J
jacob navia
Recently, Microsoft proposed to the C standards comitee a rewrite of
many functions in the standard library to make them safer in usage than
the current ones.
The new functions are specified in the TR 24731.
lcc-win32 has released a first implementation of this TR with most
functions implemented (the wide character versions of those functions
aren't in this first release)
Implementation:
---------------
Most of thie functions use the old functions of the standard library
with a thin layer that implements the checks specified by TR 24731.
For instance the asctime_s function looks like this:
errno_t ASCTIME_S( CHAR_TYPE *s, rsize_t maxsize,
const struct tm *timeptr )
{
errno_t rc = -1;
char *p;
// Verify runtime-constraints
// s not NULL
// timeptr not NULL
// 26 <= maxsize <= RSIZE_MAX
// 0 <= timeptr.year <= 9999
if ( require( s != NULL ) &&
require( timeptr != NULL ) &&
require( maxsize <= RSIZE_MAX) &&
require( maxsize > 0) &&
require( maxsize >= 26) &&
require( 0 < timeptr->tm_year ) &&
require( 9999 > timeptr->tm_year ) ) {
// Parameters validated, now call 'normal' asctime
p = ASCTIME( timeptr);
strcpy_s(s,maxsize,p);
rc = 0;
}
else {
// Runtime-constraint violated, store zero in receiving field if
possible
if( (s != NULL) && (maxsize > 0) && maxsize <= RSIZE_MAX ) {
*s = 0;
}
}
return( rc );
}
The 'require' is a macro that will expand into a test for the condition,
and a call to the ConstraintFailed function if the evaluation of its
arguments is zero.
#define require(constraint) \
((constraint) ? 1 : ConstraintFailed(__func__,#constraint,NULL) )
The ConstraintFailed function will eventually call the user defined
function for handling constraints failures. If the user did not supply
any function for this purpose, the program aborts.
Many of the functions proposed in the TR are a big improvement from
their traditioanl counterparts, specially in this instance, the function
asctime()...
We discussed this here (and in comp.std.c) but nobody gave any
attention to what I said because I am not Microsoft obviously.
Now that Microsoft says it, people listen more to this, what is (in a
sense) a progress.
It could be said that this library just doesn't go far enough in the
elimination of undefined behavior in the standard, but it is surely a
start. This means also that Microsoft, contrary to what many people say,
has not abandoned the C language entirely, and it cares enough about
standards to propose this improvements to the C library.
It would be interesting if people here would try this implementation
for bugs/problems that could arise.
jacob
many functions in the standard library to make them safer in usage than
the current ones.
The new functions are specified in the TR 24731.
lcc-win32 has released a first implementation of this TR with most
functions implemented (the wide character versions of those functions
aren't in this first release)
Implementation:
---------------
Most of thie functions use the old functions of the standard library
with a thin layer that implements the checks specified by TR 24731.
For instance the asctime_s function looks like this:
errno_t ASCTIME_S( CHAR_TYPE *s, rsize_t maxsize,
const struct tm *timeptr )
{
errno_t rc = -1;
char *p;
// Verify runtime-constraints
// s not NULL
// timeptr not NULL
// 26 <= maxsize <= RSIZE_MAX
// 0 <= timeptr.year <= 9999
if ( require( s != NULL ) &&
require( timeptr != NULL ) &&
require( maxsize <= RSIZE_MAX) &&
require( maxsize > 0) &&
require( maxsize >= 26) &&
require( 0 < timeptr->tm_year ) &&
require( 9999 > timeptr->tm_year ) ) {
// Parameters validated, now call 'normal' asctime
p = ASCTIME( timeptr);
strcpy_s(s,maxsize,p);
rc = 0;
}
else {
// Runtime-constraint violated, store zero in receiving field if
possible
if( (s != NULL) && (maxsize > 0) && maxsize <= RSIZE_MAX ) {
*s = 0;
}
}
return( rc );
}
The 'require' is a macro that will expand into a test for the condition,
and a call to the ConstraintFailed function if the evaluation of its
arguments is zero.
#define require(constraint) \
((constraint) ? 1 : ConstraintFailed(__func__,#constraint,NULL) )
The ConstraintFailed function will eventually call the user defined
function for handling constraints failures. If the user did not supply
any function for this purpose, the program aborts.
Many of the functions proposed in the TR are a big improvement from
their traditioanl counterparts, specially in this instance, the function
asctime()...
We discussed this here (and in comp.std.c) but nobody gave any
attention to what I said because I am not Microsoft obviously.
Now that Microsoft says it, people listen more to this, what is (in a
sense) a progress.
It could be said that this library just doesn't go far enough in the
elimination of undefined behavior in the standard, but it is surely a
start. This means also that Microsoft, contrary to what many people say,
has not abandoned the C language entirely, and it cares enough about
standards to propose this improvements to the C library.
It would be interesting if people here would try this implementation
for bugs/problems that could arise.
jacob