From: Eric Blake <eblake@redhat.com>
To: Alejandro Colomar <alx.manpages@gmail.com>
Cc: GNU libc development <libc-alpha@sourceware.org>,
austin-group-l@opengroup.org, GCC <gcc@gcc.gnu.org>,
Zack Weinberg <zack@owlfolio.org>
Subject: Re: [PATCH] sockaddr.3type: Document that sockaddr_storage is the API to be used
Date: Fri, 21 Apr 2023 10:27:07 -0500 [thread overview]
Message-ID: <sjomqddm5sik7zufnpozmagkbgnjiu55vbozruh4nsehg7hqqi@hl3jl5yde5pl> (raw)
In-Reply-To: <7823f94b-ce59-2bef-51aa-fb0f6fad39ec@gmail.com>
On Fri, Apr 21, 2023 at 05:00:14PM +0200, Alejandro Colomar wrote:
> >
> > The wording I see in <https://austingroupbugs.net/view.php?id=1641#c6262>
> > doesn't seem to cover the case of aliasing a sockaddr_storage as a
> > protocol-specific address for setting other members.
> >
> > Aliasing rules don't allow one to declare an object of type
> > sockaddr_storage and then fill the structure as if it were another
> > structure, even if alignment and size are correct. We would need
> > some wording that says something like:
> >
> > When a pointer to a sockaddr_storage structure is first aliased as a
> > pointer to a protocol-specific address structure, the effective type
> > of the object will be set to the protocol-specific structure.
I'll add that as a comment to the Austin Group page; it seems like a
reasonable statement of intent (POSIX already says that struct
sockaddr_storage is sufficiently sized and aligned; all that remains
is for the compiler to be aware that we intend to use a
more-appropriate effective type once we have the storage allocated).
> >
> > This is similar to what happens when malloc(3) is assigned to a
> > non-character type. That's a big hammer, but it does the job. Maybe
> > we would need some looser language? I CCd GCC, in case they have
> > concerns about this wording.
> >
> > Cheers,
> > Alex
> >
> >>
> >> I quite like this way of putting it. It subsumes both what I wrote and
> >> the related potential headache with deciding whether the sa_family_t
> >> field is considered an object or just a range of bytes within a larger
> >> object.
> >>
> >> zw
> >
>
> For the man pages, I've rewritten it to the following:
>
>
> $ git diff
> diff --git a/man3type/sockaddr.3type b/man3type/sockaddr.3type
> index 2fdf56c59..e610aa0f5 100644
> --- a/man3type/sockaddr.3type
> +++ b/man3type/sockaddr.3type
> @@ -117,6 +117,14 @@ .SH HISTORY
> was invented by POSIX.
> See also
> .BR accept (2).
> +.PP
> +These structures were invented before modern ISO C strict-aliasing rules.
> +If aliasing rules are applied strictly,
> +these structures would be impossible to use
Maybe "extremely difficult" instead of "impossible" to use (if I
understand this thread correctly, it is possible to memcpy() from one
struct into different storage of a different effective type where the
memcpy()'s intermediate aliasing through char* avoids the UB).
> +without invoking Undefined Behavior (UB).
> +POSIX Issue 8 will fix this by requiring that implementations
> +make sure that these structures
> +can be safely used as they were designed.
> .SH NOTES
> .I socklen_t
> is also defined in
>
>
> I guess this is simple enough that it should work as documentation.
It seems fine from my perspective.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2023-04-21 15:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-30 17:13 Alejandro Colomar
2023-03-30 19:11 ` Eric Blake
2023-04-05 0:42 ` Alejandro Colomar
2023-04-06 16:24 ` Eric Blake
2023-04-06 16:31 ` Alejandro Colomar
2023-04-06 18:05 ` Zack Weinberg
2023-04-06 19:37 ` Eric Blake
2023-04-14 16:08 ` Zack Weinberg
2023-04-21 14:58 ` Alejandro Colomar
2023-04-21 15:00 ` Alejandro Colomar
2023-04-21 15:27 ` Eric Blake [this message]
2023-04-21 20:27 ` [PATCH v3] sockaddr.3type: POSIX Issue 8 will solve strict-aliasing issues with these types Alejandro Colomar
2023-04-21 20:35 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=sjomqddm5sik7zufnpozmagkbgnjiu55vbozruh4nsehg7hqqi@hl3jl5yde5pl \
--to=eblake@redhat.com \
--cc=alx.manpages@gmail.com \
--cc=austin-group-l@opengroup.org \
--cc=gcc@gcc.gnu.org \
--cc=libc-alpha@sourceware.org \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).