linux-hardening.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
To: David Laight <David.Laight@aculab.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
	Kees Cook <keescook@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Martin Uecker <Martin.Uecker@med.uni-goettingen.de>,
	Ingo Molnar <mingo@kernel.org>,
	Rikard Falkeborn <rikard.falkeborn@gmail.com>,
	Arnd Bergmann <arnd@arndb.de>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Andrew Morton <akpm@linux-foundation.org>,
	Andy Shevchenko <andy.shevchenko@gmail.com>,
	Nick Desaulniers <ndesaulniers@google.com>,
	"Gustavo A. R. Silva" <gustavoars@kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-hardening@vger.kernel.org"
	<linux-hardening@vger.kernel.org>
Subject: Re: [PATCH] linux/const.h: Explain how __is_constexpr() works
Date: Thu, 3 Feb 2022 01:28:24 +0100	[thread overview]
Message-ID: <CANiq72nkwKVGODWn1Ri_he+MOzp=Cw_L+3+2TX0UP_3=K0n5pA@mail.gmail.com> (raw)
In-Reply-To: <91f0956687b341a9861f467aafe6dc4d@AcuMS.aculab.com>

On Wed, Feb 2, 2022 at 11:42 PM David Laight <David.Laight@aculab.com> wrote:
>
> The compiler needs to find a 'compatible type' either for:
>         (void *)x       and     (int *)8
> or for:
>         (void *)0       and     (int *)8
>
> In the former it is 'void *' and the latter 'int *' because the (void *)0
> is NULL and thus a valid 'int *' pointer.

I think you are trying to come up with an explanation of how it works
based on compiler outputs (it makes sense to think that the compiler
has to find some reasonable "common" type). But the conditional
operator works case-by-case, slightly differently depending on what
kind of operands you give.

In the two cases involved, there is no "finding a compatible type" /
promotions going on -- the standard gives explicitly that it is a
pointer to void (former case), and the type of the other operand
(latter case). The value is still decided by the condition.

e.g. https://godbolt.org/z/zzE8dc7Ye

0 ?          void pointer (1) : pointer to object type (42) = (void *) 0x2a
1 ?          void pointer (1) : pointer to object type (42) = (void *) 0x1
0 ? null pointer constant (0) : pointer                (42) = ( int *) 0x2a
1 ? null pointer constant (0) : pointer                (42) = ( int *) (nil)

> In any case suggesting that it is based on the value before the ? is bogus.

What Rasmus was saying is that which value is selected still depends
on the condition, because the last paragraph of the explanation in the
commit is wrong. It should be something like:

  - The ultimate comparison to "sizeof(int)" reduces to either:
        sizeof(int) == sizeof(*(int *)0)  (x was a constant expression)
        sizeof(int) == sizeof(*(void *)0) (x was not a constant expression)

Cheers,
Miguel

  reply	other threads:[~2022-02-03  0:28 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-31 20:43 [PATCH] linux/const.h: Explain how __is_constexpr() works Kees Cook
2022-01-31 21:26 ` Gustavo A. R. Silva
2022-02-01 12:01 ` Jani Nikula
2022-02-01 13:05 ` Rasmus Villemoes
2022-02-01 15:09   ` Matthew Wilcox
2022-02-02  8:49   ` David Laight
2022-02-02 15:43     ` Uecker, Martin
2022-02-02 20:14       ` Miguel Ojeda
2022-02-02 16:19 ` David Laight
2022-02-02 20:13   ` Miguel Ojeda
2022-02-02 22:20     ` David Laight
2022-02-02 23:01       ` Miguel Ojeda
2022-02-02 23:08         ` Nick Desaulniers
2022-02-02 20:44   ` Rasmus Villemoes
2022-02-02 22:42     ` David Laight
2022-02-03  0:28       ` Miguel Ojeda [this message]
2022-02-02 20:43 ` Miguel Ojeda
2022-02-03  9:25   ` David Laight

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANiq72nkwKVGODWn1Ri_he+MOzp=Cw_L+3+2TX0UP_3=K0n5pA@mail.gmail.com' \
    --to=miguel.ojeda.sandonis@gmail.com \
    --cc=David.Laight@aculab.com \
    --cc=Martin.Uecker@med.uni-goettingen.de \
    --cc=akpm@linux-foundation.org \
    --cc=andy.shevchenko@gmail.com \
    --cc=arnd@arndb.de \
    --cc=corbet@lwn.net \
    --cc=gustavoars@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=rasmus.villemoes@prevas.dk \
    --cc=rikard.falkeborn@gmail.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).