[Swan-dev] shunk_t vs chunk_t
D. Hugh Redelmeier
hugh at mimosa.com
Mon Mar 1 15:17:32 UTC 2021
In shunk_t
const void *ptr;
In chunk_t
uint8_t *ptr;
I understand why the former is const and the latter isn't.
But why do the base types differ?
I stubbed my toe on this yesterday.
================
Sometimes security labels are passed around in shunk_t and sometimes
chunk_t. This is awkward and widespread. I'm not sure if there is a good
cure because I haven't looked carefully.
I chose to make the a and b parameters to se_label_match to have type
chunk_t * because that required the fewest casts.
This casting is not actually good code:
- we "know" that a shunk_t and a chunk_t have the same layout. So the
cast works. But it isn't 100% safe because the layout of either
could change and nothing would raise an alarm.
- it is possible to cleanly construct a shunk_t object from a chunk_t
object but not the reverse: the latter requires stripping const from
*ptr.
The real problem is that the logic of C's const is too simple-minded.
C really does not support the shunk/chunk distinction comfortably.
Do we have other cases where we convert between shunks and chunks? If
so, we really should have functions to do this. That way the
nastiness can be isolated in one place.
More information about the Swan-dev
mailing list