cvs commit: src/lib/libmemstat memstat_malloc.c
Bruce Evans
bde at optusnet.com.au
Tue May 22 19:14:02 UTC 2007
On Tue, 22 May 2007, Robert Watson wrote:
> On Tue, 22 May 2007, Poul-Henning Kamp wrote:
>
>> C unfortunately lacks a syntax that can express suck subtle and non-subtle
>> nuances and recent standardization efforts have shown little interest in
>> offering more "intentional programming" facilities in C.
>>
>> Absent such progress and despite what the Zen master says, I think const is
>> a useful concept and that the occational well-thought out use of
>> __DECONST() can not only be fully justified but also recommended. Provided
>> it is used to improve the expression of deliberate intent, rather than to
>> paste over gottchas.
Further investigation (more details in private mail) shows that the
use of __DECONST() here is even worse than for pasting over gotchas.
__DECONST() is being abused mainly to convert from a pointer to an
unsigned long. It casts away a const qualifier almost as a side effect,
but so does the old code on amd64 at least. Both __DECONST() and the
old code depend on the gcc bug that -Wcast-qual is broken for casts
from pointers to integers. If the change to use __DECONST() has any
effect at all, then it seems to be because gcc has fixed this bug for
conversions to some integer types but not to uintptr_t.
> I like const, but it necessarily requires incremental deployment on a code
> base. __DECONST allows use of const in new modules before dependent modules
> have been converted. To pull an arbitrary example out of an arbitrary hat:
> libkvm isn't const-poisoned, but libmemstat is. With the new gcc version, we
> now see a warning, which is silenced by marking the transition into libkvm
> with __DECONST.
Again, the type mismatches have very little to do with const. libkvm
requires kernel addresses to be represented as unsigned longs, while
libmemstat requires kernel addresses to be represented as "void *"s or
"const void *"s. Neither of these requirements is very good, and
libmemstat's requirement is a regression if anything, since the kernel
address space might be segmented or otherwise magic and thus unrepresentable
by userland pointers. To convert between these APIs, pointers must be
converted to integers, and type qualifiers are normally lost as a side
effect.
Bruce
More information about the cvs-src
mailing list