const religion

Andrew Bartlett abartlet at samba.org
Wed Mar 30 22:44:14 GMT 2005


On Wed, 2005-03-30 at 16:31 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> derrell at samba.org wrote:
> 
> | This is actually a gripe that I wanted to discuss.  Although
> | I put a band-aid on it, you're right, my casts don't solve
> | the problem.  If "const" isn't going to be used properly, or
> | more accurately, consistently, it really shouldn't be
> | used at all.  Passing a "char *" to a function that
> | expects a "const char *" which in turn passes it to a function
> | that expects a "char *" just seems screwy.  Is it const or isn't
> | it?  Fooling the compiler should not be necessary.
> 
> I agree here. I argued this same point when the const religion
> got started.  const in C is a joke IMO.  The compiler
> doesn't really mark the memory as read-only so you just as well
> off to put the const keyword in the comments for the function
> formal declaration.  Then at least you don't get the silly
> warnings about something you know you already did.
> 
> But I digress....

Taking this digression just one step further - as the person who pushed
const into the Samba 3.0 (then head) tree, I see it this way:

On a 300,000 line C project, we have around 100 (guess, I've not yet
checked for sure) places where we need to say 'C sucks, library
interfaces suck', and discard the const qualifier.   Samba4 uses
discard_const_p() to have *zero* const warnings, no matter the compile
flags.

In the rest of the code, we know we are not going to free() the stack,
or a "" string, or in any way modify these arguments.  This is
particularly useful when validating the nasty practice we had of pstrcpy
() into a fstring function parameter, which our other CPP tricks could
not catch.  

(This pstrcpy() has in the past caused us security problems, and the use
of const allows us to limit the code paths in need of a manual audit).

I added -Wwrite-strings (adding const to "" strings) after we had a
segfault due to a write back to a "" string, for very silly reasons.


const and formal correctness is a hot-button issue for some - I simply
see it simply as an extra tool to be used as far as reality allows, to
try and catch silly bugs.

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050331/bf8f65df/attachment.bin


More information about the samba-technical mailing list