From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=HTML_MESSAGE, MAILING_LIST_MULTI,NICE_REPLY_A,RCVD_IN_DNSWL_LOW,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 7693 invoked from network); 26 May 2023 11:51:16 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 26 May 2023 11:51:16 -0000 Received: (qmail 12222 invoked by uid 550); 26 May 2023 11:51:12 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 26138 invoked from network); 26 May 2023 11:29:43 -0000 Content-Type: multipart/alternative; boundary="------------xsSacQ35e2a0AZm9n7vr5qnt" Message-ID: <3a4f4a8e-9179-6606-e449-6fc2812d3525@mulle-kybernetik.com> Date: Fri, 26 May 2023 13:29:31 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Content-Language: en-US To: musl@lists.openwall.com References: <26b68deb9fc65f8331c7fedaa6d807f4d973a4e6.1684932942.git.Jens.Gustedt@inria.fr> From: Nat! In-Reply-To: <26b68deb9fc65f8331c7fedaa6d807f4d973a4e6.1684932942.git.Jens.Gustedt@inria.fr> Subject: Re: [musl] [C23 const 1/2] C23: change bsearch to a macro that respects the const contract This is a multi-part message in MIME format. --------------xsSacQ35e2a0AZm9n7vr5qnt Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit I can't help but comment on these changes. :) I think it's sort of obvious, that these macros increase code brittleness due to now multiple execution of macro arguments vs. a single execution in a function call. Weighing this versus the loss of const qualification (on my personal importance scale from 0-10a clear 0), it is not a worthwhile tradeoff. Ciao    Nat! Am 25.05.23 um 16:44 schrieb Jens Gustedt: > This adds a macro interface to stdlib that has an additional cast of > the return value to `void const*` for the case that the argument to > the call was also const-qualified. Nothing changes for the function > itself, only the identifier has to be protected with (), such that the > macro does not expand for the function declaration or definition. > --- > include/stdlib.h | 12 +++++++++++- > src/include/stdlib.h | 2 ++ > src/stdlib/bsearch.c | 2 +- > 3 files changed, 14 insertions(+), 2 deletions(-) > > diff --git a/include/stdlib.h b/include/stdlib.h > index 68ccd467..f5281777 100644 > --- a/include/stdlib.h > +++ b/include/stdlib.h > @@ -60,7 +60,17 @@ char *getenv (const char *); > > int system (const char *); > > -void *bsearch (const void *, const void *, size_t, size_t, int (*)(const void *, const void *)); > +void * (bsearch) (const void *, const void *, size_t, size_t, int (*)(const void *, const void *)); > +#if __STDC_VERSION__ > 201112L > +# define bsearch(K, B, N, S, C) \ > + _Generic( \ > + /* ensure conversion to a void pointer */ \ > + 1 ? (B) : (void*)1, \ > + void const*: (void const*)bsearch((K), (void const*)(B), (N), (S), (C)), \ > + /* volatile qualification of *B is an error for this call */ \ > + default: bsearch((K), (B), (N), (S), (C)) \ > +) > +#endif > void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); > > int abs (int); > diff --git a/src/include/stdlib.h b/src/include/stdlib.h > index 812b04de..f0b03df9 100644 > --- a/src/include/stdlib.h > +++ b/src/include/stdlib.h > @@ -16,4 +16,6 @@ hidden void *__libc_calloc(size_t, size_t); > hidden void *__libc_realloc(void *, size_t); > hidden void __libc_free(void *); > > +#undef bsearch > + > #endif > diff --git a/src/stdlib/bsearch.c b/src/stdlib/bsearch.c > index fe050ea3..4f62ea37 100644 > --- a/src/stdlib/bsearch.c > +++ b/src/stdlib/bsearch.c > @@ -1,6 +1,6 @@ > #include > > -void *bsearch(const void *key, const void *base, size_t nel, size_t width, int (*cmp)(const void *, const void *)) > +void *(bsearch)(const void *key, const void *base, size_t nel, size_t width, int (*cmp)(const void *, const void *)) > { > void *try; > int sign; --------------xsSacQ35e2a0AZm9n7vr5qnt Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit I can't help but comment on these changes. :)
 
I think it's sort of obvious, that these macros increase code brittleness due to now multiple execution of macro arguments vs. a single execution in a function call. Weighing this versus the loss of const qualification (on my personal importance scale from 0-10 a clear 0), it is not a worthwhile tradeoff.

Ciao
   Nat!


Am 25.05.23 um 16:44 schrieb Jens Gustedt:
This adds a macro interface to stdlib that has an additional cast of
the return value to `void const*` for the case that the argument to
the call was also const-qualified. Nothing changes for the function
itself, only the identifier has to be protected with (), such that the
macro does not expand for the function declaration or definition.
---
 include/stdlib.h     | 12 +++++++++++-
 src/include/stdlib.h |  2 ++
 src/stdlib/bsearch.c |  2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/include/stdlib.h b/include/stdlib.h
index 68ccd467..f5281777 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -60,7 +60,17 @@ char *getenv (const char *);
 
 int system (const char *);
 
-void *bsearch (const void *, const void *, size_t, size_t, int (*)(const void *, const void *));
+void * (bsearch) (const void *, const void *, size_t, size_t, int (*)(const void *, const void *));
+#if __STDC_VERSION__ > 201112L
+# define bsearch(K, B, N, S, C)                                         \
+	_Generic(                                                       \
+		/* ensure conversion to a void pointer */               \
+		1 ? (B) : (void*)1,                                     \
+		void const*: (void const*)bsearch((K), (void const*)(B), (N), (S), (C)), \
+		/* volatile qualification of *B is an error for this call */ \
+		default:     bsearch((K), (B), (N), (S), (C))           \
+)
+#endif
 void qsort (void *, size_t, size_t, int (*)(const void *, const void *));
 
 int abs (int);
diff --git a/src/include/stdlib.h b/src/include/stdlib.h
index 812b04de..f0b03df9 100644
--- a/src/include/stdlib.h
+++ b/src/include/stdlib.h
@@ -16,4 +16,6 @@ hidden void *__libc_calloc(size_t, size_t);
 hidden void *__libc_realloc(void *, size_t);
 hidden void __libc_free(void *);
 
+#undef bsearch
+
 #endif
diff --git a/src/stdlib/bsearch.c b/src/stdlib/bsearch.c
index fe050ea3..4f62ea37 100644
--- a/src/stdlib/bsearch.c
+++ b/src/stdlib/bsearch.c
@@ -1,6 +1,6 @@
 #include <stdlib.h>
 
-void *bsearch(const void *key, const void *base, size_t nel, size_t width, int (*cmp)(const void *, const void *))
+void *(bsearch)(const void *key, const void *base, size_t nel, size_t width, int (*cmp)(const void *, const void *))
 {
 	void *try;
 	int sign;

--------------xsSacQ35e2a0AZm9n7vr5qnt--