Re: [RFC] timers, pointers to functions and type safety
[Posted December 5, 2006 by corbet]
| From: |
| Ingo Molnar <mingo-AT-elte.hu> |
| To: |
| Al Viro <viro-AT-ftp.linux.org.uk> |
| Subject: |
| Re: [RFC] timers, pointers to functions and type safety |
| Date: |
| Mon, 4 Dec 2006 12:48:51 +0100 |
| Cc: |
| Thomas Gleixner <tglx-AT-linutronix.de>,
Matthew Wilcox <matthew-AT-wil.cx>,
Linus Torvalds <torvalds-AT-osdl.org>, linux-arch-AT-vger.kernel.org,
linux-kernel-AT-vger.kernel.org |
* Al Viro <viro@ftp.linux.org.uk> wrote:
> > This is going to make a lot of data structures smaller, when the
> > timer_list is embedded in the structure itself and for the lot,
> > which ignores the timer callback argument anyway.
>
> container_of => still lousy type safety. All over the sodding place.
the question is: which is more important, the type safety of a
container_of() [or type cast], which if we get it wrong produces a
/very/ trivial crash that is trivial to fix - or embedded timers data
structure size all around the kernel? I believe the latter is more
important.
and we could have a runtime debugging option to tie the type of the
structure to the timer list entry. For example by using
__builtin_classify_type(), sizeof() and offsetof() to fingerprint timer
structs at init_timer time, and then checking for that at container_of()
time - or something like that. In fact, gcc should really give us a
better way to categorize types than __builtin_classify_type(). We could
probably improve the situation by having some global registry of types
known to the kernel, via a huge switch() around
__builtin_types_compatible_p().
Ingo
