/runtime/trampolines-arm64.m +++ b/runtime/trampolines-arm64.m @@ -211,11 +211,11 @@ bool is_hfa = is_struct && struct_length >= 2 && struct_length <= 4; if (is_hfa) { is_hfa = struct_name [0] == 'f' || struct_name [0] == 'd'; - for (int i = 1; i < struct_length; i++) + for (size_t i = 1; i < struct_length; i++) is_hfa &= struct_name [i] == struct_name [0]; } - int ngrn_registers_left = 8 - it->ngrn; + size_t ngrn_registers_left = 8 - it->ngrn; bool read_register = ngrn_registers_left > 0; if (size > 16 && !is_hfa) { @@ -310,7 +310,7 @@ (size == 8 && !strncmp (struct_name, "d", 1))) { LOGZ (" marshalling as %i doubles (struct name: %s)\n", (int) size / 8, struct_name); double* ptr = (double *) mono_object_unbox (value); - for (int i = 0; i < size / 8; i++) { + for (size_t i = 0; i < size / 8; i++) { LOGZ (" #%i: %f\n", i, ptr [i]); it->q [i].q = ptr [i]; } @@ -320,7 +320,7 @@ (size == 4 && !strncmp (struct_name, "f", 1))) { LOGZ (" marshalling as %i floats (struct name: %s)\n", (int) size / 4, struct_name); float* ptr = (float *) mono_object_unbox (value); - for (int i = 0; i < size / 4; i++) { + for (size_t i = 0; i < size / 4; i++) { LOGZ (" #%i: %f\n", i, ptr [i]); it->q [i].f.f1 = ptr [i]; } diff --git a/tests/test-libraries/libtest.m b/tests/test-libraries/libtest.m index 6db61172d600..14ff6db7fcb6 100644 --- a/tests/test-libraries/libtest.m +++ b/tests/test-libraries/libtest.m @@ -1513,7 +1513,7 @@ -(void) addObject: (WeakReferencedObject *) obj -(void) callDoSomething: (int*) nilObjectCount nonNilObjectCount: (int *) nonNilObjectCount gotExpectedResponse: (int *) gotExpectedResponse gotUnexpectedResponse: (int *) gotUnexpectedResponse gotFinalizedResponse: (int *) gotFinalizedResponse { - for (int i = 0; i < self.array.count; i++) { + for (unsigned int i = 0; i < self.array.count; i++) { WeakReferencedObject *obj = (WeakReferencedObject *) [self.array pointerAtIndex: (NSUInteger) i]; if (obj) { *nonNilObjectCount= *nonNilObjectCount + 1; From 9581764a804bc8230a9870c513a36ea874ca785d Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 23 Oct 2025 09:05:33 +0200 Subject: [PATCH 6/9] [runtime] Adopt safer native compiler flags: ftrivial-auto-var-init=zero This will zero-initialize all automatic (stack and register based) variables. References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/mk/rules.mk b/mk/rules.mk index 6fff48fa1bf7..518f187fe742 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -31,6 +31,7 @@ CFLAGS=\ -Wdeprecated \ -Wuninitialized \ -fstack-protector-strong \ + -ftrivial-auto-var-init=zero \ -Wformat \ -Wformat-security \ -Werror=format-security \ From 0d285f06b5eb158a876318f81055f6ddab60190f Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 23 Oct 2025 09:36:51 +0200 Subject: [PATCH 7/9] [runtime] Adopt safer native compiler flags: Wshadow Example warning: ``` macios/runtime/trampolines-invoke.m:212:15: error: declaration shadows a local variable [-Werror,-Wshadow] 212 | const char *type = xamarin_skip_encoding_flags (argType); | ^ ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/monovm-bridge.m | 1 - runtime/runtime.m | 20 ++++++++++++-------- runtime/trampolines-invoke.m | 14 ++++++-------- 4 files changed, 19 insertions(+), 17 deletions(-) diff --git a/mk/rules.mk b/mk/rules.mk index 518f187fe742..74461f0b20b8 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -42,6 +42,7 @@ CFLAGS=\ -Wcast-function-type-mismatch \ -Wsemicolon-before-method-body \ -Wsign-compare \ + -Wshadow \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/monovm-bridge.m b/runtime/monovm-bridge.m index 054fe5653109..dda287dcfbfb 100644 --- a/runtime/monovm-bridge.m +++ b/runtime/monovm-bridge.m @@ -267,7 +267,6 @@ bool xamarin_is_class_nsstring (MonoClass *cls) { - MonoClass *nsstring_class = xamarin_get_nsstring_class (); if (nsstring_class == NULL) return false; diff --git a/runtime/runtime.m b/runtime/runtime.m index 03c45fa995a8..1a690403b915 100644 --- a/runtime/runtime.m +++ b/runtime/runtime.m @@ -2176,9 +2176,11 @@ -(struct NSObjectData*) xamarinGetNSObjectData; MarshalManagedExceptionMode mode; GCHandle exception_gchandle = INVALID_GCHANDLE; - GCHandle handle = xamarin_gchandle_new (exception, false); - mode = xamarin_on_marshal_managed_exception (handle, &exception_gchandle); - xamarin_gchandle_free (handle); + { + GCHandle handle = xamarin_gchandle_new (exception, false); + mode = xamarin_on_marshal_managed_exception (handle, &exception_gchandle); + xamarin_gchandle_free (handle); + } if (exception_gchandle != INVALID_GCHANDLE) { PRINT (PRODUCT ": Got an exception while executing the MarshalManagedException event (this exception will be ignored):"); @@ -2197,7 +2199,7 @@ -(struct NSObjectData*) xamarinGetNSObjectData; switch (mode) { #if !defined (CORECLR_RUNTIME) // CoreCLR won't unwind through native frames, so we'll have to abort (in the default case statement) case MarshalManagedExceptionModeDisable: - case MarshalManagedExceptionModeUnwindNativeCode: + case MarshalManagedExceptionModeUnwindNativeCode: { // // We want to maintain the original stack trace of the exception, but unfortunately // calling mono_raise_exception directly with the original exception will overwrite @@ -2210,7 +2212,7 @@ -(struct NSObjectData*) xamarinGetNSObjectData; // to throw an exception that contains the original stack trace. // - handle = xamarin_gchandle_new (exception, false); + GCHandle handle = xamarin_gchandle_new (exception, false); xamarin_rethrow_managed_exception (handle, &exception_gchandle); xamarin_gchandle_free (handle); @@ -2231,8 +2233,9 @@ -(struct NSObjectData*) xamarinGetNSObjectData; xamarin_handling_unhandled_exceptions = 0; mono_raise_exception ((MonoException *) exception); -#endif break; + } +#endif case MarshalManagedExceptionModeThrowObjectiveCException: { GCHandle handle = xamarin_gchandle_new (exception, false); NSException *ns_exc = xamarin_unwrap_ns_exception (handle, &exception_gchandle); @@ -2295,13 +2298,14 @@ -(struct NSObjectData*) xamarinGetNSObjectData; case MarshalManagedExceptionModeUnwindNativeCode: #endif case MarshalManagedExceptionModeAbort: - default: - handle = xamarin_gchandle_new (exception, false); + default: { + GCHandle handle = xamarin_gchandle_new (exception, false); const char *msg = [xamarin_print_all_exceptions (handle) UTF8String]; xamarin_gchandle_free (handle); xamarin_assertion_message ("Aborting due to trying to marshal managed exception:\n%s\n", msg); break; } + } } void diff --git a/runtime/trampolines-invoke.m b/runtime/trampolines-invoke.m index 16bafd12002a..ae05ab9c127c 100644 --- a/runtime/trampolines-invoke.m +++ b/runtime/trampolines-invoke.m @@ -79,13 +79,13 @@ } void -xamarin_invoke_trampoline (enum TrampolineType type, id self, SEL sel, iterator_func iterator, marshal_return_value_func marshal_return_value, void *context) +xamarin_invoke_trampoline (enum TrampolineType trampoline_type, id self, SEL sel, iterator_func iterator, marshal_return_value_func marshal_return_value, void *context) { MonoObject *exception = NULL; MonoObject **exception_ptr = xamarin_is_managed_exception_marshaling_disabled () ? NULL : &exception; GCHandle exception_gchandle = INVALID_GCHANDLE; - bool is_static = (type & Tramp_Static) == Tramp_Static; - bool is_ctor = type == Tramp_Ctor; + bool is_static = (trampoline_type & Tramp_Static) == Tramp_Static; + bool is_ctor = trampoline_type == Tramp_Ctor; const char *ret_type = NULL; MonoType *sig_ret_type = NULL; @@ -148,8 +148,6 @@ void *iter = NULL; gboolean needs_writeback = FALSE; // determines if there are any ref/out parameters. MonoType *p; - int ofs; - unsigned long i; unsigned long mofs = 0; unsigned long desc_arg_count = num_arg + 2; /* 1 for the return value + 1 if this is a category instance method */ @@ -207,11 +205,11 @@ if (exception_gchandle != INVALID_GCHANDLE) goto exception_handling; - for (i = 0, ofs = 0; i < num_arg; i++) { + for (unsigned long i = 0, ofs = 0; i < num_arg; i++) { const char *argType = [sig getArgumentTypeAtIndex: (i+2)]; const char *type = xamarin_skip_encoding_flags (argType); unsigned long size = xamarin_objc_type_size (type); - int frameofs = ofs; + unsigned long frameofs = ofs; p = mono_signature_get_params (msig, &iter); ADD_TO_MONOOBJECT_RELEASE_LIST (p); LOGZ (" argument %i's type: %s (argType: %s)\n", (int) i + 1, type, argType); @@ -633,7 +631,7 @@ iterator (IteratorStart, context, NULL, 0, NULL, &exception_gchandle); // start if (exception_gchandle != INVALID_GCHANDLE) goto exception_handling; - for (i = 0; i < num_arg; i++) { + for (unsigned long i = 0; i < num_arg; i++) { const char *type = [sig getArgumentTypeAtIndex: (i+2)]; type = xamarin_skip_encoding_flags (type); From 183abb76c1469a4d790c2e586df96fa6df481d49 Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 23 Oct 2025 10:12:41 +0200 Subject: [PATCH 8/9] [runtime] Adopt safer native compiler flags: Wformat-nonliteral Example warning: ```objc nsstring-localization.m:33:46: error: format string is not a string literal [-Werror,-Wformat-nonliteral] 33 | return [NSString localizedStringWithFormat: format, a]; | ^~~~~~ ``` References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 1 + runtime/nsstring-localization.m | 6 +++++- runtime/runtime.m | 25 +++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/mk/rules.mk b/mk/rules.mk index 74461f0b20b8..59285fd5d7a0 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -43,6 +43,7 @@ CFLAGS=\ -Wsemicolon-before-method-body \ -Wsign-compare \ -Wshadow \ + -Wformat-nonliteral \ -g \ -I. SWIFTFLAGS=-g -emit-library diff --git a/runtime/nsstring-localization.m b/runtime/nsstring-localization.m index 655336db1044..bdcace25549a 100644 --- a/runtime/nsstring-localization.m +++ b/runtime/nsstring-localization.m @@ -14,10 +14,14 @@ #include -// Silence this warning: +// Silence these warnings: // nsstring-localization.m:22:46: warning: format string is not a string literal (potentially insecure) [-Wformat-security] // return [NSString localizedStringWithFormat: format]; #pragma clang diagnostic ignored "-Wformat-security" +// nsstring-localization.m:33:46: error: format string is not a string literal [-Werror,-Wformat-nonliteral] +// 33 | return [NSString localizedStringWithFormat: format, a]; +// | ^~~~~~ +#pragma clang diagnostic ignored "-Wformat-nonliteral" extern "C" { diff --git a/runtime/runtime.m b/runtime/runtime.m index 1a690403b915..fc0dedb34290 100644 --- a/runtime/runtime.m +++ b/runtime/runtime.m @@ -1310,7 +1310,16 @@ -(struct NSObjectData*) xamarinGetNSObjectData; char *formatted = NULL; va_start (args, msg); + +// Silence this warning: +// runtime.m:1313:25: error: format string is not a string literal [-Werror,-Wformat-nonliteral] +// 1313 | vasprintf (&formatted, msg, args); +// | ^~~~~ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wformat-nonliteral" vasprintf (&formatted, msg, args); +#pragma clang diagnostic pop + va_end (args); return formatted; @@ -1323,7 +1332,16 @@ -(struct NSObjectData*) xamarinGetNSObjectData; char *formatted = NULL; va_start (args, msg); + +// Silence this warning: +// runtime.m:1335:25: error: format string is not a string literal [-Werror,-Wformat-nonliteral] +// 1335 | vasprintf (&formatted, msg, args); +// | ^~~ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wformat-nonliteral" vasprintf (&formatted, msg, args); +#pragma clang diagnostic pop + if (formatted) { PRINT ( PRODUCT ": %s", formatted); free (formatted); @@ -2552,7 +2570,14 @@ -(struct NSObjectData*) xamarinGetNSObjectData; void xamarin_vprintf (const char *format, va_list args) { +// Silence this warning: +// runtime.m:2564:56: error: format string is not a string literal [-Werror,-Wformat-nonliteral] +// 2564 | NSString *message = [[NSString alloc] initWithFormat: [NSString stringWithUTF8String: format] arguments: args]; +// | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wformat-nonliteral" NSString *message = [[NSString alloc] initWithFormat: [NSString stringWithUTF8String: format] arguments: args]; +#pragma clang diagnostic pop NSLog (@"%@", message); From 93426400fe036081aaea0ed8101729d90ef9456c Mon Sep 17 00:00:00 2001 From: Rolf Bjarne Kvinge Date: Thu, 23 Oct 2025 10:36:36 +0200 Subject: [PATCH 9/9] [runtime] Adopt safer native compiler flags: report numerous other warnings None of these warnings trigger in our code base at the moment. References: * https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app * https://releases.llvm.org/8.0.0/tools/clang/docs/ReleaseNotes.html#major-new-features (for -ftrivial-auto-var-init=zero) Contributes towards #23023. --- mk/rules.mk | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/mk/rules.mk b/mk/rules.mk index 59285fd5d7a0..fe9d9457c771 100644 --- a/mk/rules.mk +++ b/mk/rules.mk @@ -25,6 +25,9 @@ macos_DEFINES=-DMONOMAC OBJC_CFLAGS=-ObjC++ -std=c++14 -fno-exceptions -fno-objc-msgsend-selector-stubs -fobjc-abi-version=2 -fobjc-legacy-dispatch CFLAGS=\ -Wall \ + -Wextra \ + -Wno-unused-parameter \ + -Wno-unused-but-set-parameter \ -fms-extensions \ -Werror \ -Wconversion \ @@ -43,7 +46,15 @@ CFLAGS=\ -Wsemicolon-before-method-body \ -Wsign-compare \ -Wshadow \ + -Wempty-body \ + -Wbuiltin-memcpy-chk-size \ -Wformat-nonliteral \ + -Warray-bounds \ + -Warray-bounds-pointer-arithmetic \ + -Wsuspicious-memaccess \ + -Wsizeof-array-div \ + -Wsizeof-pointer-div \ + -Wreturn-stack-address \ -g \ -I. SWIFTFLAGS=-g -emit-library