From: Eli Zaretskii <eliz@gnu.org>
To: Jim Meyering <jim@meyering.net>
Cc: emacs-devel@gnu.org
Subject: Re: oops? read/write vs type of length parameter
Date: Mon, 11 Apr 2011 07:52:45 -0400 [thread overview]
Message-ID: <E1Q9Ffh-0004sR-3D@fencepost.gnu.org> (raw)
In-Reply-To: <87d3ktjb9l.fsf@rho.meyering.net> (message from Jim Meyering on Mon, 11 Apr 2011 13:08:38 +0200)
> From: Jim Meyering <jim@meyering.net>
> Cc: emacs-devel@gnu.org
> Date: Mon, 11 Apr 2011 13:08:38 +0200
>
> Currently, emacs_write silently ignores an invalid buffer length,
> treating it just like a length of 0. It'd be better not to ignore
> such an error.
emacs_write simply does nothing for negative sizes. However, its
callers will not silently ignore that: emacs_write returns that same
value to the caller, and callers should (and some do) check the return
value for being non-negative. See, for example, write-region (whose
debugging led to this change in the interface).
> IMHO, an interface that takes a logically unsigned parameter
> should have an unsigned type.
That would be a major inconvenience, and even annoyance: in Emacs, it
is a very frequent idiom to pass the result of subtracting two
EMACS_INT values, because we reference buffers and strings with such
values. Having the argument as unsigned type would trigger warnings
and will need explicit type casts. And with type casts, there's the
danger of interpreting a negative value as a large positive one.
So I think on balance, having a signed type there is better. The fact
that it is slightly narrower is not a problem in this case: EMACS_INT
is already a couple of bits narrower than the size_t type, so we don't
lose anything.
> I guess I'm biased towards least-surprise for developers, so I
> think read- and write-like functions should accept a buffer length
> argument of type size_t, to be consistent with read and write.
I'm sure you agree that the situation with read and write is less than
ideal. I don't see why we should follow that in Emacs. A developer
who sees that a function named emacs_write is called instead of write
should assume that emacs_write is not a trivial wrapper, and should
look there to see the details.
> To try to protect against bugs by changing API to a signed type may
> actually cause trouble when callers end up mixing/comparing their
> newly signed (to accommodate the invented API) and unsigned lengths
> from standard functions.
As I said, the normal use cases in Emacs is that the data types used
to compute that argument are signed to begin with. And the previous
API used `int', which is also a signed type.
> Another thing to keep in mind: on some older systems, trying to read
> more than INT_MAX bytes in a single syscall will fail.
On such system, emacs_write will return either -1 or a value less than
the last arg, and the caller will notice that and produce a suitable
error message.
next prev parent reply other threads:[~2011-04-11 11:52 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-11 8:55 oops? read/write vs type of length parameter Jim Meyering
2011-04-11 9:44 ` Eli Zaretskii
2011-04-11 11:08 ` Jim Meyering
2011-04-11 11:28 ` David Kastrup
2011-04-11 11:52 ` Eli Zaretskii [this message]
2011-04-11 12:27 ` Jim Meyering
2011-04-11 12:31 ` David Kastrup
2011-04-11 21:54 ` Jim Meyering
2011-04-12 4:44 ` Eli Zaretskii
2011-04-12 13:24 ` Ted Zlatanov
2011-04-12 13:29 ` Eli Zaretskii
2011-04-12 14:47 ` Ted Zlatanov
2011-04-12 17:00 ` Large file support (was: oops? read/write vs type of length parameter) Eli Zaretskii
2011-04-14 20:57 ` oops? read/write vs type of length parameter Michael Welsh Duggan
2011-04-11 14:02 ` Eli Zaretskii
2011-04-11 11:40 ` Stephen J. Turnbull
2011-04-11 13:58 ` Eli Zaretskii
2011-04-12 1:16 ` Paul Eggert
2011-04-12 3:01 ` Eli Zaretskii
2011-04-12 5:06 ` Paul Eggert
2011-04-12 5:46 ` Eli Zaretskii
2011-04-12 8:19 ` Paul Eggert
2011-04-12 9:41 ` Eli Zaretskii
2011-04-12 15:53 ` Paul Eggert
2011-04-12 16:56 ` Eli Zaretskii
2011-04-12 23:55 ` Juanma Barranquero
2011-04-13 5:14 ` Paul Eggert
2011-04-13 6:31 ` Jim Meyering
2011-04-13 6:37 ` Eli Zaretskii
2011-04-13 8:15 ` Paul Eggert
2011-04-13 9:46 ` Eli Zaretskii
2011-04-13 16:06 ` Paul Eggert
2011-04-13 17:22 ` Eli Zaretskii
2011-04-13 19:31 ` Paul Eggert
2011-04-13 19:59 ` PJ Weisberg
2011-04-14 4:49 ` Eli Zaretskii
2011-04-13 20:02 ` Paul Eggert
2011-04-13 6:49 ` Eli Zaretskii
2011-04-13 14:35 ` Ted Zlatanov
2011-04-15 13:13 ` Ted Zlatanov
2011-04-15 16:34 ` Paul Eggert
2011-04-15 18:20 ` Ted Zlatanov
2011-04-15 1:29 ` Stefan Monnier
2011-04-15 8:55 ` Paul Eggert
2011-04-15 9:41 ` Eli Zaretskii
2011-04-15 10:24 ` Paul Eggert
2011-04-12 12:32 ` Davis Herring
2011-04-12 13:38 ` Eli Zaretskii
2011-04-12 15:43 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1Q9Ffh-0004sR-3D@fencepost.gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=jim@meyering.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).