Corrected VC compile warning C4090. #1939
Conversation
|
looks okay (or harmless and not needed) to me; @dot-asm ? |
|
Looks like VC trying to be a C++ compiler instead of a C compiler ;) |
|
VC tries to be a both compiler... |
levitte
added
the
approval: done
richsalz
added
the
hold: cla required
|
@rrip, do you consider this a trivial change (I do). If not, we need you to sign our CLA. |
|
I don't think this is good idea. |
Well, I'd instead ask what are the exact circumstances when the warning is issued. If C compiler actually requires the kind of cast you think is problematic here, then it doesn't comply with standard. And when it doesn't comply it's called a compiler bug. And then question is if we should work around compiler bugs. Well, we did it earlier, but we never aimed to work around every compiler bug. In other words they have to be evaluated somehow. What we are looking at here is C4090 warning that actually has a record of being buggy, it's even suppressed when OpenSSL itself is built. So what's going on here? It ought to be that warning is issued when user compiles own application code. But what is this warning? It's revolving about |
One can wonder if ( |
richsalz
removed
the
approval: done
|
We didn't say no changes to public headers, we said no incompatible changes. But since you feel strongly that this is wrong, and you know more than I do, I remove my approval. |
Right, my formulation was a bit sloppy. But so is the quoted one :-) What was said that till we formulate rigid rules for modifications of prototypes in public headers, we tolerate exclusively additions. Well, naturally even additions has to be compatible, e.g. we shouldn't tolerate masking #if or #undefs... However! One can argue that suggested modification is compatible. After all is doesn't modify any public prototype, only inline implementation. But once again, what is the actual problem? If it's compiler bug, then why are we risking masking legitimate warnings? If it's legitimate warning, then (given the fact that it's C4090 warning) it ought to be application problem... |
|
The problem is whenever lhash.h is included into an application, the warning shows up, regardless if you actually use lh_##type##_insert() function or not. When the macro DEFINE_LHASH_OF is expanded because of the line DEFINE_LHASH_OF(OPENSSL_CSTRING); the warning pops up all over an application that would normally compile warning-free. The warning occurs because OPENSSL_LH_insert requires a non-const parameter "data", and a const parameter is being passed in because OPENSSL_CSTRING is a const. The underlying issue is whether the "void *data" value in structure lhash_node_st should be changed to "const void *data"? Then the OPENSSL_LH_insert function could be changed to const void *data. But that would generate 5 valid compiler warnings and would require OPENSSL_LH_DOALL_FUNC and OPENSSL_LH_DOALL_FUNCARG definitions to be changed to include const. |
In other words it's legitimate warning(
That would be right solution, but a) it's not given that it's possible, i.e. OPENSSL_LH_insert might modify data under some circumstances (I haven't looked); b) but even if it is possible, it's not something one can formally do in letter or even minor release (at least not till team discusses and agrees what is acceptable to do in letter or minor release). Alternative can be to introduce additional API, OPENSSL_LH_insert_const perhaps, that would accept ( |
|
I have submitted another commit with improvements that should satisfy all of the concerns. The object within struct lhash_node_st has been changed to "const void *data". That is a promise that lhash functions will not modify the data (as they shouldn't because the data can be any type of object). However the data is returned back as "void *" by lhash functions (without the const). This is similar to the way C library function strchr() function handles "const". The code compiles without any additional C4090 warnings. |
|
you have to update your cla to include your GH address or change the author on these commits to be "robert@fedoraproject.org" Sorry to be a nuisance. |
| @@ -97,14 +97,14 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) | |||
| (*rn)->data = data; | |||
| lh->num_replace++; | |||
| } | |||
| return (ret); | |||
| return (void *)(ret); | |||
There was a problem hiding this comment.
I know the original had it, but since you're modifying this line, please remove the extra parens around ret. Here and in the other instances, below.
|
Considering all that @dot-asm has said, I'm not sure I see the new solution as distinctly better. The troube is that there's no direct correlation between the (possibly really const) stuff that's being inserted into the lhash and the stuff (possibly const, but just as possibly non-const) that's retrieved from it. Refering to I'm leaning toward the same conclusion as @dot-asm, that this warning is best left there as a reminder, rather than being hidden away with ugly and potentially dangerous casts. |
|
We have also stumbled across this warning in our project and we traced back the problem to a MSVC compiler bug. Here you can see the related Microsoft Connect issue. I believe that the original code should compile without warnings on a well-behaving compiler, and I am not confident in that the semantics should be changed only for the sake of getting rid of these warnings. Wouldn't it be more correct to just disable (pragma) this warning specifically on the affected compiler versions? Or just leave it there since it is not actually a bug in the code, but in the compiler? |
|
Yes, we just disabled the pragma in #3420. Closing this. |
No description provided.