svn commit: r274340 - in head/sys: crypto/rijndael dev/random geom/bde

[Dag-Erling Smørgrav]

Bruce Evans <brde at optusnet.com.au> writes:
> -Wcast-qual is not a very good warning option since the official way
> to remove qualifiers in C is to cast them away.  Casting them away is
> better than using the __DECONST() abomination.  The option exists
> because it is too easy for sloppy code to cast away const without
> really intending to or when casting away const is done intentionally
> but is an error.

I agree that __DECONST() is ugly (not least because it strips all
qualifiers, not just const, so it should be DEQUAL()), but the
alternative is worse.  In my experience, the majority of cases where a
cast discards a qualifier are bugs, with struct iov being one of very
few legitimate use cases.

In the same vein, you could also argue that it is wrong of gcc and clang
to warn about underparanthesized boolean expressions or about using an
assignment as a truth value.  Yet these warnings are extremely useful,
because code that triggers them is often either incorrect or easily
misinterpreted by a casual reader.

Apple's "goto fail" certificate verification bug was caused by code that
was perfectly legal and looked fine at first glance but would have been
caught by -Wunreachable-code.  Unfortunately, turning it on in our tree
breaks the build in non-trivially-fixable ways because it is triggered
by const propagation into inline functions.

DES
-- 
Dag-Erling Smørgrav - des at des.no