Groups | Search | Server Info | Login | Register
Groups > muc.lists.netbsd.tech.misc > #112
| From | Paul Eggert <eggert@cs.ucla.edu> |
|---|---|
| Newsgroups | muc.lists.netbsd.tech.misc |
| Subject | Re: alx-0008 - Standardize strtoi(3) and strtou(3) from NetBSD |
| Date | 2025-03-20 00:03 -0700 |
| Organization | UCLA Computer Science Department |
| Message-ID | <cfe7ca35-07b8-428a-b819-0ff4b0233c6a@cs.ucla.edu> (permalink) |
| References | <hgqg7m4leyaam3rmeidg7zl26vvnpe4braqgcbj27ggbtuif7s@q67pd2w3yw6b> <> |
On 2025-03-19 18:15, Alejandro Colomar wrote:
> I think that you'd
> benefit from range checks, actually. (See my response to his email.)
> <https://lore.kernel.org/liba2i/6oyljvsenypqnrmgjbcwskqpdsag677h2dzay6hvfoosju4224@3j7iczm4d7nw/T/#m38066e6eec63a8906e3cbfea275c9d7940d8df98>
That's a long email and I'm not sure I'm looking at the right place in
it, but if I understand correctly it says that Gnulib code like this:
port = strtoul (servname, &c, 10);
if (port > 0xffff)
return EAI_NONAME;
would be clearer if worded this way:
port = strtou (servname, &c, 10, 0, 0xffff, &err);
if (err == ERANGE)
return EAI_NONAME;
If so, I disagree. The strtou API is more complicated, and the reader is
likely to forget what each of its arguments means, e.g., that the 0 is a
minimum and the 0xffff is a maximum. The strtoul API is simpler and it's
more obvious what is intended.
> Do you mean that the implementation of strspn(3) was temporarily broken?
> Or that the specification is bad?
No, strspn itself is fine. It's that call to strspn that is broken. The
call assumes that only ' ', '\t', and '\n' satisfy c_isspace, which is
incorrect. This is an area where c_isspace is simpler and easier to
follow than strspn.
>> For this particular resource, a limit of ULONG_MAX has the same practical
>> effect as a limit of ULONG_MAX + 1. Since the user can't tell the difference
>> in behavior, it's fine to implement the larger limit as the smaller one,
>> with no diagnostic.
>
> According to Bruno, that limit is later clamped at a much lower value,
> so I think that clamping could be moved up to the strtou(3) call.
Yes, it could be moved into strtou, but there's a cost in simplicity and
easy of understanding.
> How do you get a uintmax_t?
With a different function a2u that comes with a different struct (just
like strtoi/strtou).
> Also, how do I perform range checks in that call? I need to specify
> min and max limits.
The caller should do the range checks, as this makes C code easier to
follow, both by the human programmer and the compiler, which can more
easily use the range information to generate better code.
For cases like these having a function do the range checks is often a
mistake - it doesn't significantly increase reliability (on the
contrary, it can reduce it). But if you prefer a function with range
checks, it's easy to add bounds arguments.
> How do you know how much has been parsed on error?
Good point. I guess we'll need three elements to the structure, then.
At this point we're bikeshedding but you can have the last word if you like.
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
Back to muc.lists.netbsd.tech.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Re: alx-0008 - Standardize strtoi(3) and strtou(3) from NetBSD Alejandro Colomar <alx@kernel.org> - 2025-03-20 02:15 +0100
Re: alx-0008 - Standardize strtoi(3) and strtou(3) from NetBSD Paul Eggert <eggert@cs.ucla.edu> - 2025-03-20 00:03 -0700
Re: alx-0008 - Standardize strtoi(3) and strtou(3) from NetBSD Alejandro Colomar <alx@kernel.org> - 2025-03-20 11:32 +0100
csiph-web