[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22410 [Core Tor/Tor]: ensure that uint8_t is unsigned char

Subject: Re: [tor-bugs] #22410 [Core Tor/Tor]: ensure that uint8_t is unsigned char
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 28 May 2017 16:14:54 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 28 May 2017 12:15:11 -0400
In-reply-to: <048.fbbe7646835a2af2d5774efa9f01791c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.fbbe7646835a2af2d5774efa9f01791c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22410: ensure that uint8_t is unsigned char
--------------------------+------------------------------------
 Reporter:  catalyst      |          Owner:  catalyst
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:  #6877         |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by catalyst):

 Replying to [comment:4 cypherpunks]:
 > Comparing the length of the keywords is a bad way of choosing data
 types.
 In the abstract, I agree.  I also think the length of a type name does
 affects readability by humans and we should consider that in our
 decisions.
 > Replying to [comment:3 catalyst]:
 > > If uint8_t is an extended integer type rather than unsigned char
 (which is admittedly unlikely), it won't have the privileged aliasing
 properties of unsigned char so code that casts pointers to other types to
 pointers to uint8_t might violate the strict aliasing rules and produce
 undefined behavior.
 > I agree with the possibility of violating strict aliasing. However, i
 assume (yes, i know i should never) these pointers are dereferenced at
 some point which is always undefined behavior when the old and new type
 differs so the point is moot.
 C99 §6.5 paragraph 7 explicitly says that it's always valid to use a
 character lvalue to access the stored value of any object.  This means
 it's always valid to dereference a pointer to a character type as long as
 it points into an object.  If we detect that uint8_t is a character type,
 then we know that it will also have these privileged aliasing properties.
 > I don't care about the data type names (any renaming can easily be done
 using `typedef` if preferred). IMO it's more important that the data type
 matches the type of data it holds and the code handling these data types
 is built around these data types in order to keep casting to a minimum
 (preferably none).
 I think the best data type for handling arbitrary byte data on a platform
 with CHAR_BIT==8 is unsigned char.  This also has an advantage when
 handling encoding or decoding a larger type, because of the privileged
 aliasing properties of character types in C.

 A lot of existing code in the tree uses uint8_t.  It's easier to check at
 configure time whether uint8_t is a character type than to check each use
 of uint8_t for strict aliasing violations that could occur on (presumably
 rare) platforms where uint8_t is not a character type.

 There will often need to be casting even when using unsigned char or
 uint8_t because they will promote to signed int on most platforms.  This
 can cause problems with bitwise shifts if the appropriate casts aren't
 done.  (Left-shifting a 1 bit into the sign bit is undefined behavior.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22410#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #22410 [Core Tor/Tor]: ensure that uint8_t is unsigned char
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16576 [User Experience/Website]: Add a 'community projects' list (separate page?) to the website
Next by Author: Re: [tor-bugs] #9494 [Core Tor/Tor]: Remove gratuitous newlines from log messages? (was: Log fix facility and lines)
Previous by thread: Re: [tor-bugs] #22410 [Core Tor/Tor]: ensure that uint8_t is unsigned char
Next by thread: [tor-bugs] #22411 [Webpages/Blog]: Comments are not shown at all to users who aren't logged in
Index(es):
- Author
- Thread