New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix master build with --strict-warnings. #20436
Conversation
Ping @DDvO : feel free to keep my fix or discard all the |
crypto/cmp/cmp_ctx.c
Outdated
int len) | ||
const int len) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the point of marking the parameter len
as const
in the first place? It's passed by value, so the caller doesn't need to care whether the value is modified inside the function.
In my opinion, it's not the function signature of the implementation which needs to be changed, it's the signature of the prototype in the header and the documentation.
~/src/openssl/master$ git grep -n -A 1 OSSL_CMP_CTX_set1_secretValue | grep -B 1 'int len'
crypto/cmp/cmp_ctx.c:421:int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
crypto/cmp/cmp_ctx.c-422- int len)
--
doc/man3/OSSL_CMP_CTX_new.pod:118: int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
doc/man3/OSSL_CMP_CTX_new.pod-119- const int len);
--
include/openssl/cmp.h.in:327:int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
include/openssl/cmp.h.in-328- const int len);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's why I ping @DDvO to get its feeling, because this way of fixing it is much larger.
This could be a merge conflict remainder or a review issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
constifying scalar function parameters is a bit over-zealous, I agree.
I think that in certain places, this is done to indicate an intent that the input parameter will be used unchanged, i.e. will not be "adjusted" frivolously.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In other words: it's leaking implementation details without good cause ;-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In other words: it's leaking implementation details without good cause ;-)
No, it's making a promise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for my somewhat delayed response, I did not notice this PR and question to me before.
I cannot recall how that const int
came in originally and see little practical use for it
(except that it may help the implementer of the function not to accidentally modify the parameter value).
As one can easily find out from the commit history, already in commit 08dfbe0 I removed the const
,
so please do not re-introduce it here.
BTW, @FdaSilvaYY I just found that you had commented on that PR, though on a different topic: #17284 (comment).
Unfortunately, cmp.h.in
still contains
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
const int len);
so I presume that you aim to make the function definition in cmp_ctx.c
consistent with that.
I'd much prefer if the const
instead gets removed from the declaration in the header file,
yet we then face the problem that this appears (syntactically) to be an API change/break,
while actually (semantically) it has no effect on the API (i.e., the interface and behavior for callers).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DDvO I push a fix in this way.
a50ae45
to
57f3279
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the cleanup
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, one more thing: please change the const int
also in OSSL_CMP_CTX_new.pod
.
A pity that doc-nits
cannot check the consistency of (function etc.) type decls with the respective header files.
Regarding the consistency of the documentation, the checklist in the PR text pattern is a nice hint,
|
This PR is ready to review. |
Oh, I had overlooked this - sorry for the confusion. |
57f3279
to
003db5c
Compare
@mspncp : changes split in two commits |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reconfirmed
remove unneeded const qualifier to keep method declaration and definition in sync.
003db5c
to
c7214af
Compare
Last force-push was without tree changes. @FdaSilvaYY sorry, I couldn't resist: I swapped the two commits: the whitespace reformatting needs to go first (in topological order), otherwise it covers the relevant change in the annotation. Also, I inserted an an empty line between subject line and body in one of the commit messages. |
This search indicates that clang 15 is currently packaged in Debian [testing], which will become the next stable release: https://packages.debian.org/search?keywords=clang Looking at Debians release history and cadence (https://wiki.debian.org/DebianReleases), I would expect Debian 12 (which is what Debian [testing] is right now) to be released some time this year... Disclaimer: I'm an not a Debian developer / maintainer |
The latest releases for these are gcc 12 and clang 15, according to their own release pages: https://gcc.gnu.org/releases.html I can try with those |
No problem with gcc-12 or clang-15 either: /* I did it a little differently for demonstration purposes */
#include <stddef.h>
/* #include <openssl/cmp.h> */
typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
int len);
int main(void)
{
int (*secretValue)(OSSL_CMP_CTX *ctx, const unsigned char *sec,
const int len);
secretValue = OSSL_CMP_CTX_set1_secretValue;
secretValue(NULL, NULL, 0);
return 0;
} $ gcc-12 -Wall -o 20436.o -c 20436.c
$ clang-15 -Wall -o 20436.o -c 20436.c
$ This confirms the "not a problem" standing as far as I can take it. |
Could someone try with VisualStudio? If its not a problem there either then I'm also starting to lean towards "do it all the way to 3.0". |
It is not a problem on clang 15 or GCC or MSVC, both for C and C++/extern C. I am trying to find a reference in the ISO C spec. |
C11 s. 6.7.6.3. p. 15. "(In the determination of type compatibility and of a composite type, each parameter [...] declared with qualified type is taken as having the unqualified version of its declared type.)" C89 s. 6.5.4.3. "For two function types to be compatible, [...] (For each parameter declared with qualified type, its type for these comparisons is the unqualified version of its declared type.)" |
Looks like there should be no issue doing the header change, e.g. in 3.0, both in theory and in practice. |
Is there a clear official OpenSSL definition of |
I was using Visual 2015, with --strict-warnings, to debug a build break of my another PR. |
Ah yeah, MickeySoft always tends to make trouble, with all sorts of incompatibility. |
Fix the header and merge back to 3.0 seems to be the consensus the group is coming to. |
OTC: Given the compilers ignore that const we want to fix the header and backport that to 3.1 and 3.0 branches. |
If this does not apply cleanly we will need a backport patch for 3.1. |
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #20436)
remove unneeded const qualifier to keep method declaration and definition in sync. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #20436)
Merged to master, 3.1 and 3.0 branches. Thank you for your contribution. |
@openssl/otc, again my questions:
At least the outcome of our above exchange should be remembered somehow |
The problem is that basically anything that changes in the public API headers that can potential break a compilation for anyone is an API break. So until we found that this is very unlikely to break anyone it was considered an API break. Not sure how to record this and where. |
Thanks for your response, which more or less includes a definition of an API break. For instance, the following header file changes do not lead to API breaks:
I suggest adding something like this to the technical policies, next to the coding style. |
Found while trying to a CI failure.
Improvenmake clean
cleanup.Checklist