On Sat, Nov 05 2022, Phillip Wood wrote: > On 05/11/2022 13:52, Ævar Arnfjörð Bjarmason wrote: >> On Sat, Nov 05 2022, René Scharfe wrote: >> >>> Am 04.11.22 um 14:22 schrieb Ævar Arnfjörð Bjarmason: >>>> diff --git a/parse-options.h b/parse-options.h >>>> index b6ef86e0d15..61e3016c3fc 100644 >>>> --- a/parse-options.h >>>> +++ b/parse-options.h >>>> @@ -128,19 +128,24 @@ typedef int parse_opt_subcommand_fn(int argc, const char **argv, >>>> * the option takes optional argument. >>>> * >>>> * `callback`:: >>>> - * pointer to the callback to use for OPTION_CALLBACK >>>> + * pointer to the callback to use for OPTION_CALLBACK and OPTION_SUBCOMMAND. >>>> * >>>> * `defval`:: >>>> * default value to fill (*->value) with for PARSE_OPT_OPTARG. >>>> * OPTION_{BIT,SET_INT} store the {mask,integer} to put in the value when met. >>>> + * OPTION_SUBCOMMAND stores the pointer the function selected for >>>> + * the subcommand. >>>> + * >>>> * CALLBACKS can use it like they want. >>>> * >>>> * `ll_callback`:: >>>> * pointer to the callback to use for OPTION_LOWLEVEL_CALLBACK >>>> * >>>> * `subcommand_fn`:: >>>> - * pointer to a function to use for OPTION_SUBCOMMAND. >>>> - * It will be put in value when the subcommand is given on the command line. >>>> + * pointer to the callback used with OPT_SUBCOMMAND() and >>>> + * OPT_SUBCOMMAND_F(). Internally we store the same value in >>>> + * `defval`. This is only here to give the OPT_SUBCOMMAND{,_F}() >>>> + * common case type safety. >>>> */ >>>> struct option { >>>> enum parse_opt_type type; >>>> @@ -217,12 +222,24 @@ struct option { >>>> #define OPT_ALIAS(s, l, source_long_name) \ >>>> { OPTION_ALIAS, (s), (l), (source_long_name) } >>>> >>>> +static inline int parse_options_pick_subcommand_cb(const struct option *option, >>>> + const char *arg UNUSED, >>>> + int unset UNUSED) >>>> +{ >>>> + parse_opt_subcommand_fn *fn = (parse_opt_subcommand_fn *)option->defval; >>>> + *(parse_opt_subcommand_fn **)option->value = fn; >>> >>> ->defval is of type intptr_t and ->value is a void pointer. The result >>> of converting a void pointer value to an intptr_t and back is a void >>> pointer equal to the original pointer if I read 6.3.2.3 (Pointers, >>> paragraphs 5 and 6) and 7.18.1.4 (Integer types capable of holding >>> object pointers) in C99 correctly. >>> >>> 6.3.2.3 paragraph 8 says that casting between function pointers of >>> different type is OK and you can get your original function pointer >>> back and use it in a call if you convert it back to the right type. >>> >>> Casting between a function pointer and an object pointer is undefined, >>> though. They don't have to be of the same size, so a function pointer >>> doesn't have to fit into an intptr_t. I wouldn't be surprised if CHERI >>> (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/) was an actual >>> example of that. >> I should have called this out explicitly. I think you're right as >> far as >> what you're summarizing goes. >> To elaborate on it, paragraph 8 of 6.3.2.3 says: >> A pointer to a function of one type may be converted to a >> pointer to a function of another type and back again; the result >> shall compare equal to the original pointer. If a converted >> pointer is used to call a function whose type is not compatible >> with the pointed-to type, the behavior is undefined. >> And 7.18.1.4 says, when discussing (among other things) "intptr_t" >> ("[such" added for clarity: >> [...]any valid [such] pointer to void can be converted to this >> type, then converted back to pointer to void, and the result >> will compare equal to the original pointer: >> But as you point out that doesn't say anything about whether a >> pointer >> to a function is a "valid .. pointer to void". >> I think that's an "unportable" extension covered in "J.5 Common >> extensions", specifically "J.5.7 Function pointer casts": >> A pointer to an object or to void may be cast to a pointer to >> a >> function, allowing data to be invoked as a function > > This is a common extension, it is _not_ guaranteed by the standard and > so still undefined behavior unless your compiler happens to have > implemented that extension. >> Thus, since the standard already establishes that valid "void *" and >> "intptr_t" pointers can be cast'd back & forth, the J.5.7 bridges the >> gap between the two saying a function pointer can be converted to >> either. > > How does J.5.7 bridge the gap when compilers are not required to > implement it? I'm saying it bridges the gap in that explanation, i.e. reinforces that the main standard body isn't referring to function pointer casts to void * and intptr_t. >> Now, I may be missing something here, but I was under the impression >> that "intptr_t" wasn't special in any way here, and that any casting of >> a function pointer to either it or a "void *" was what was made portable >> by "J.5.7" > > How is it made portable by an "unportable" extension? I'm just repeating the terminology the standard uses: "The following extensions are widely used in many systems, but are not portable to all implementations". >> So I think aside from other concerns this should be safe to use, as >> real-world data backing that up we've had a intptr_t converted to a >> function pointer since v2.35.0: 5cb28270a1f (pack-objects: lazily set up >> "struct rev_info", don't leak, 2022-03-28). > > Saying "it works so it is fine" is not a convincing argument that it > is compliant with the standard. I was saying, among other things, that it's standardized by POSIX, so it's in the same category as ssize_t, not some hypothetical "happens to work" undefined behavior. But we also make use of it already, so that gives us some real-world data on potential issues.