Re: casts considered harmful

[Savochkin Andrey Vladimirovich <saw msu ru>]

On Tue, Feb 02, 1999 at 04:59:43PM -0500, Michael K. Johnson wrote:
> 
> EVERY instance of pam_get_item in all of Linux-PAM's modules has to
> cast its item to a (const void **) or a (void *) in order to avoid
> compiler warnings, because pam_get_item is declared to be a
> const void **, and the only reasonable way to get at the data is
> pam_get_item (pamh, PAM_FOO, &some_char_pointer_variable);
> 
> Why on earth do we specify a constant pointer to a pointer to a
> void for this?  All it does is force people to use casts, which

pam_get_item has such a prototype to emphasize that the caller shouldn't modify
data pointed by some_char_pointer_variable.  And the caller should use only
`const some_type *' pointers.

The only pity thing is that our compilers can't do automatic casts
from `some_type **' to `const some_type **' but can do casts
from `some_type *' to `const some_type *'.

> are just a way to mask programmers' mistakes so that they don't
> notice them until they get a hard-to-track-down bug report.
> 
> If it's because Sun decided to force people to cast around (or
> if their compiler doesn't care, I don't know), can we please
> remove the const in our version, and add a -DPAM_ME_HARDER
> that puts the const back in for people who want to follow the
> spec even when it is stupid?  Alternatively, can we simply
> remove it altogether like reasonable people?

I personally prefer to keep this `const'.  The clear and senseful interface is
more important for me than possible rare bugs because of passing one `*' pointer
instead of `**'.

Best regards
					Andrey V.
					Savochkin