Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Jul 2013 04:12:45 -0400
From: Rich Felker <>
Subject: Re: Use of size_t and ssize_t in mseek

On Thu, Jul 04, 2013 at 09:11:29AM +0200, Jens Gustedt wrote:
> > qsort_s can store the comparison function and context in TLS, and then
> > pass to qsort a comparison function that grabs these from TLS and
> > calls the original comparison function with the context pointer. This
> > is valid assuming qsort does not run the comparisons in new threads.
> sure, but for an execution of qsort_s this would have a lot of
> indirections and a call to TLS for every comparison. For performance
> sensible functions like this, this doesn't sound very attractive.

If it's inside musl, the TLS dereference is very cheap on most archs:
it's just a constant offset from the thread pointer. Same if the code
were static linked in the main program. Otherwise, if it's a dynamic
library, then yes it would be fairly costly, like you say.

> (In P99 I do that with inlining and gcc shows to be able to expand all
> comparisons in place and to optimize that smoothly.)

Nice. I'll have to take a look -- I've always wanted to see a fully
inlined qsort that could be compared to the C++ template-based sorts
to demonstrate that inline functions in C can do just as good or
better, inlining the comparison callback... :)

> > TLS is not guaranteed to exist when these functions are called;
> > programs not using any multi-threaded functionality are supposed to
> > "basically work" on Linux 2.4. I don't mind having the Annex K
> > functions depend on TLS, since only new programs will use them anyway,
> > but I don't want to break existing programs.
> My guess would be that you can alias the TLS variable that would
> control that behavior to a simple global variable in the case of
> absence of threads.

Yes, that can be done, but I'd probably rather just use the FILE...

> > What I was saying is that, in library code, you can't rely on this.
> > The application may have installed a handler that causes the functions
> > to just return an error, or the default implementation-defined handler
> > might do so.
> sure, but I don't see any problem in this. continuing execution is
> one of the permitted path that a constraint handler may take. these
> are user interfaces, not meant to be used internally by the C library,
> I think.

I was thinking of third-party libraries that aim to be proper library
code, not use in the standard library.

> I think there are some of these interfaces that are not too bad, from
> a user perspective these interfaces are relatively simple to use.

I find the str/mem functions rather confusing, with their redundant
size arguments and all.

> Especially qsort_s is nice

I agree. IMO it's a shame it was done as part of Annex K and not the
base standard. Unlike most of Annex K, it serves a real purpose.

> and I also see advantages in being able to
> inhibit certain dangerous printf or scanf formats.

For printf, there's nothing dangerous about %n. This is a
misconception based on knee-jerk reactions to format string bugs. The
only thing that's dangerous is passing non-format-strings as the
format-string argument to printf.

For scanf, having size limits on strings to be read is useful. I was
under the mistaken impression that exceeding the limit was a runtime
constraint violation, which would have made scanf_s useless, but it's
specified to be a matching failure. Still, the same can be achieved
with plain scanf and a field width specifier. And if you need the
width to vary at runtime, you can generate the format string with
snprintf... So scanf_s buys you a little bit of convenience, but not
much more.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.