Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Jul 2013 19:12:03 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: New articles on ewontfix

* Rich Felker <dalias@...ifal.cx> [2013-07-07 11:27:40 -0400]:
> On Sun, Jul 07, 2013 at 02:20:15PM +0200, Szabolcs Nagy wrote:
> > * Rich Felker <dalias@...ifal.cx> [2013-07-05 11:54:11 -0400]:
> > > My thought is that it would be based on the property of
> > > being able to combine two programs with well-defined behavior, both
> > > using the library code, into a single program where each original
> > > program runs starting with its own initial thread, such that the
> > > combined program does not invoke UB and the two sub-programs match
> > > their behavior before being combined.
> > 
> > i think library safety should also cover single thread issues
> 
> It attempts to. Having the "test" be with threads automatically covers
> all cases of using the library separately from multiple modules.
> 

ah ok

but then "program with well-defined behavior" is hard
to specify

(i thought you assume working programs and only require
that their combination does not break)

if well-defined can be any program that the language and
the library documentation allows in a single-threaded
execution then the program itself may invoke ub in
multi-threaded case

and a library interface can require a callback that
does impossible things so no program is well-defined

> > unbounded resource usage,
> 
> I don't see how this can be quantified correctly, but in some sense,
> it is by the proposed definition. If part A consumes so many resources
> that part B can't run, that would be a failure of the test. However
> I'm reluctant to call that a failure since it could make any library
> fail. This is why the definition is difficult to get right.

if the library documents its resource usage then it can pass
the strong test

(and there are per-thread resources: stack)

we also want that low resources or runtime failures are
handled and don't cause ub: so the runtime environment
should be part of the definition in some way

by unbounded resources i originally meant resource leaks,
but "resource safety" seems to be hard to specify in general

> > strong assumtions about the environment..)
> 
> Could you elaborate?

by environment i meant the system surrounding the program

and strong assumption is anything that is not guaranteed

eg if a library tries to connect to some webserver to
get some information that is present locally as well,
then it assumes internet connection unjustifiably

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.