s2n-tls icon indicating copy to clipboard operation
s2n-tls copied to clipboard

Published 20 hours ago verified publisher icon aws

refactor(api): make psk apis const

Open jmayclin opened this issue 1 year ago • 1 comments

Resolved issues:

Relevant to #4140

Description of changes:

When sketching out PSK bindings for Rust, there were a number of dangerous "The API takes in *mut but I'm going to assume that we really meant *const" assumptions.

This PR updates the APIs to be actually const where possible. Some of them were not simply fixable due to interactions with stuffers.

Call-outs:

This is not expected to be a breaking change, because it is valid to treat a mutable pointer as a const pointer. However to my knowledge we haven't made this kind of change before, and it's unclear if customer might be doing particularly odd things that would get broken by this.

Testing:

All tests should continue to pass. There is no semantic changes, only changes to function definitions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

jmayclin avatar May 24 '24 01:05 jmayclin

Summarizing some offline discussion.

  1. This PR should be broader in scope. While these are the convenient APIs to mark const, it makes it difficult to tell what a longer-term shift to const will look like. This PR will be updated to mark all of the logically const PSK apis as gramatically const.
  2. Long term, we should be investing in static analysis to assert on the logical constness of these APIs. Note that "gramatically const" is strictly weaker than "logically const", because const is not transitive in C. Potential Option 1 would be to do this through CBMC, although the cost of CBMC harnesses makes this approach prohibitively expensive. personal note: I wonder if a custom clang static analyzer that just enforces transitive const semantics could do this.

jmayclin avatar Jun 06 '24 21:06 jmayclin

This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Aug 06 '24 01:08 github-actions[bot]

Closing as I have found no easy ways to help assert const correctness in an automated way. Until our bar changes on that, this PR won't be making any progress.

jmayclin avatar Nov 06 '24 22:11 jmayclin