This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: As-if Infinitely Ranged Integer Model

From: Robert Seacord <rcs at cert dot org>
To: Joseph Myers <joseph at codesourcery dot com>
Cc: "'gcc at gcc dot gnu dot org'" <gcc at gcc dot gnu dot org>
Date: Sat, 25 Jul 2009 07:10:15 -0400
Subject: RE: As-if Infinitely Ranged Integer Model
References: <6A6ECBC0FF056D4998DC6232D489ED6A0155F9710EE7@EXCHANGE.sei.cmu.edu> <C10B9E3687C68B4D98F6ADFD3C3CDDB701562FC49E31@EXCHANGE.sei.cmu.edu> <Pine.LNX.4.64.0907241139320.7798@digraph.polyomino.org.uk>

Joseph,

Comments below.

Then you are building on the runtime-constraint mechanism and rsize_t of TR 24731-1. TR 24731-1 is considered useless in the Linux world, and not implemented in the GNU C Library, and with good reason; see <http://sourceware.org/ml/libc-alpha/2007-09/msg00069.html>. If you want general adoption in the Linux world you will need to extract those pieces from the pile of useless, duplicative and prior-art-ignoring functions that is most of TR 24731-1 and demonstrate that despite their background the runtime-constraints and rsize_t have more general utility.

[rcs] If it makes you feel any better, these were both inventions of WG14.

I believe the best defense of rsize_t is given by Randy Meyers in his paper "Limited size_t" WG14 N1080 Sept 27, 2004.

http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf

The name rsize_t did not fall out until the Fall 2004 Redmond meeting:

http://www.open-std.org/JTC1/SC22/wg14/www/docs/n1083.pdf

We have a recommendation in The CERT C Secure Coding Standard which states:

INT01-C. Use rsize_t or size_t for all integer values representing the size of an object

https://www.securecoding.cert.org/confluence/x/PwE

----------

CERT also recommends the use of runtime-constraint mechanism when calling functions defined by TR24731-1:

ERR03-C. Use runtime-constraint handlers when calling functions defined by TR24731-1

https://www.securecoding.cert.org/confluence/x/5wD3

Of course, you probably don't care about this if you don't want to implement TR24731-1. However, I think this runtime-constraint mechanism provides an important, standard mechanism for handling errors in C language programs that up until now has been lacking.

Again, if it makes you feel better, this API was invented by Bill Plauger (and adopted by the group) at an editorial group meeting for the TR. Currently available versions of Microsoft Visual Studio do not support the same interface defined by TR24731-1 for installing runtime constraint handlers. Visual Studio calls these functions "invalid parameter handlers," and they are installed by calling the _set_invalid_parameter_handler() function. The signature of the handler is also significantly different.

rCs

References:
- As-if Infinitely Ranged Integer Model
  - From: Robert Seacord
- Re: As-if Infinitely Ranged Integer Model
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]