This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Implementation of C11 Bounds-checking interfaces
- From: Rich Felker <dalias at aerifal dot cx>
- To: libc-alpha at sourceware dot org
- Date: Wed, 31 Oct 2012 11:32:34 -0400
- Subject: Re: Implementation of C11 Bounds-checking interfaces
- References: <509132DA.9060503@sba-research.org>
On Wed, Oct 31, 2012 at 03:16:58PM +0100, Ulrich Bayer wrote:
> We wrote an implementation of the bounds-checking C functions (as
> specified in Annex K of the current C standard, a.k.a. C11) for use with
> the GNU C library. Annex K includes the _s functions, such as strcpy_s,
> strcat_s etc.
>
> It is my understanding that you prefer having such an implementation in
> an external library which is why our implementation is a self-contained
> library. Itâs mostly a wrapper around glibc functions but in a couple of
> cases we had to directly reuse code from glibc. It is supposed to work
> with GCC and Glibc. It compiles and all test cases run successfully on
> recent linux distributions (OpenSuSE, CentOS, Debian and Ubuntu).
>
> This library consists of
>
> -)a thread-safe implementation of all functions specified in the ISO
> Standard (except widechar functions)
>
> -)API documentation for all functions
>
> -)test cases for all functions
>
> -) overloaded C++ template functions for easier use when compiling with g++
>
> More information about the project is available at:
>
> http://code.google.com/p/slibc/
>
>
> Of course, we welcome your feedback.
I definitely like the idea of keeping it separate, but I question the
amount of code duplication. For example, tmpfile_s does not need to
reimplement tmpfile in terms of mkstemp; in fact, such an
implementation does not conform to ISO C since it references POSIX
symbols outside the ISO C namespace. A much simpler implementation
would just be:
errno_t tmpfile_s(FILE * restrict * restrict streamptr)
{
if (!streamptr) {
RUNTIME_CONSTRAINT_HANDLER();
return EINVAL;
}
*streamptr = tmpfile();
return *streamptr ? 0 : errno;
}
Rich