From owner-svn-src-all@freebsd.org Mon Sep 2 03:37:00 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 52FE9CF6C0; Mon, 2 Sep 2019 03:37:00 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 46MG3b6KZHz4BWw; Mon, 2 Sep 2019 03:36:59 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id 4d9CirVEJSrVc4d9Di8Fgv; Sun, 01 Sep 2019 21:36:57 -0600 X-Authority-Analysis: v=2.3 cv=L5ZjvNb8 c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=8nJEP1OIZ-IA:10 a=J70Eh1EUuV4A:10 a=YxBL1-UpAAAA:8 a=yMhMjlubAAAA:8 a=b4LDLZbEAAAA:8 a=2QSLavsyAAAA:8 a=Emiy2d7DAAAA:8 a=6I5d2MoRAAAA:8 a=J4G2wu7WuvlaZFd2yzQA:9 a=zBj13n3wTMEUmnW8:21 a=6qRUqZAYaaJLL5BX:21 a=wPNLvfGTeEIA:10 a=vo8O1AnaVrUA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=20T61YgZp4ItGotXEy2O:22 a=9H_80fVQ3bbXSWzY4Kdq:22 a=CSRsq1W5fP6ztJawIKk6:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id AE64B909; Sun, 1 Sep 2019 20:36:53 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x823argI054347; Sun, 1 Sep 2019 20:36:53 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x823ar42054344; Sun, 1 Sep 2019 20:36:53 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201909020336.x823ar42054344@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: cem@freebsd.org cc: Cy Schubert , src-committers , svn-src-all , svn-src-head Subject: Re: svn commit: r351659 - in head: contrib/libc++/include contrib/netbsd-tests/lib/libc/ssp gnu/lib/libssp include lib/libc/stdio In-reply-to: References: <201909011612.x81GC5DW097846@repo.freebsd.org> <201909011932.x81JWYts004074@slippy.cwsent.com> <201909012223.x81MN7jK005967@slippy.cwsent.com> Comments: In-reply-to Conrad Meyer message dated "Sun, 01 Sep 2019 17:37:46 -0700." Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Date: Sun, 01 Sep 2019 20:36:53 -0700 X-CMAE-Envelope: MS4wfETTE7OED3fVH8s5LJiNnTkjQLvjfd/+uRm+S0uRNLEV8C87VjiZTQhZP8eJ5K1S/F7SVcycC2RJrU5u6q1tvZIzt1mRXrTeSq7R/USbUkyiGHhCy6Tt csknD2p2SFoPk4ZcpjhL208bUxReC5p1CAdhNQdhhi5gU1btVt5swYZZlvG9F2men5haBpXnholJyaSRTtAJ2NOOwzNLRx5s2WqYgF/oZpfKSA+Hjvo3Goq8 8BMqklRrbNeY0P0RC29HDxD9ZKUtZ7YoVA4+QWxSPRoK/MR/Vd0oJEesgemkmN+m X-Rspamd-Queue-Id: 46MG3b6KZHz4BWw X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.95 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.95)[-0.949,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Sep 2019 03:37:00 -0000 In message , Conrad Meyer writes: > Hi Cy, > > On Sun, Sep 1, 2019 at 3:23 PM Cy Schubert wrote: > > > > In message c > > om> > > , Conrad Meyer writes: > > > > > Short version: no, we shouldn't [recommend the use of gets_s]. :-) > > > > > > Longer version: Annex K functions like gets_s have zero real adoption > > > (Microsoft's APIs that inspired Annex K are not actually compatible > > > with the version in the standards); broadly terrible APIs; and in this > > > particular case and others, unnecessarily duplicate the functionality > > > of existing long-standing standard C functions (e.g., fgets(3)). > > > > That's not quite true. From the man page: > > > > The gets_s() function is equivalent to fgets() with a stream of stdin, > > except that the newline character (if any) is not stored in the string > . > > I tried to make a distinction earlier that I don't think carried well > over email. I wrote "unnecessarily duplicate(s) the _functionality_ > of existing …" — not "is/are an exact duplicate(s) of …" — because > you're right, gets_s() has (trivial) behavioral differences from > fgets(stdin). > > The thing that is important to me is that fgets(3) is portable, super > well understood, and provides a superset of the functionality of > gets_s(). One can easily construct the newline-free version of a line > from one containing a trailing newline. I don't think this slight > behavioral difference justifies implementing, using, or especially > recommending gets_s(). If Microsoft chooses to ignore or anotherfunctions is their problem. However in this case, according to the following they do support gets_s(). https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/gets-s-getw s-s?view=vs-2019 Having said all that, glibc is the odd man out here. In that case I'll pull back my horns. It's sufficient not to not say anything or to highlight both. BTW. we've had gets_s(3) in our tree for 17 months now. We don't need to add anything. It's already there. It is an application developer choice to use one function or another. As someone who also works on the ports side, the newline is significant distinction. As gets_s() is closer in function to gets() than fgets() is, all one needs to concern oneself with is buffer length. As there are no _other_ differences nothing else needs to be addressed. This is important to ports maintainers and who must replace gets() with something else. Agreed this shouldn't be an issue every time but gets_s() is still in our toolbox. > > (IMO, it was probably a historical mistake that gets(3) even had > different behavior than fgets(3) to begin with. gets(3) maybe > predated stdio FILE streams?) I totally agree. > > > Some apps may be sensitive to this subtle difference. gets_s() preserves > > this behaviour. > > Correct conversion of gets()-using programs requires more analysis > than blind replacement with either function. That's where gets_s() is handy. It requires less analysis. Remember, my main concern here are our ports maintainers. Upstream developers should always do analysis. It's not the job of the ports team to perform significant rewrites of upstream software. IMO, if upsteam software needs significant rewrite a port maintainer should notify the upstream maintainer. If the upstream cannot or will not, requiring a maintainer of a port to make significant changes, DEPRECATED= and EXPIRATION_DATE= are the best answer. We are not here to rewrite other people's software for them. > > Anyway, gets() use is largely behind us so the point is mostly moot — > there are few such programs to convert, and they should be viewed with > an extremely high level of skepticism given they are still using > gets(3) in 2019. I'm not arguing for keeping gets(3). We already have gets_s(3). Let's use it where it makes sense. Nor am I saying to use it in exclusion of fgets(3). It (gets_s()) is in our libc. If it eases the job of maintaining a port, use it instead. > > > [Annex K functions] are part of the > > standard > > They're an optional part of the standard. Everyone takes the option > of "not." Literally no one implements Annex K. It's a bad set of > APIs. Microsoft and we have chosen to implement some Annex K functions. We haven't implemented all of them. I don't know if they implemented all _s functions. Linux glibc has not. I don't agree that it's a completely bad set of APIs. gets_s() will help ports maintainers. AFAIK, no ports rely on gets() but that's not to say some new port might not. Don't forget, my motivation for implementing gets_s(3) in libc was to ease the pain of deprecating gets() for ports. > > > and though we support some _s functions it would behoove us to one > > day (*) support them all. > > If and when the C standard committee adopts Annex K as a required part > of the standard, then I agree we should make every attempt to support > the full standard library. But in general, I am opposed to the > further adoption of Annex K, and hope the C2x standard committee > finally drops the annex.[1] (It is weakly defended[2], just to > provide a counterargument.) Again I disagree. > > [1]: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1967.htm (pro-removal) This explains glibc's not implementing the _s functions. His focus is almost entirely on string copy and memory copy functions. Implementation of string and memory copy functions would be more complex than the gets_s() I added to FreeBSD. In terms of error detection (for calls to constraint handlers), gets_s() is simple compared to strcpy_s(). I can understand his issues. It would appear a similar lack of consideration of implementation details went into defining the _s string functions as the lack of consistency considerations went into the development of gets() and fgets(). https://en.cppreference.com/w/c/string/byte/strcpy, where clobbring the rest of the destination is IMO "not optimal." Throwing out the baby (functions which were properly defined) with the bath water (functions which make one wonder what they were smoking) isn't the right answer either. > [2]: https://www.nccgroup.trust/us/our-research/bounds-checking-interfaces-fi > eld-experience-and-future-directions/ > (pro-retention) I don't have time to read completely through all of this tonight. The assertion that there are unfounded criticisms as well as actual flaws. The flaws are such that replacing some functions with _s will require some care. Fortunately with gets_s() this is not a concern, except of course having to specify a buffer length. A constraint handler is not required. IMO constraint handlers add unnecessary complexity, good thing they are optional. > > > I'm also sure some ports will probably break. > > Check the exp-run PR: 222796 (comment #7). 13 ports. Out of 37601, > according to FreshPorts. Of those 13, eight don't have a maintainer. Already did. Should someone choose to fix them we the tools are there. I doubt you will convince me nor I convince you. I'm not sure if you or anyone else has a copy of the standard. (I suspect you already have these but maybe someone else might find them useful.) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3631.pdf > > Best, > Conrad > -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.