Hi Junio
On 14/10/2021 21:22, Junio C Hamano wrote:
Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes:
It's great to see these leaks being fixed. I wonder though if it would
be better to change the structure definition so that 'name' and 'path'
are no longer 'const'. That would be a better reflection of the new
regime.[...]
I think this is the right thing to do, but I'm not quite sure. There was
a thread at it here:
https://lore.kernel.org/git/YUZG0D5ayEWd7MLP@xxxxxxxxxxxxxx/
Where I chimed in and suggested exactly what you're saying here, but the
consensus seemed to go the other way, and if you grep:
git grep -F 'free((char *)'
You can see that we use this pattern pretty widely.
Unfortunately, we probably need to make a trade-off and cannot eat
the cake and have it at the same time.
If we leave the .members non-const, the destructor may have to cast
the constness away. If it is marked const * const, then we also
need to let the constructor do the same.
It's not just in the destructor though, there are several other places
where we cast the value to free it suggesting it is not actually const.
I'd rather pass a "const struct branch_info*" around to all the callers
that are not mutating the struct (we already do that in some places but
not all) and change the structure definition to avoid the casts where it
is mutated.
By marking the .members const, we can be sure that the users of the
API will not muck with the values once the structure is instanciated
and given to them, but the destructor need to cast the constness
away. It may be lessor of two evils, as the need to cast is isolated
in the _implementation_ of the API, and casts in the _users_ of the API
would stand out more.
If it was just the destructor that was free()'ing the values I'd agree
but the struct gets mutated in other places as well.
Best Wishes
Phillip
