Date: Tue, 22 May 2007 16:56:26 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Warner Losh <imp@bsdimp.com> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, rwatson@freebsd.org, cvs-all@freebsd.org, bde@optusnet.com.au Subject: Re: cvs commit: src/lib/libmemstat memstat_malloc.c Message-ID: <13451.1179852986@critter.freebsd.dk> In-Reply-To: Your message of "Tue, 22 May 2007 10:20:45 CST." <20070522.102045.112563319.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20070522.102045.112563319.imp@bsdimp.com>, Warner Losh writes: >> > Should know better than to use __DECONST: C programmers. > >Zen Master bde hits. You are confused. You are Dazed.--More-- >You have received enlightment. Welcome to level 34583. Actually, I'm not sure I made it. Const is a very useful construct, both for the compilers ability to generate good code and for the programmer to express his intention, but the simplicity of the const concept in C means that it is less useful than it could be, unless __DECONST and similar are (ab)used. Take a simple example: struct foo { ... }; struct foo *create_foo(args, ...); void destroy_foo(struct foo *); Nothing outside these two functions should modify, reassign or otherwise muck about with the contents of a struct foo. In an ideal world, I would have two versions of struct foo: one where all members are const and one where they are not, and compiler would realize that a cast from the R/W to the R/O variant is a safe operation, so that create_foo() could be written in terms of and return the R/O variant How to do the destroy_foo() needs a different trick, since we are not modifying the fields, we are destroying them, so the needed information here is custody information: void destroy_foo(struct foo * __custody); which tells the compiler that the pointer and what it pointed to is not valid after a call to destroy_foo(). C unfortunately lacks a syntax that can express suck subtle and non-subtle nuances and recent standardization efforts have shown little interest in offering more "intentional programming" facilities in C. Absent such progress and despite what the Zen master says, I think const is a useful concept and that the occational well-thought out use of __DECONST() can not only be fully justified but also recommended. Provided it is used to improve the expression of deliberate intent, rather than to paste over gottchas. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13451.1179852986>