From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id 42ca1706; Sat, 16 Jul 2016 11:37:44 -0500 (EST) Received: from britannica.bec.de (p20030057E226D410FDF258E0E751761A.dip0.t-ipconnect.de [IPv6:2003:57:e226:d410:fdf2:58e0:e751:761a]) (Authenticated sender: joerg@bec.de) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 67B04172094; Sat, 16 Jul 2016 18:37:41 +0200 (CEST) Date: Sat, 16 Jul 2016 18:37:40 +0200 From: Joerg Sonnenberger To: tech@mdocml.bsd.lv Cc: Joerg Sonnenberger Subject: Re: mdocml: To remove the const qualifier from a pointer to an object Message-ID: <20160716163740.GA32161@britannica.bec.de> Mail-Followup-To: tech@mdocml.bsd.lv, Joerg Sonnenberger References: <15489725859697430873.enqueue@fantadrom.bsd.lv> <20160715213103.GA7335@britannica.bec.de> <20160715220846.GA13283@athene.usta.de> X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160715220846.GA13283@athene.usta.de> User-Agent: Mutt/1.6.1 (2016-04-27) On Sat, Jul 16, 2016 at 12:08:46AM +0200, Ingo Schwarze wrote: > > The macro exists > > The macro does not exist. Neither the C standard nor POSIX specify > it or even indicate that something like that might be needed or > even useful. It was a purely local quirk in one single place of > the mandoc codebase. Besides, i checked with Philip Guenther, who > is both an expert in C and in POSIX, that no contortions are needed > here. This doesn't make any sense at all given that you just removed the macro. > > for two reasons: > > (1) It makes auditing easier by giving something simple to look for. > > It makes auditing harder due to obfuscation. What a plain cast > does is obvious on first sight. A macro needs to be looked up when > auditing the code to understand what it does, and due to the > unnecessary quadruple cast const char **" -> const void * -> > intptr_t -> void * -> char * const * instead of one single cast > it makes auditing even harder. This is plainly wrong. A type cast can have a hundred different meanings. It is far from obvious that it is only meant to remove a type qualifier. If you can't derive the intention from a macro called UNCONST... > I see no point in specifically auditing for casts removing const. Given that const memory can actually be read-only, removing the logical property is a clear sign of either a misdesigned interface, a workaround for a language defect or a plain bug to be waiting. It is no less a warning sign than use of strcpy.. > > (2) The macro actually stopped -Wcast warnings. > > You mean, -Wcast-qual? That's not enabled by default for a reason: > It's not useful in production builds. (It may occasionally be > helpful when doing a one-time audit of a dubious code base to > identify candidates for erroneous casts, though.) It is used in production builds by many systems, including FreeBSD and NetBSD, for a lot of software. Just because you don't do that in OpenBSD doesn't mean it doesn't create problems for others. > > The replacement does not. > > Just don't enable -Wcast-qual for compiling mandoc. I consider > that option harmful because it drives developers toward obfuscation. I beg to differ and a lot of people agree with me. Joerg -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv