undefined | Better HN

0 pointsrurban6y ago0 comments

1. When will we get proper strings in the stdlib?

2. When we will get the Secure Annex K extensions?

3. When we will get mandatory warnings when the compiler decides to throw away statements it thinks it doesn't need? Like memset or assignments. Compilers are getting worse and worse, and certainly not better.

ad 1) Strings are Unicode nowadays, not ASCII. Nobody uses wchar but Microsoft. Everybody else is using utf8, but there's nothing in the standard. Not even search functions with proper casing rules and normalization. Searching for strings should be pretty basic enough.

2. The usual glibc answer is just bollocks. You either do compile-time bounds checks or you don't. But when you don't, you have to do it at runtime. So it's either the compilers job, or the stdlib job. But certainly not the users.

0 comments

4 comments · 3 top-level

rseacord6y ago· 1 in thread

Going to try to answer these separately. For (1) if you mean strings that are primitive types my guess is never. When had an hour discussion on this topic at a London meeting where we were discussing new features for C11 and my take away was that this would never happen because it would require a significant change to the memory model for the language.

rurbanOP6y ago

For the u8 type sure. Nobody needs a new type.

But at least add wcsnorm and wcsfc as I implemented them in the safeclib are required. Not even coreutils, grep, awk, ... can search unicode strings.

And u8 library variants of str* and wcs* are definitely needed, maybe just with uchar* not char*.

1 more reply

rseacord6y ago

For (2) I guess it depends. Annex K is obviously already a part of the standard so it depends on the implementation. There is a push to eliminate Annex K altogether from the C Standard. If this push fails, it may be the case that more libraries will add support for this optional feature of the language. In the meanwhile, there is the Open Watcom compiler implementation [1], the Safe C Library [2], and Slibc [3].

[1] Watcom C Library Reference Version 1.8. Open Watcom. 2008. ftp://ftp.openwatcom.org/manuals/current/clib.pdf

[2] Safe C Library — A full implementation of Annex K https://github.com/rurban/safeclib/

[3] slibc https://code.google.com/archive/p/slibc/

rseacord6y ago

For (3) mandatory warnings the closest thing is probably ISO/IEC TS 17961:2013. The purpose of ISO/IEC TS 17961 is to establish a baseline set of requirements for analyzers, including static analysis tools and C language compilers, to be applied by vendors that wish to diagnose insecure code beyond the requirements of the language standard. All rules are meant to be enforceable by static analysis. The criterion for selecting these rules is that analyzers that implement these rules must be able to effectively discover secure coding errors without generating excessive false positives.

j / k navigate · click thread line to collapse

0 comments

4 comments · 3 top-level

rseacord6y ago· 1 in thread

rurbanOP6y ago

For the u8 type sure. Nobody needs a new type.

But at least add wcsnorm and wcsfc as I implemented them in the safeclib are required. Not even coreutils, grep, awk, ... can search unicode strings.

And u8 library variants of str* and wcs* are definitely needed, maybe just with uchar* not char*.

1 more reply

rseacord6y ago

[1] Watcom C Library Reference Version 1.8. Open Watcom. 2008. ftp://ftp.openwatcom.org/manuals/current/clib.pdf

[2] Safe C Library — A full implementation of Annex K https://github.com/rurban/safeclib/

[3] slibc https://code.google.com/archive/p/slibc/

rseacord6y ago

j / k navigate · click thread line to collapse