| Title | Rings are not well checked |
| Status | suspended |
| Priority | nice |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | NB writes [1]: I think we could and should do better at checking the members of Rings. In particular, we have a very common pattern in which child->parentRing is a RingStruct on the ring of which child->parent->childRing is the head. However, although ChildCheck(child) checks that child->parentRing is a Ring, and ParentCheck(parent) checks that parent->childRing() is a Ring, (a) these checks are not as strong as we would like, because RingStructs don’t have Sigs, and (b) there is no check that all the children on the parent’s ring are children of the parent. Even more generally, all our rings have a head somewhere, and I think that, at least when doing DEEP checking, the check method of the structure containing the ring’s head should check that all the ring members at least have the right signature and, when the ring members point back to the “parent”, that they point to the right parent. |
| Analysis | The (macro) interface needs to be something like this: RING_CHECK_CHILDREN(parent, ring, child_type, child_member, parent_member) where parent is a pointer to the parent structure, ring is the ring in the parent being checked, child_type is the type of the child structure containing the child ring elements, child_member is the member name of the child ring, and parent_member is the name of the pointer to the parent in the child structure. For example, global.c might do: RING_CHECK_CHILDREN(arena, &arenaGlobals->poolRing, Pool, arenaRing, arena); The implementation would be something like this: #define RING_CHECK_CHILDREN(parent, ring, child_type, child_member, parent_member) \ BEGIN { \ Ring _node, _next; \ RING_FOR(_node, ring, _next) { \ child_type _child = PARENT(child_type, child_member, _node); \ CHECKD_NOSIG(Ring, _node); \ CHECKD(child_type, _child); \ CHECKL(_child->parent_member == parent); \ } \ } END; RB says [2], "I'm very wary of O(n) checks that might not be very productive. Rings are hard to get wrong." |
| How found | inspection |
| Evidence | [1] <https://info.ravenbrook.com/mail/2014/05/13/23-07-35/0/>[2] < https://info.ravenbrook.com/mail/2014/05/14/16-12-04/0/> |
| Created by | Gareth Rees |
| Created on | 2014-05-14 09:31:23 |
| Last modified by | Gareth Rees |
| Last modified on | 2014-10-14 22:52:26 |
| History | 2014-05-14 GDR Created. 2014-10-14 GDR Suspended based on [2]. |