Re: fs-independent quotas

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Fri, Nov 18, 2011 at 12:35:34AM +0000, David Holland wrote:
>  > With a proplib format, the kernel knows it didn't get the right
>  > argument (it didn't find a key "quotafile" with a string value in the
>  > dictionary). Of course you can still do quotaon /boot if you really
>  > wants to, but then it has been done on purpose, not just because
>  > you gave the wrong pointer to quotactl().
> 
> This is about type-safety. It has nothing to do with compatibility,
> forwards or backwards.

I agree. using proplib is a win for both type-safety and backward
compatibility.

> 
> Unless we split quotactl(2) into multiple system calls, one per
> operation, it can't be fully typesafe; C has no strictly type-safe way
> to be polymorphic.
> 
> It can be made better than quotactl(path, int, int, void *), but only
> a little. The important thing, I think, is that in my proposed world
> quotactl() is no longer meant to be user-callable. (Maybe it should be
> _quotactl() or __quotactl() so nobody calls it by accident.) Only
> libquota calls it, and if you're that concerned about mismatched types
> we can audit the libquota code.
> 
> And, btw, using proplib does not make the code type-safe. To the
> contrary, in fact, even excluding the dynamic typing behavior, because
> proplib's API is so borked. Look in its header files to see how many
> of its typedefs are really void pointers, and be scared...

I'm not. The void pointers are used only internally by proplib,
public functions are type-safe (exept for functions that work on
any data type, i.e  the *data* functions, and opaque pointers where their
type doesn't matters) and you can't use a function with the wrong pointer
type: prop_dictionary_get_int8() takes a int8_t*, prop_dictionary_get_cstring()
takes a char **, and so on. You cannot convert a value from/to the
wrong pointer type.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--