Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 04 Jul 2013 09:11:29 +0200
From: Jens Gustedt <jens.gustedt@...ia.fr>
To: musl@...ts.openwall.com
Subject: Re: Use of size_t and ssize_t in mseek

Am Donnerstag, den 04.07.2013, 02:37 -0400 schrieb Rich Felker:
> > unless one would finally implement them separately, of course
> 
> Yes but that's a huge maintenance burden (duplicate functionality) and
> while it's less bloat for individual static apps that don't use Annex
> K, it's much more bloat for libc.a and libc.so.

sure, I mentioned this merely for completeness, I don't think that
this is a viable option

> No, I mean just the sheer volume of interfaces to add.

The number of interfaces wouldn't scare me too much, and it would be
relatively easy to start supporting that incrementally.

> qsort_s can store the comparison function and context in TLS, and then
> pass to qsort a comparison function that grabs these from TLS and
> calls the original comparison function with the context pointer. This
> is valid assuming qsort does not run the comparisons in new threads.

sure, but for an execution of qsort_s this would have a lot of
indirections and a call to TLS for every comparison. For performance
sensible functions like this, this doesn't sound very attractive.

(In P99 I do that with inlining and gcc shows to be able to expand all
comparisons in place and to optimize that smoothly.)

> TLS is not guaranteed to exist when these functions are called;
> programs not using any multi-threaded functionality are supposed to
> "basically work" on Linux 2.4. I don't mind having the Annex K
> functions depend on TLS, since only new programs will use them anyway,
> but I don't want to break existing programs.

My guess would be that you can alias the TLS variable that would
control that behavior to a simple global variable in the case of
absence of threads.

> What I was saying is that, in library code, you can't rely on this.
> The application may have installed a handler that causes the functions
> to just return an error, or the default implementation-defined handler
> might do so.

sure, but I don't see any problem in this. continuing execution is
one of the permitted path that a constraint handler may take. these
are user interfaces, not meant to be used internally by the C library,
I think.

> > > My feeling is that we should hold off on a decision about them to
> > > see if any applications actually start using them.
> > 
> > I think we have a hen and egg problem, here. Nobody will use them if
> > nobody provides an implementation.
> 
> You presume we would want people to use them. :) I don't. I think
> they're very poorly designed interfaces that were crammed into the
> standards process by their sponsor's clout rather than any technical
> merit of existing practice.

AFAIK they had some existing practice in the MS world

I think there are some of these interfaces that are not too bad, from
a user perspective these interfaces are relatively simple to use.

Especially qsort_s is nice and I also see advantages in being able to
inhibit certain dangerous printf or scanf formats.

> _FORTIFY_SOURCE solves pretty much the same problems these functions
> were intended to solve, but does a much better job since it doesn't
> rely on the application developer to provide truthful information
> about object sizes, and instead gets the compiler to do it.

In C, applications *have* to have a consistent view of the size of
their buffers. So I don't see much of a burden, here. I started to use
them (through my P99 implementation) and I didn't find anything
remarkably heavy.

Jens

-- 
:: INRIA Nancy Grand Est :: http://www.loria.fr/~gustedt/   ::
:: AlGorille ::::::::::::::: office Nancy : +33 383593090   ::
:: ICube :::::::::::::: office Strasbourg : +33 368854536   ::
:: ::::::::::::::::::::::::::: gsm France : +33 651400183   ::
:: :::::::::::::::::::: gsm international : +49 15737185122 ::




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.