This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC][PATCH v3] Initial support for C11 Annex K Bounds checking functions
- From: Ulrich Bayer <ubayer at sba-research dot org>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: <libc-alpha at sourceware dot org>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Fri, 14 Jun 2013 12:45:57 +0200
- Subject: Re: [RFC][PATCH v3] Initial support for C11 Annex K Bounds checking functions
- References: <51B1B444 dot 8080608 at sba-research dot org> <51B43794 dot 1020300 at cs dot ucla dot edu>
Thanks for your draft! I'm inclined to agree that in this case it's better to duplicate
the check instead of outsourcing it to a separate file because I'm not sure whether
GCC's stddef.h file can or should include other headers. I have changed your
draft implementation a bit according to the following considerations.
After experimenting a bit, I came to the conclusion that
checking whether all definitions (including the ones with
a non-integer value) of __STDC_WANT_LIB_EXT1__ are 100% identical is not (or not easily)
possible via normal preprocessor statements.
For example, the draft implementation will not catch the following inconsistent definition:
#define __STDC_WANT_LIB_EXT1__ 2
#include "string.h"
#define __STDC_WANT_LIB_EXT1__ 0
#include "stdlib.h"
I agree with Joseph that compiler (or preprocessor) support is required for catching
all inconsistent definitions of __STDC_WANT_LIB_EXT1__. I'm not sure how this support
would like. Should it be something like the following?
#pragma GCC must_not_redefine __STDC_WANT_LIB_EXT1__
That might be a bit too general because Annex K states "shall be
defined identically for all inclusions of any headers from Clause 6." We could also
hard-code logic for __STDC_WANT_LIB_EXT1__ when "-std=c11" is specified but I'm not sure
if this is a good idea. Personally, I also don't want to force users to compile
with -std=c11 only for getting a couple of _s functions declared - if we can avoid it.
As already indicated by Paul, the important thing from a glibc user's point of
view, is to consistently include or to not include the Annex K functions within
a translation unit. This is something that the draft implementation already
accomplishes.
Thus, in my opinion we should not try to check for inconsistent definitions of
__STDC_WANT_LIB_EXT1__ but check whether Annex K functionality is included consistently
or not inside a preprocessor translation unit. This concept also serves us well if we
decide that the Annex K functions should be available upon definition _GNU_SOURCE.
My proposal would be to include Annex K related functionality in all affected headers
in the following way:
/* Include C11 Annex K functions upon request. */
#if (defined __STDC_WANT_LIB_EXT1__ && __STDC_WANT_LIB_EXT1__ == 1)
# if defined __GLIBC_USE_LIB_EXT1 && __GLIBC_USE_LIB_EXT1 == 0
# error "Inconsistent definition of __STDC_WANT_LIB_EXT1__"
# endif
# ifndef __GLIBC_USE_LIB_EXT1
# define __GLIBC_USE_LIB_EXT1 1
# endif
/* declare Annex K functions here. */
#else /* C11 Annex K functions not included */
# if defined __GLIBC_USE_LIB_EXT1 && __GLIBC_USE_LIB_EXT1 == 1
# error "Inconsistent definition of __STDC_WANT_LIB_EXT1__"
# endif
# ifndef __GLIBC_USE_LIB_EXT1
# define __GLIBC_USE_LIB_EXT1 0
# endif
#endif /* C11 Annex K functions not included */
--Ulrich
On 09.06.2013 10:06, Paul Eggert wrote:
> On 06/07/2013 03:21 AM, Ulrich Bayer wrote:
>> Instead of misusing features.h (with global effects) we could create a new header
>> called e.g. annex_k_protection.h which is included by all Annex K relevant headers.
>> This header can then check whether __STDC_WANT_LIB_EXT1__ has the same value
>> for all inclusions of an Annex K header.
>
> Here's a draft implementation of that header. Or, since this is short,
> perhaps we can just copy this text into all Annex K relevant headers.
>
> #ifdef __GLIBC_LIB_EXT1__
> # if (__GLIBC_LIB_EXT1__ != \
> (defined __STDC_WANT_LIB_EXT1__ ? __STDC_WANT_LIB_EXT1__ : -1))
> # error "__STDC_WANT_LIB_EXT1__ defined inconsistently"
> # endif
> # undef __GLIBC_LIB_EXT1__
> #endif
> #ifndef __STDC_WANT_LIB_EXT1__
> # define __GLIBC_LIB_EXT1__ (-1)
> #elif __STDC_WANT_LIB_EXT1__ == 1
> # define __GLIBC_LIB_EXT1__ 1
> #else
> # define __GLIBC_LIB_EXT1__ 0
> #endif
>