Name
	n3574 - Adopt qualifier conversion rules from C++

Principles
	-  Codify existing practice to address evident deficiencies.
	-  Do not leave features in an underdeveoped state.
	-  Enable secure programming.
	-  Facilitate interoperability.

Category
	Language; conversions; pointers.

Author
	Alejandro Colomar <alx@kernel.org>

	Cc: Jonathan Wakely <jwakely@redhat.com>
	Cc: Joseph Myers <josmyers@redhat.com>
	Cc: наб <nabijaczleweli@nabijaczleweli.xyz>

History
	<https://www.alejandro-colomar.es/src/alx/alx/wg14/alx-0004.git/>

	r0 (2025-03-15):
	-  Initial draft.

	r1 (2025-03-17):
	-  Fix recursive wording.  The types in tN might be qualified at
	   any level as long as the corresponding uN is qualified,
	   regardless of the qualification of t(N-1).  At least that's
	   what g++(1) seems to accept.

	r2 (2025-05-04):
	-  Fix typos.
	-  Remove bogus link from 'See also'.
	-  Add links to 'See also'.
	-  Mention n3510 in 'See also'.
	-  Use the wording in C++11.  The wording I had was bogus; and
	   the wording in the current versions of C++ is too complex for
	   me to understand it.  The wording of C++11 is slightly less
	   powerful than the current one, but on the other hand it's not
	   a bad idea to fall short on allowed conversions, just in
	   case.  If we want to lift more restrictions, we're always in
	   time.

	r3 (2025-06-01):
	-  tfix.

Description
	C is too strict regarding qualifiers, and requires the
	programmer to do casts or have functions with unnecessarily
	unqualified APIs.  C++ has shown that certain assignments can be
	done safely.  The following is forbidden by C, but allowed by
	C++:

		char               *p;
		const char *const  *pp = &p;

See also
	<https://stackoverflow.com/a/8909208/6872717>
	<https://github.com/llvm/llvm-project/issues/129260>
	<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=17654#c11>
	<https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2014/n4261.html>
	<https://c-faq.com/ansi/constmismatch.html>
	<https://isocpp.org/wiki/faq/const-correctness#constptrptr-conversion>
	<https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3510.pdf>

	This proposal would interact with n3510 (see link above).  Both
	proposals intend to reduce the use of casts for converting
	pointers, in order to have stronger type safety.  n3510 focuses
	on function pointers, while this proposal focuses on pointers to
	pointers.  Both proposals are compatible (and beneficial to each
	other), although care should be taken to make sure there are no
	merge conflicts.  This proposal should be simpler than n3510,
	since we have prior art in C++, where it has been tested for a
	long time.

Proposed wording
	Based on N3550.

    6.3.3.3  Conversions :: Other operands :: Pointers
	@@ New p after p2
	+A conversion can add qualifiers
	+at levels other than the first multi-level pointers,
	+subject to the following rules:
	+	Two pointer types <i>T1</i> and <i>T2</i>
	+	are <i>similar</i>
	+	if there exists a type <i>T</i>
	+	and integer <i>n</i> > 0
	+	such that:
	+
	+		<i>T1</i> is <i>q_1,0</i> pointer to
	+		<i>q_q1,1</i> pointer to ...
	+		<i>q_1,n-1</i> pointer to <i>q_1,n T</i>
	+	and
	+		<i>T2</i> is <i>q_2,0</i> pointer to
	+		<i>q_q2,1</i> pointer to ...
	+		<i>q_2,n-1</i> pointer to <i>q_2,n T</i>
	+
	+where each <i>q_i,j</i> is a set of qualifiers.
	+The n-tuple of qualifiers
	+after the first in a pointer type
	+--e.g., <i>q_1,1</i>, <i>q_1,2</i>, ... <i>q_1,n</i>
	+  in the pointer type <i>T1</i>--
	+is called
	+the <i>qualification signature</i> of the pointer type.
	+An expression of type <i>T1</i>
	+can be converted to type <i>T2</i>
	+if and only if the following conditions are satisfied:
	+	-  the pointer types are similar.
	+	-  for every <i>j</i> > 0,
	+	   if a qualifier is in <i>q_1,j</i>
	+	   the same qualifier is in <i>q_2,j</i>.
	+	-  if <i>q_1,j</i> and <i>q_2,j</i> are different,
	+	   then <tt>const</tt> is in every <i>q_2,k</i>
	+	   for 0 < <i>k</i> < <i>j</i>.