On Fri, Nov 18, 2011 at 12:35:34AM +0000, David Holland wrote: > > With a proplib format, the kernel knows it didn't get the right > > argument (it didn't find a key "quotafile" with a string value in the > > dictionary). Of course you can still do quotaon /boot if you really > > wants to, but then it has been done on purpose, not just because > > you gave the wrong pointer to quotactl(). > > This is about type-safety. It has nothing to do with compatibility, > forwards or backwards.
I agree. using proplib is a win for both type-safety and backward compatibility. > > Unless we split quotactl(2) into multiple system calls, one per > operation, it can't be fully typesafe; C has no strictly type-safe way > to be polymorphic. > > It can be made better than quotactl(path, int, int, void *), but only > a little. The important thing, I think, is that in my proposed world > quotactl() is no longer meant to be user-callable. (Maybe it should be > _quotactl() or __quotactl() so nobody calls it by accident.) Only > libquota calls it, and if you're that concerned about mismatched types > we can audit the libquota code. > > And, btw, using proplib does not make the code type-safe. To the > contrary, in fact, even excluding the dynamic typing behavior, because > proplib's API is so borked. Look in its header files to see how many > of its typedefs are really void pointers, and be scared... I'm not. The void pointers are used only internally by proplib, public functions are type-safe (exept for functions that work on any data type, i.e the *data* functions, and opaque pointers where their type doesn't matters) and you can't use a function with the wrong pointer type: prop_dictionary_get_int8() takes a int8_t*, prop_dictionary_get_cstring() takes a char **, and so on. You cannot convert a value from/to the wrong pointer type. -- Manuel Bouyer <[email protected]> NetBSD: 26 ans d'experience feront toujours la difference --
