From: Nick Clifton <nickc@redhat.com>
To: Jan Beulich <jbeulich@suse.com>,
Mark Harmstone <mark@harmstone.com>,
Alan Modra <amodra@gmail.com>
Cc: binutils@sourceware.org
Subject: Re: [PATCH] ld: Sort section contributions in PDB files
Date: Tue, 21 Feb 2023 10:49:12 +0000 [thread overview]
Message-ID: <7027c7ac-0e65-0bbb-22d3-167b929247f9@redhat.com> (raw)
In-Reply-To: <caa403ce-ec6b-9fda-7d07-f41da17ab4c3@suse.com>
Hi Jan, Hi Mark,
> In principle okay, but I'd like to re-raise the question of excess
> casting (hence including Nick and Alan as the far more experienced
> binutils maintainers):
Normally I would only be worried about excess casting if it is likely
to obscure a problem. Unnecessary casting might be niggling from a
readability point of view, but I would not normally consider it to be
a reason to reject a patch. Dangerous casting is another matter though...
>> +section_contribs_compare (const void *p1, const void *p2)
>> +{
>> + const struct in_sc *sc1 = (const struct in_sc *) p1;
>> + const struct in_sc *sc2 = (const struct in_sc *) p2;
>
> In ANSI C there's no need for these casts; it may be that they were
> needed in pre-ANSI dialects like K&R.
Agreed - the casts are not needed here.
> Personally I view _any_ cast
> as latently dangerous, and hence I'd prefer if casts were used only
> if there's no other option.
Well I think casts from a void type to something else are usually reasonable,
But otherwise I would agree that they are often suspicious.
On a related note - I would consider this line to be problematic:
sc_in = xmalloc (num_sc * sizeof (struct in_sc));
The code here implies that "sc_in" is a pointer to the "struct in_sc" type.
If at some future date the code is changed and the type of "sc_in" is changed
then the above line will still work, but the wrong amount of space will be
allocated. So I would suggest changing it to either:
sc_in = xmalloc (num_sc * sizeof (* sc_in));
Or:
sc_in = xmalloc (num_sc * sizeof * sc_in); /* I like this version, but nobody else does ... :-) */
Or:
sc_in = XNEWVEC (typeof (sc_in), num_sc);
>> + sc =
>> + (struct section_contribution *) ((uint8_t *) *data + sizeof (uint32_t));
>
> This one's more interesting: Some cast is needed here at least as long as
> we don't mean to allow use of GNU extensions (here: arithmetic on pointers
> to void). But seeing that this causes a line length issue, at a minimum
> I'd recommend to go with
>
> sc = (void *) ((uint8_t *) *data + sizeof (uint32_t));
>
> (Ideally sc would be pointer-to-const and the cast here then also one to
> pointer-to-const.)
>
> Nick, Alan - thoughts?
The code certainly is messy. I do not like the implicit casting of a void
pointer to a structure pointer, so personally I would keep the assignment
cast and try to eliminate the cast of *data by using an intermediary variable:
uint32_t * ptr = * data;
sc = (struct section_contribution *) (ptr + 1); /* Skip the version word. */
Even this looks wrong to me, since it assumes that it is OK to cast a 4 byte
aligned pointer to a structure pointer, with no guarantee that the structure
does not need a larger alignment. I get that the code is computing the
contents of a section which starts with a version number followed by a set
of filled in objects, and that this is hard to express cleanly in C. But still
I would not be surprised if a static analysis tool flagged this code as a
potential problem.
Cheers
Nick
next prev parent reply other threads:[~2023-02-21 10:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-20 14:13 Mark Harmstone
2023-02-21 8:26 ` Jan Beulich
2023-02-21 10:49 ` Nick Clifton [this message]
2023-02-21 11:03 ` Jan Beulich
2023-02-21 18:44 ` Pedro Alves
2023-02-22 5:48 ` Alan Modra
2023-02-22 7:08 ` Jan Beulich
2023-02-22 10:52 ` Alan Modra
2023-02-27 0:50 ` Mark Harmstone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7027c7ac-0e65-0bbb-22d3-167b929247f9@redhat.com \
--to=nickc@redhat.com \
--cc=amodra@gmail.com \
--cc=binutils@sourceware.org \
--cc=jbeulich@suse.com \
--cc=mark@harmstone.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).