Fix master build with --strict-warnings. #20436
Conversation
|
Ping @DDvO : feel free to keep my fix or discard all the |
crypto/cmp/cmp_ctx.c
Outdated
| int len) | ||
| const int len) |
There was a problem hiding this comment.
What is the point of marking the parameter len as const in the first place? It's passed by value, so the caller doesn't need to care whether the value is modified inside the function.
In my opinion, it's not the function signature of the implementation which needs to be changed, it's the signature of the prototype in the header and the documentation.
~/src/openssl/master$ git grep -n -A 1 OSSL_CMP_CTX_set1_secretValue | grep -B 1 'int len'
crypto/cmp/cmp_ctx.c:421:int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
crypto/cmp/cmp_ctx.c-422- int len)
--
doc/man3/OSSL_CMP_CTX_new.pod:118: int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
doc/man3/OSSL_CMP_CTX_new.pod-119- const int len);
--
include/openssl/cmp.h.in:327:int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
include/openssl/cmp.h.in-328- const int len);
There was a problem hiding this comment.
That's why I ping @DDvO to get its feeling, because this way of fixing it is much larger.
This could be a merge conflict remainder or a review issue.
There was a problem hiding this comment.
constifying scalar function parameters is a bit over-zealous, I agree.
I think that in certain places, this is done to indicate an intent that the input parameter will be used unchanged, i.e. will not be "adjusted" frivolously.
There was a problem hiding this comment.
In other words: it's leaking implementation details without good cause ;-)
There was a problem hiding this comment.
In other words: it's leaking implementation details without good cause ;-)
No, it's making a promise.
There was a problem hiding this comment.
Sorry for my somewhat delayed response, I did not notice this PR and question to me before.
I cannot recall how that const int came in originally and see little practical use for it
(except that it may help the implementer of the function not to accidentally modify the parameter value).
As one can easily find out from the commit history, already in commit 08dfbe0 I removed the const,
so please do not re-introduce it here.
BTW, @FdaSilvaYY I just found that you had commented on that PR, though on a different topic: #17284 (comment).
Unfortunately, cmp.h.in still contains
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
const int len);
so I presume that you aim to make the function definition in cmp_ctx.c consistent with that.
I'd much prefer if the const instead gets removed from the declaration in the header file,
yet we then face the problem that this appears (syntactically) to be an API change/break,
while actually (semantically) it has no effect on the API (i.e., the interface and behavior for callers).
There was a problem hiding this comment.
@DDvO I push a fix in this way.
FdaSilvaYY
force-pushed
the
2022/03/Master-Cmp-Fixup
branch
from
a50ae45
to
57f3279
Compare
DDvO
added
branch: master
DDvO
added
the
approval: review pending
|
Regarding the consistency of the documentation, the checklist in the PR text pattern is a nice hint,
|
This PR is ready to review. |
Oh, I had overlooked this - sorry for the confusion. |
DDvO
added
tests: exempted
FdaSilvaYY
force-pushed
the
2022/03/Master-Cmp-Fixup
branch
from
57f3279
to
003db5c
Compare
|
@mspncp : changes split in two commits |
remove unneeded const qualifier to keep method declaration and definition in sync.
mspncp
force-pushed
the
2022/03/Master-Cmp-Fixup
branch
from
003db5c
to
c7214af
Compare
|
Last force-push was without tree changes. @FdaSilvaYY sorry, I couldn't resist: I swapped the two commits: the whitespace reformatting needs to go first (in topological order), otherwise it covers the relevant change in the annotation. Also, I inserted an an empty line between subject line and body in one of the commit messages. |
mspncp
added
approval: done
This search indicates that clang 15 is currently packaged in Debian [testing], which will become the next stable release: https://packages.debian.org/search?keywords=clang Looking at Debians release history and cadence (https://wiki.debian.org/DebianReleases), I would expect Debian 12 (which is what Debian [testing] is right now) to be released some time this year... Disclaimer: I'm an not a Debian developer / maintainer |
The latest releases for these are gcc 12 and clang 15, according to their own release pages: https://gcc.gnu.org/releases.html I can try with those |
|
No problem with gcc-12 or clang-15 either: /* I did it a little differently for demonstration purposes */
#include <stddef.h>
/* #include <openssl/cmp.h> */
typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
int len);
int main(void)
{
int (*secretValue)(OSSL_CMP_CTX *ctx, const unsigned char *sec,
const int len);
secretValue = OSSL_CMP_CTX_set1_secretValue;
secretValue(NULL, NULL, 0);
return 0;
}$ gcc-12 -Wall -o 20436.o -c 20436.c
$ clang-15 -Wall -o 20436.o -c 20436.c
$This confirms the "not a problem" standing as far as I can take it. |
|
Could someone try with VisualStudio? If its not a problem there either then I'm also starting to lean towards "do it all the way to 3.0". |
|
It is not a problem on clang 15 or GCC or MSVC, both for C and C++/extern C. I am trying to find a reference in the ISO C spec. |
|
C11 s. 6.7.6.3. p. 15. "(In the determination of type compatibility and of a composite type, each parameter [...] declared with qualified type is taken as having the unqualified version of its declared type.)" C89 s. 6.5.4.3. "For two function types to be compatible, [...] (For each parameter declared with qualified type, its type for these comparisons is the unqualified version of its declared type.)" |
|
Looks like there should be no issue doing the header change, e.g. in 3.0, both in theory and in practice. |
Is there a clear official OpenSSL definition of |
I was using Visual 2015, with --strict-warnings, to debug a build break of my another PR. |
Ah yeah, MickeySoft always tends to make trouble, with all sorts of incompatibility. |
|
Fix the header and merge back to 3.0 seems to be the consensus the group is coming to. |
|
OTC: Given the compilers ignore that const we want to fix the header and backport that to 3.1 and 3.0 branches. |
t8m
added
branch: 3.0
|
If this does not apply cleanly we will need a backport patch for 3.1. |
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #20436)
remove unneeded const qualifier to keep method declaration and definition in sync. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #20436)
|
Merged to master, 3.1 and 3.0 branches. Thank you for your contribution. |
|
@openssl/otc, again my questions:
At least the outcome of our above exchange should be remembered somehow |
|
The problem is that basically anything that changes in the public API headers that can potential break a compilation for anyone is an API break. So until we found that this is very unlikely to break anyone it was considered an API break. Not sure how to record this and where. |
Thanks for your response, which more or less includes a definition of an API break. For instance, the following header file changes do not lead to API breaks:
I suggest adding something like this to the technical policies, next to the coding style. |
Found while trying to a CI failure.
Improvenmake cleancleanup.Checklist