Adding 'const' to various write routines within stuffer#155
Adding 'const' to various write routines within stuffer#155colmmacc merged 1 commit intoaws:masterfrom
Conversation
There was a problem hiding this comment.
does this mean that:
uint32_t x = 5; // not a const
s2n_stuffer_alloc(stuffer, x);
would not work? What does a compiler do with const in the pass-by-value case?
|
const is just part of the contract in this case. The function implementer is telling the consumer "I'm not going to do anything to this value". Granted, it probably is more appropriate for cases where you're passing pointers, rather than intrinsic integer types. In terms of data contract, it's explicit what will happen here. You can pass in literals, and other values, because they won't be changed from within the function. In terms of what the compiler is going to do to achieve this, it just depends on the compiler. So, it's safe to make these things const, because you're just being explicit about the contract. In your example: s2n_stuffer_alloc(stuffer, 5); Would be equivalent. Here's a case where it actually matters: void foo(int n) In this case, the compiler does something, because it has to be able to change the value of 'n'. Now if we do this: void foo(const int n) We should get a compiler error, because since 'n' was declared 'const', your code should not be able to change it. To remedy this situation, you'd have to do: void foo(const int cn) This forces the code to be explicit about making a temporary variable for the purposes of manipulation. There is actually an instance of this in the PR I submitted. Bottom line, everything should be const until proven otherwise, and that proof should come in the form of an explicit articulation of the data contract. |
|
It definitely makes sense to declare the variable const in the function, but does it need to change in the function signature in the .h file? that's the part that doesn't make as much sense to me. Why does the caller care? |
|
well, the .h goes hand in hand with the .c, so the signatures must match. Also, it's nice to specify at least part of the data contract in the header: void foo(char *) Can mean a lot of different things. You'd get an error (most likely) if you called it with: foo("Hello, World"); On the other hand, if you declared it thus: void foo(const char *); Then you won't get an error. And if I'm calling it from LuaJIT (for example) ffi.cdef[[ ffi.C.foo("this is a lua string object automatically coerced to 'const char *'"); Will work wonderfully. |
|
char * is different because it's pass by reference, it's clear that we're telling the caller that we won't modify their data. "const int" makes less sense because from the perspective of the caller the int is already immutable by the caller. A quick test of: does seem to work with all of the warnings turned on. |
|
It's probably more interesting to do that test case on a platform that doesn't have one of the native data types in question, for example, when you have int64_t implemented as a structure, instead of as an intrinsic. But, all experimentation aside, you're agreeing to the 'const' where pointers and references are explicitly in the interface, and you DON't want to see const on the intrinsic data types. I could say "yah, alright", and we can move on. Or I could say "is there any harm in putting const on those things?" As I don't want to lose the changes, I'll just say "yah, alright". And make the changes to remove const from the intrinsic integer types. Someone else who wants to argue it more fervently can add them back in later. |
|
Actually, I believe that the signatures don't have to match exactly - because it makes no difference to the caller if ...and defined in the implementation as: ...which is true, I believe for all value arguments |
|
For reference: I learned this quirk of C from @randomascii |
|
Yep, Last-level const is only meaningful to the function definition so it is not needed and is indeed ignored in the function declaration. Therefore: void Foo(int x, char* p); Is compatible with: void Foo(const int x, char* const p) { ... } It just means that the Foo implementation will not modify its local copies of 'x' and 'p', which is of no concern to callers. This is not compatible with the declaration above: void Foo(const int x, const char* const p) { ... } Changing 'p' to point to const char instead of char is a change of the contract. It is entirely logical, but not well known. I like marking as many variable as possible as const. Not to help the optimizer (it rarely does) but to help human readers. |
|
for human readability, yes. So, for this pull request, should I change it, or will it be accepted as is and then changed? |
|
I like keeping them the same for clarity. Sent from my Windows Phone From: Alexander Ricciomailto:notifications@github.com For reference: I learned this quirk of C from @randomascii Reply to this email directly or view it on GitHub: |
Holy crap! Two Windows Phone users crossing paths! Reminds me of the Zune. |
|
Even better, I work for Microsoft. Sent from my Windows Phone From: Alexander Ricciomailto:notifications@github.com
Holy crap! Two Windows Phone users crossing paths! Reminds me of the Zune. Reply to this email directly or view it on GitHub: |
Well, I don't work for Microsoft. (Not yet, at least) Still: mind blown |
|
Do you want to work for MS? Sent from my Windows Phone From: Alexander Ricciomailto:notifications@github.com
Well, I don't work for Microsoft. (Not yet, at least) Still: mind blown Reply to this email directly or view it on GitHub: |
|
If that's an offer, and NYC is the place, then we're certainly off topic ;) |
Adding 'const' to various write routines within stuffer
|
Merged! |
# This is the 1st commit message: ci: remove S2N_TEST_IN_FIPS_MODE (aws#4994) # This is the commit message aws#2: Migrate PQ Rust code to TLS 1.3 (aws#4998) # This is the commit message aws#3: chore: add new team member (aws#5006) # This is the commit message aws#4: chore(s2n-tls-hyper): Publish s2n-tls-hyper (aws#5000) # This is the commit message aws#5: ci: add script to help launch stuck codebuild jobs (aws#5004) # This is the commit message aws#6: ci: config logging for integration tests (aws#4751) Co-authored-by: Doug Chapman <54039637+dougch@users.noreply.github.com> # This is the commit message aws#7: Migrate PQ Python code to TLS 1.3 (aws#4999) # This is the commit message aws#8: fix: don't prefix empty string when interning (aws#5015) # This is the commit message aws#9: chore: remove unused imports (aws#5017) # This is the commit message aws#10: fix(bindings/bench): Prevent IO from going out of scope (aws#5007) # This is the commit message aws#11: ci: commit integrationv2 small batch spec (aws#5020) # This is the commit message aws#12: ci: keep start_codebuild.sh up-to-date (aws#5023) # This is the commit message aws#13: chore: remove unused test utils (aws#5005) # This is the commit message aws#14: ci: improve output of validate_start_codebuild_script (aws#5031) # This is the commit message aws#15: refactor(bin): remove references to FIPS_mode_set (aws#5026) # This is the commit message aws#16: chore: improve the dashboard comment query (aws#5016) # This is the commit message aws#17: tests: make integV2 locally runnable (aws#5029) # This is the commit message aws#18: feature: remove openssl-1.0.2-fips fips mode support (aws#5030) # This is the commit message aws#19: chore: run more checks on pushes to main (aws#4963) # This is the commit message aws#20: fix: add build specs to copyright check (aws#5025) # This is the commit message aws#21: fix(bindings): Specify correct minimum versions (aws#5028) # This is the commit message aws#22: ci: add timeout for cbmc proof (aws#5038) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#23: test: add sslv2 client hello test w/ jvm (aws#5019) Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com> # This is the commit message aws#24: docs: add C / s2n-tls-sys doc references to s2n-tls docs (aws#5012) # This is the commit message aws#25: Add Security Policy Deprecation API (aws#5034) Co-authored-by: James Mayclin <maycj@amazon.com> Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com> # This is the commit message aws#26: ci: add openssl-3.0-fips builds (aws#5037) # This is the commit message aws#27: fix: initial config should not influence sslv2 (aws#4987) Co-authored-by: maddeleine <59030281+maddeleine@users.noreply.github.com> # This is the commit message aws#28: chore: bindings release for 0.3.10 (aws#5046) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#29: chore: bump osx Openssl to latest (aws#5041) Signed-off-by: Rui Chen <rui@chenrui.dev> Co-authored-by: Rui Chen <rui@chenrui.dev> # This is the commit message aws#30: chore: fix typos (aws#5052) # This is the commit message aws#31: build(deps): bump cross-platform-actions/action from 0.26.0 to 0.27.0 in /.github/workflows in the all-gha-updates group (aws#5053) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> # This is the commit message aws#32: ci: pin duvet version (aws#5057) # This is the commit message aws#33: refactor: remove openssl-1.0.2-fips 'allow md5' logic (aws#5048) # This is the commit message aws#34: ci: Adding integ tests back to integv2 (aws#5054) # This is the commit message aws#35: refactor: cleanup CBMC proofs after aws#5048 (aws#5058) # This is the commit message aws#36: feat(bench): impl into for base config type (aws#5056) # This is the commit message aws#37: Revert "ci: remove openssl-1.0.2-fips builds (aws#4995)" (aws#5060) # This is the commit message aws#38: ci: change rust-toolchain format to toml (aws#5070) # This is the commit message aws#39: ci: Emit benchmark metrics from scheduled runs (aws#5064) # This is the commit message aws#40: fix(bindings): prevent temp connection free after panic (aws#5067) # This is the commit message aws#41: docs(integv2): add architecture diagram (aws#5072) # This is the commit message aws#42: docs(s2n-tls-hyper): Add hyper client/server example (aws#5069) # This is the commit message aws#43: ci: fix dependabot, commit & check Cargo.toml (aws#5065) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#44: fix(integration): Update PQ integration test expectations (aws#5082) # This is the commit message aws#45: fix: add support for `S2N_INTERN_LIBCRYPTO` with FetchContent (aws#5076) # This is the commit message aws#46: fix: calculation of session ticket age (aws#5001) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#47: fix: error for uninit psk, check for all-zero psk (aws#5084) # This is the commit message aws#48: fix: don't use DEPENDS with add_custom_command(TARGET) (aws#5074) # This is the commit message aws#49: fix(ci): Allow validate_start_codebuild to run on pushes to main (aws#5080) # This is the commit message aws#50: test: add minimal openssl-3.0-fips test (aws#5081) # This is the commit message aws#51: feat(bindings): add external psk apis (aws#5061) # This is the commit message aws#52: Fixed formatting for debugging statements (aws#5094) # This is the commit message aws#53: chore: ktls buildspec (aws#5083) # This is the commit message aws#54: chore: bindings release 0.3.11 (aws#5098) # This is the commit message aws#55: fix(integrationv2): Skip unsupported client auth tests (aws#5096) Co-authored-by: James Mayclin <maycj@amazon.com> # This is the commit message aws#56: build(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.1.0 in /.github/workflows in the all-gha-updates group across 1 directory (aws#5107) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> # This is the commit message aws#57: refactor: remove s2n_hmac_is_available (aws#5104) # This is the commit message aws#58: refactor: remove unused evp support for md5+sha1 (aws#5106) # This is the commit message aws#59: fix: allow b64 decoding using libcrypto for sidechannel resistance (aws#5103) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> Co-authored-by: Doug Chapman <54039637+dougch@users.noreply.github.com> # This is the commit message aws#60: fix: don't enable custom random for openssl fips (aws#5093) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#61: ci: add default provider to openssl-3.0-fips (aws#5114) # This is the commit message aws#62: Revert "refactor: remove unused evp support for md5+sha1 (aws#5106)" (aws#5118) # This is the commit message aws#63: Add new security policy (20250211) (aws#5111) # This is the commit message aws#64: refactor: move "s2n_libcrypto_is" methods into s2n_libcrypto.h (aws#5117) # This is the commit message aws#65: bindings: unpin openssl crate from a specific patch version (aws#5120) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#66: chore: fix a typo in API comments (aws#5123) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#67: build(deps): update rand requirement (aws#5125) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#68: fix(bindings): make Context borrow immutable (aws#5071) # This is the commit message aws#69: feat: Option to disable RAND engine override (aws#5108) # This is the commit message aws#70: refactor: use EVP_MD_fetch() if available (aws#5116) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#71: chore: binding release 0.3.12 (aws#5128) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#72: fix(bindings): remove mutation behind Arc (aws#5124) # This is the commit message aws#73: chore: remove unused well-known-endpoints.py (aws#5127) # This is the commit message aws#74: feat: add async cert validation support (aws#5110) # This is the commit message aws#75: ci: add check for third-party-src in disable rand override buildspec (aws#5137) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#76: refactor: always use EVP hashing (aws#5121) # This is the commit message aws#77: fix: update callback return value (aws#5136) # This is the commit message aws#78: ci: always set values for command line defines (aws#5126) # This is the commit message aws#79: tests: use sig schemes as source of truth for valid hash+sig algs (aws#5129) # This is the commit message aws#80: build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap in the all-cargo-updates group across 1 directory (aws#5087) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> # This is the commit message aws#81: test(integv2): fixes to allow test_record_padding to partially run (aws#5099) Co-authored-by: James Mayclin <maycj@amazon.com> # This is the commit message aws#82: chore(nix): Add aws-lc-fips 2022/4 (aws#5109) Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com> # This is the commit message aws#83: Ruff Formatting and add to CI (aws#5138) Co-authored-by: James Mayclin <maycj@amazon.com> # This is the commit message aws#84: feat(bindings): expose context on cert chain (aws#5132) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#85: refactor: cleanup prf header (aws#5144) # This is the commit message aws#86: refactor: add alternative EVP signing method (aws#5141) # This is the commit message aws#87: fix: memory leak during STEK rotation (aws#5146) # This is the commit message aws#88: chore(ci): make the awslc fips install script version aware (aws#5100) Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com> Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#89: refactor: remove unused prf hmac impls (aws#5148) # This is the commit message aws#90: chore(bindings): change in rustup behavior (aws#5160) # This is the commit message aws#91: chore: git-blame-ignore ruff formatting (aws#5151) # This is the commit message aws#92: tests: try to make s2n_mem_usage_test more useful (aws#5139) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#93: chore(ci): pin symbolic-common (aws#5166) # This is the commit message aws#94: chore: binding release 0.3.13 (aws#5167) # This is the commit message aws#95: refactor: add libcrypto PRF impl for openssl-3.0-fips (aws#5158) # This is the commit message aws#96: build(deps): bump nixbuild/nix-quick-install-action from 29 to 30 in /.github/workflows in the all-gha-updates group (aws#5153) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> # This is the commit message aws#97: style: fix redundant return (aws#5150) # This is the commit message aws#98: chore: update git blame ignore commit ID (aws#5164) # This is the commit message aws#99: tests: fix flaky ja4 test (aws#5169) # This is the commit message aws#100: fix: mark chachapoly as unavailable with openssl-3.0-fips (aws#5168) # This is the commit message aws#101: fix(ruff): resolve linting errors detected by Ruff (aws#5140) # This is the commit message aws#102: chore: pin once_cell version to unblock the CI (aws#5174) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#103: ci: use ruff --diff instead of --check (aws#5177) # This is the commit message aws#104: (docs): Improve PQ docs (aws#5173) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#105: test(integv2): add partial support for OpenSSL 3.0 provider (aws#5131) Co-authored-by: James Mayclin <maycj@amazon.com> # This is the commit message aws#106: ci: make start_codebuild.sh work for forks (aws#5178) # This is the commit message aws#107: chore: add inline noqa suppression (aws#5159) # This is the commit message aws#108: test: reduce parameter selection (aws#5161) # This is the commit message aws#109: test: fix self-talk pkey offload test for openssl-3.0-fips (aws#5175) # This is the commit message aws#110: build(deps): update aws-lc-rs version to remove paste deps (aws#5192) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#111: chore: bump linting action Ubuntu version (aws#5186) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#112: ci: cleanup awslc-fips versioning (aws#5156) # This is the commit message aws#113: chore: include Need By Date section in github issue template (aws#5187) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#114: ci: move openssl3fips build to existing asan build (aws#5181) # This is the commit message aws#115: fix: openssl-3.0-fips should use separate private rand (aws#5184) # This is the commit message aws#116: fix: remove unnecessary RC4 restriction (aws#5170) # This is the commit message aws#117: fix: openssl-3.0-fips should use libcrypto HKDF (aws#5183) Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com> # This is the commit message aws#118: ci: defend against unset version number in awslc installer (aws#5195) # This is the commit message aws#119: feature: openssl-3.0-fips support (aws#5191) # This is the commit message aws#120: ci: add libcrypto openssl-3.0-fips to integ tests (aws#5202) # This is the commit message aws#121: ci: add openssl-3.0-fips to asan build properly (aws#5204) # This is the commit message aws#122: fix: handshake message length integer overflow in s2n_handshake_finish_header (aws#5206) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#123: chore: deprecate s2n_set (aws#5155) # This is the commit message aws#124: chore: binding release 0.3.14 (aws#5210) # This is the commit message aws#125: Remove PQ TLS 1.2 from all Security Policies (aws#5194) # This is the commit message aws#126: ci: exclude new setuptools (aws#5215) # This is the commit message aws#127: fix: Update README.md to include Rust bindings docs (aws#5212) # This is the commit message aws#128: feat: add s2n_connection_get_key_exchange_group (aws#5209) # This is the commit message aws#129: chore: bindings release 0.3.15 (aws#5221) # This is the commit message aws#130: ci: add openssl-3.0-fips to valgrind (aws#5211) # This is the commit message aws#131: docs: fix openssl-3.0-fips provider requirements documentation (aws#5214) # This is the commit message aws#132: refactor(bindings): use implicit linking for aws-lc (aws#5218) # This is the commit message aws#133: fix: tighten session ticket lifetime (aws#5217) # This is the commit message aws#134: ci: Fix cppcheck build (aws#5238) # This is the commit message aws#135: refactor: implement match the same for all pkeys (aws#5224) # This is the commit message aws#136: ci: add openssl-3.0-fips to general batch (aws#5207) # This is the commit message aws#137: refactor: add evp pkey size/encrypt/decrypt methods (aws#5225) # This is the commit message aws#138: feat(bindings): expose certificate match api (aws#5220) Co-authored-by: James Mayclin <maycj@amazon.com> # This is the commit message aws#139: ci: add ruff linting (aws#5182) # This is the commit message aws#140: ci: pin nix installer to older version (aws#5245) # This is the commit message aws#141: chore: Fix new clippy warning (aws#5243) Co-authored-by: Boquan Fang <boquanfang3@gmail.com> # This is the commit message aws#142: ci: rebalance integV2 testcases (aws#5232) # This is the commit message aws#143: fix: tainted handshake.io and add large client hello test (aws#5208) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#144: chore: bindings release 0.3.16 (aws#5242) Co-authored-by: Boquan Fang <boquanfang3@gmail.com> # This is the commit message aws#145: refactor: remove legacy pkey impls (aws#5241) # This is the commit message aws#146: Revert "ci: exclude new setuptools (aws#5215)" (aws#5226) # This is the commit message aws#147: fix: make -fPIC flag private (aws#5227) Co-authored-by: Souvik Banerjee <souvik1997@gmail.com> # This is the commit message aws#148: doc: tainted stuffer reset operation (aws#5231) Co-authored-by: Boquan Fang <bqfang@amazon.com> # This is the commit message aws#149: feat: Expose `as_ptr()` for external build (aws#5229) # This is the commit message aws#150: ci: pytest generate junit reports (aws#5235) # This is the commit message aws#151: add compiler flag # This is the commit message aws#152: added c check x86 and correct compiler # This is the commit message aws#153: cmake fix # This is the commit message aws#154: testing # This is the commit message aws#155: removed clang # This is the commit message aws#156: Print statements # This is the commit message aws#157: compiler check # This is the commit message aws#158: print # This is the commit message aws#159: find clang # This is the commit message aws#160: branch probing # This is the commit message aws#161: removed individual probing # This is the commit message aws#162: removed old unneeded changes # This is the commit message aws#163: added back original line # This is the commit message aws#164: fixed .c file # This is the commit message aws#165: ci: use correct openssl version for updated AL2023 version (aws#5255) # This is the commit message aws#166: chore(ci): revert nix installer pin (aws#5251) # This is the commit message aws#167: ci: add awslcfips to nix jobs (aws#5205) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> # This is the commit message aws#168: moved adding options to the bottom # This is the commit message aws#169: copmiler debug prints # This is the commit message aws#170: clang printout # This is the commit message aws#171: remove setting compiler to clang # This is the commit message aws#172: set clang as default # This is the commit message aws#173: remove clang # This is the commit message aws#174: move fuzz cmake into it's own directory # This is the commit message aws#175: fixed path to fuzz # This is the commit message aws#176: back to original # This is the commit message aws#177: only branch if we're not fuzz tests # This is the commit message aws#178: add clang back now # This is the commit message aws#179: removed debugging prints # This is the commit message aws#180: removed checking for compiler # This is the commit message aws#181: testing move back original block
Adding 'const' to the API makes the data contract more explicit, and gives the compiler some more information with which to optimize if it can.
This kind of change should be applied to all places across the entirety of the API, but starting with the stuffer is useful due to its central role, and relatively small size.