From owner-svn-src-head@FreeBSD.ORG Tue Nov 11 14:07:58 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D10D319; Tue, 11 Nov 2014 14:07:58 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 3E496F95; Tue, 11 Nov 2014 14:07:57 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 98993A1CE; Tue, 11 Nov 2014 14:07:55 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 986CC16CA; Tue, 11 Nov 2014 15:07:54 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Bruce Evans Subject: Re: svn commit: r274340 - in head/sys: crypto/rijndael dev/random geom/bde References: <201411100944.sAA9icnN061962@svn.freebsd.org> <3C962D07-3AAF-42EA-9D3E-D8F6D9A812B0@FreeBSD.org> <86sihq5a2v.fsf@nine.des.no> <20141111223756.F3519@besplex.bde.org> Date: Tue, 11 Nov 2014 15:07:54 +0100 In-Reply-To: <20141111223756.F3519@besplex.bde.org> (Bruce Evans's message of "Tue, 11 Nov 2014 22:48:36 +1100 (EST)") Message-ID: <86oasd6dad.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, "Bjoern A. Zeeb" , src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Nov 2014 14:07:58 -0000 Bruce Evans writes: > -Wcast-qual is not a very good warning option since the official way > to remove qualifiers in C is to cast them away. Casting them away is > better than using the __DECONST() abomination. The option exists > because it is too easy for sloppy code to cast away const without > really intending to or when casting away const is done intentionally > but is an error. I agree that __DECONST() is ugly (not least because it strips all qualifiers, not just const, so it should be DEQUAL()), but the alternative is worse. In my experience, the majority of cases where a cast discards a qualifier are bugs, with struct iov being one of very few legitimate use cases. In the same vein, you could also argue that it is wrong of gcc and clang to warn about underparanthesized boolean expressions or about using an assignment as a truth value. Yet these warnings are extremely useful, because code that triggers them is often either incorrect or easily misinterpreted by a casual reader. Apple's "goto fail" certificate verification bug was caused by code that was perfectly legal and looked fine at first glance but would have been caught by -Wunreachable-code. Unfortunately, turning it on in our tree breaks the build in non-trivially-fixable ways because it is triggered by const propagation into inline functions. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no