Le samedi 21 janvier 2023, 14:30:11 UTC Alejandro Colomar a écrit :
> Hi Bastien,
>
> On 1/21/23 14:30, Bastien Roucariès wrote:
>
> [...]
>
> >> Ahh, indeed it seems to be UB. It's in the same 6.5.2.3/6: there's a
> >> requirement that the information about the union is kept in the function in
> >> which it's accessed.
> >>
> >> The standard presents an example, which is a bit ambiguous:
> >>
> >> The following is not a valid fragment (because the union type is not
> >> visible within function f):
> >>
>
> [...]
>
> >>
> >> I don't know what's the intention if the union type was global but the variable
> >> `u` was still not seen by f(). But it seems GCC's interpretation is UB,
> >> according to the test we just saw.
> >>
> >> The solution that I can see for that is making sockaddr also be a union. That
> >> way, the union is kept across all calls (since they all use sockaddr).
> >>
> >> struct sockaddr {
> >> union {
> >> struct {
> >> sa_family_t sa_family;
> >> char sa_data[14]; // why 14?
> >> }
> >> struct sockaddr_in sin;
> >> struct sockaddr_in6 sin6;
> >> struct sockaddr_un sun;
> >> };
> >> };
> >
> > No the solution is to avoid sockaddr and mark as deprecated.
>
> Declaring `sockaddr` as deprecated means deprecating also:
>
> accept(2)
> accept4(2)
> bind(2)
> connect(2)
> getpeername(2)
> getsockname(2)
> recvfrom(2)
> sendto(2)
> getnameinfo(3)
>
> which use the type in their prototype.
>
> Also, other types such as `addrinfo`, which contain `sockaddr` would also need
> to be deprecated, which would itself require deprecating:
No because this function will take a opaque transparent union pointer. I mean only raise
a warning when user declare a variable (storage) of struct sockaddr...
>
> getaddrinfo(3)
> freeaddrinfo(3)
>
> Since addrinfo is itself contained in other structures such as `gaicb`, we would
> also need to deprecate those, which would in turn require deprecating more APIs:
>
> getaddrinfo_a(3)
> gai_error(3)
> gai_cancel(3)
>
> And maybe I left some. This feels like nuking the entire networking API, which
> I don't see happening soon.
>
>
> Otherwise, we need to come up with a solution that keeps these APIs compatible
> with whatever new type we suggest using. Changing them to use `void*` instead
> of `sockaddr*` would be possible, but would decrease type safety considerably,
> so there should be a good reason for that.
>
> Suggesting to use always `sockaddr_storage` but using `sockaddr` in the function
> parameters keeps the current not-so-nice casting issues, which are not Undefined
> Behavior per se, but not ideal either (in fact, I don't think `void*` is much
> worse than code full of casts). And it would also be error-prone, since users
> could get the idea that `sockaddr` can be used safely, since it's what gets
> passed as the parameter.
>
> > The problem it should be part of union without raising a warning each time we use a safe type...
>
> I don't understand this; please detail.
the transparent union will include sockaddr, thus even if we use it correctly raise a warning...
>
> >
> > The other solution is to render public and ABI stable the type here
> > https://github.com/bminor/glibc/blob/ae612c45efb5e34713859a5facf92368307efb6e/socket/sys/socket.h#L78
> > under for instance sockaddr_ptr and sockaddr_const_ptr
>
> [[gnu::transparent_union]] (used in that link) seems like a "the design of this
> interface is bad, sorry, this workaround will just make it work". I guess it
> just works, and probably it's the reason that so much undefined behavior hasn't
> exploded so far. However, if we can solve this using core language features,
> I'd go that way.
It solve the problems and could be used without the [[gnu::transparent_union]], c++17 support transparent union.
The transparent union should also include pointer to sockaddr_storage and bluetooth socket.
Bastien
>
> >
> > Moreover this are some patch arch by arch
> > https://sourceware.org/legacy-ml/libc-alpha/2016-02/msg00340.html that should be made default
> >
> > Bastien
> >
> >
> >
> >>
> >> struct sockaddr_storage {
> >> union {
> >> sa_family_t ss_family;
> >> struct sockaddr sa;
> >> };
> >> };
>
> Hmm, this isn't still perfect. Since the APIs get the sockaddr, this union
> information would be lost. `sockaddr` needs to be the type that is declared.
> `sockaddr_storage` should just die; there's no way to make it compatible with
> APIs getting a `sockaddr`. The attribute `transparent_union` is the only way to
> use is safely.
>
> Cheers,
>
> Alex
>
> >>
> >>
> >> With this, sockaddr_storage becomes useless, but still usable. New code, could
> >> just use sockaddr and use the internal union members as necessary. Union info
> >> is kept across all function boundaries.
>
> --
> <http://www.alejandro-colomar.es/>
>
Attachment:
signature.asc
Description: This is a digitally signed message part.
