From: Florian Weimer <fweimer@redhat.com>
To: Sergey Bugaev <bugaevc@gmail.com>
Cc: Siddhesh Poyarekar <siddhesh@redhat.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v2 0/3] fcntl fortification
Date: Tue, 30 May 2023 13:08:28 +0200 [thread overview]
Message-ID: <878rd6uleb.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <CAN9u=HdxGf8neZ=YToRbieNLftBCSMjqKt5faGgKv6GP3CYgUg@mail.gmail.com> (Sergey Bugaev's message of "Tue, 30 May 2023 13:46:23 +0300")
* Sergey Bugaev:
> On Tue, May 30, 2023 at 11:09 AM Florian Weimer <fweimer@redhat.com> wrote:
>> > 2. There is a __fcntl_types_compatible () macro which is a thin wrapper
>> > over __builtin_types_compatible_p () in plain C, and uses an
>> > std::is_same_v-like check (using partial template specialization) in
>> > C++. Importantly, it uses __typeof () even in C++ (not decltype ()),
>> > because we don't want the extra references appended to our type. For
>> > example, we want 'int', not 'const int &' or 'int &&'.
>>
>> I think you should avoid using __typeof, otherwise we need to add
>> another GCC check. If you need to use decltype, you'll have to add a
>> __cplusplus version check.
>
> I don't think I understand your point about the GCC check, could you
> please expand?
Ahh, maybe that check is implied by doing this for fortification only?
>> > 5. Here's the fcntl () macro in all of its horrible glory:
>> >
>> > #define fcntl(fd, cmd, ...)
>> > (__VA_OPT__ (0 ?) __fcntl_2_inline (fd, cmd)
>>
>> I think we should avoid the new __fcntl_2 symbol because it an
>> unnecessary optimization.
>
> And again I don't think I understand your point :|
> Could you please expand here as well? What's the (unnecessary)
> optimization here?
>
> __fcntl_2 is required to do runtime checking of whether the runtime
> value of CMD indeed does not require a third argument.
Oh, I'm not sure if the run-time check is really that useful.
There's no vfcntl function, so I expect that we will have accurate type
information at the callsite in most cases, and the compile-time check
works.
>> It would very nice if we could generate the appropriate warning for C
>> (-Wincompatible-pointer-types). This is what I tried to do, but it
>> might actually be impossible.
>>
>> Should we generate errors for C++? It requires compatible pointer
>> types, after all.
>
> So the way I think about this, what this is doing is not making fcntl
> into a proper type-safe overloaded function, but adding some
> safeguards on top of the existing vararg definition that catch some
> mistakes.
>
> The diagnostics emitted are different, and this is fine. Another
> instance of this: you get the "error: call to '__fcntl_missing_arg'
> declared with attribute error" and not the error you would otherwise
> get from GCC upon forgetting a required function argument ("error: too
> few arguments to function 'foo'").
>
> I would prefer to keep type mismatch a warning in C++ too (because
> this is best-effort additional safeguards, not a real type system),
> but this would be easy to change if you want me to.
Hmm. I certainly don't see this as a blocker, what you are proposing is
way better than what we have today.
Thanks,
Florian
next prev parent reply other threads:[~2023-05-30 11:08 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-28 17:20 Sergey Bugaev
2023-05-28 17:20 ` [PATCH v2 1/3] support: Add support_fcntl_support_ofd_locks () Sergey Bugaev
2023-05-29 13:18 ` Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin,end} Sergey Bugaev
2023-05-29 14:50 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin, end} Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments Sergey Bugaev
2023-05-29 16:54 ` Adhemerval Zanella Netto
2023-05-29 17:31 ` Sergey Bugaev
2023-05-29 18:09 ` Adhemerval Zanella Netto
2023-05-29 19:57 ` Sergey Bugaev
2023-05-29 20:14 ` Adhemerval Zanella Netto
2023-05-29 20:49 ` Sergey Bugaev
2023-05-29 21:09 ` Adhemerval Zanella Netto
2023-05-29 21:59 ` Sergey Bugaev
2023-05-30 11:34 ` Adhemerval Zanella Netto
2023-05-30 7:41 ` Florian Weimer
2023-05-30 9:07 ` Sergey Bugaev
2023-05-30 9:50 ` Florian Weimer
2023-05-30 11:35 ` Adhemerval Zanella Netto
2023-05-30 8:09 ` [PATCH v2 0/3] fcntl fortification Florian Weimer
2023-05-30 10:46 ` Sergey Bugaev
2023-05-30 11:08 ` Florian Weimer [this message]
2023-05-30 11:34 ` Sergey Bugaev
2023-05-30 11:50 ` Florian Weimer
2023-05-30 11:51 ` Florian Weimer
2023-05-30 12:15 ` Sergey Bugaev
2023-05-30 12:26 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878rd6uleb.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=bugaevc@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).