Re: Implementation of C11 Bounds-checking interfaces

[Rich Felker <dalias at aerifal dot cx>]

On Wed, Oct 31, 2012 at 03:16:58PM +0100, Ulrich Bayer wrote:
> We wrote an implementation of the bounds-checking C functions (as
> specified in Annex K of the current C standard, a.k.a. C11) for use with
> the GNU C library. Annex K includes the _s functions, such as strcpy_s,
> strcat_s etc.
> 
> It is my understanding that you prefer having such an implementation in
> an external library which is why our implementation is a self-contained
> library. Itâs mostly a wrapper around glibc functions but in a couple of
> cases we had to directly reuse code from glibc. It is supposed to work
> with GCC and Glibc. It compiles and all test cases run successfully on
> recent linux distributions (OpenSuSE, CentOS, Debian and Ubuntu).
> 
> This library consists of
> 
> -)a thread-safe implementation of all functions specified in the ISO
> Standard (except widechar functions)
> 
> -)API documentation for all functions
> 
> -)test cases for all functions
> 
> -) overloaded C++ template functions for easier use when compiling with g++
> 
> More information about the project is available at:
> 
> http://code.google.com/p/slibc/
> 
> 
> Of course, we welcome your feedback.

I definitely like the idea of keeping it separate, but I question the
amount of code duplication. For example, tmpfile_s does not need to
reimplement tmpfile in terms of mkstemp; in fact, such an
implementation does not conform to ISO C since it references POSIX
symbols outside the ISO C namespace. A much simpler implementation
would just be:

errno_t tmpfile_s(FILE * restrict * restrict streamptr)
{
	if (!streamptr) {
		RUNTIME_CONSTRAINT_HANDLER();
		return EINVAL;
	}
	*streamptr = tmpfile();
	return *streamptr ? 0 : errno;
}

Rich