On 02.03.2017 23:16, Mooney, Tim M. wrote:
> Andrew invited us to weigh in on this thread. I'm all in favor of
> type checking RSET function-pointer arguments. I don't mind warnings
> if I specify arguments of type "DBADDR*" instead of "const DBADDR*",
Unfortunately, with C++ this is an error (and also if you swap const and
non-const).
> but I feel this const business is less beneficial than type checking.
In general I disagree, but in this case: yes, it really gets in the way
(and that is because it is logically inconsistent when it comes to
passing functions with const parameters).
I think the path of least resistance is this:
We make (only) those method parameters const which are called with const
arguments in base. These are:
long (*get_precision)(const struct dbAddr *paddr, long *precision);
long (*get_enum_str)(const struct dbAddr *paddr, char *pbuffer);
long (*get_enum_strs)(const struct dbAddr *paddr, struct
dbr_enumStrs *p);
long (*put_enum_str)(const struct dbAddr *paddr, const char *pbuffer);
If we go ahead with this, it means you would probably have to weaken
some of the rset methods e.g. for the motor record.
> (Also, I still have a bunch of arguments specified as "struct dbAddr
> *".)
Note that some of the record support methods are /meant/ to (be able to)
modify the DBADDR, e.g. cvt_dbaddr and since 3.15 also get_array_info.
> I guess the bottom line for me is that I don't mind changes that
> require even a fair amount of editing if there is a syntax that at
> least works for several versions of base.>
You can take a look at my fork of the motor support ()to get an idea of
how e.g. motorRecord.cc can be changed to be compatible with old and new
versions of base. I will update it to reflect the latest changes I made
to the typed-recsup branch of base.
Cheers
Ben
> From: Ben Franksen [[email protected]]
> Subject: const-constraints on struct rset method arguments
>
> Background: Since ancient times, support interfaces like 'struct rset'
> declare the methods (function pointers) in tables as e.g. RECSUPFUN
> which is a synonym for 'long (*) ()', which in C means 'any number and
> type of arguments'. This is true of record, device, and driver support,
> but for practical reasons I want to limit the discussion to record
> support. A recently discovered bug in base would have been found years
> ago if the interface would not disable type checking here.
>
> I have been working on a way to get us typed record support methods, for
> base 3.16, taking compatibility questions (forward and backward) into
> account.
>
> This brought up the question of how to handle the const-ness of the
> DBADDR* argument that many record support methods take. The code in base
> that calls record support does call some of the methods with a const
> DBADDR*. This will result in warnings when the type of the method
> doesn't have the const, when compiled with gcc. However, when the code
> is compiled with g++, as is the case for the motorRecord, then this is
> an error (and, AFAIK, this is how the standard defines things, a few
> remarks on that below).
>
> Michael, who reviews my changes, commented:
>
>> Well, one non-const situation (I'm to thank/blame) is
>> get_array_info() which in >=3.15 is allowed to replace pfield. The
>> caller is expected to save and replace it (see dbGet()). This enables
>> a driver to use multiple buffers to avoid copying data into the
>> record.
>
> So we have to make a decision: do we want to specify const-ness of the
> DBADDR parameter or is this too restricting w.r.t. future extensions? If
> yes, for which methods?
>
> * * *
>
> Side remark re C++ type checking of const: I think what the C++ compiler
> does here (whether by following the standard or for other reasons) is
> logically wrong: if I have a function
>
> void f(const int *p)
>
> it is allowed to pass a non-const 'int*' (no warning) and for a good
> reason. But I get a type error when I assign the address of f to a
> pointer pf of type
>
> void (*pf)(int *p)
>
> That doesn't make sense. Code that calls *pf must assume that the
> function /can/ modify the int behind the pointer; if the function
> refrains form doing so and states that in its type, what's wrong about that?
>
> In short: const-checking does not take variance into account, and thus
> issues an error even if the conversion would be safe. This is one of the
> problems of prescribing const arguments in function tables.
Attachment:
signature.asc
Description: OpenPGP digital signature
- References:
- const-constraints on struct rset method arguments Ben Franksen
- RE: const-constraints on struct rset method arguments Mooney, Tim M.
- Navigate by Date:
- Prev:
RE: const-constraints on struct rset method arguments Mooney, Tim M.
- Next:
Jenkins build became unstable: epics-base-3.14-win32s #180 APS Jenkins
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
<2017>
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
RE: const-constraints on struct rset method arguments Mooney, Tim M.
- Next:
RE: const-constraints on struct rset method arguments Ron Sluiter
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
<2017>
2018
2019
2020
2021
2022
2023
2024
|