Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130422230628.GT20323@brightrain.aerifal.cx>
Date: Mon, 22 Apr 2013 19:06:28 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: Best place to discuss other lightweight libraries?

On Tue, Apr 23, 2013 at 12:42:01AM +0200, Luca Barbato wrote:
> On 04/22/2013 11:52 PM, Rich Felker wrote:
> >> For this there aren't solution that won't cause different problems I'm
> >> afraid.
> > 
> > Sure there are. I get the impression you can tell I was talking about
> > libav/ffmpeg's log interface. :-) The obvious solution is to bind log
> > contexts to the object you're acting on. See this nice talk:
> > 
> > http://misko.hevery.com/2008/11/21/clean-code-talks-global-state-and-singletons/
> > 
> > If I remember right, part of the problem way back was that there were
> > deep function calls that had no context available to them, and that
> > didn't _need_ a context for anything but logging warnings or whatnot.
> 
> In the specific case yes. I tried to foster proper return error
> propagation, so you get something more meaningful than EINVAL/-1 and
> that is usually enough in those specific cases.
> 
> The general problem is that the library user wants to be the only one
> having a say on what goes where so single point overrides are useful.

The problem with your comment here is the phrase "library user". Who
is the library user? You may be thinking from a standpoint (in our
example) of MPlayer, but what if instead the application you were
looking at were a file manager that itself had no awareness of video
files, and only ended up processing them as part of a library pulled
in from a plugin for file previews? Obviously there is no way the app
can be aware of where the log messages should go since it's not aware
the library even exists. The user is the library that depends on the
library doing the logging, not the app, and it's very possible that
there is more than once such library. In which case, you have madness.

> When you start using those libraries in situations in which you'd like
> to have per-$situation logging then you start to scream.

Keep in mind it might not even be "per-situation logging". It might be
something like one plugin needing to send the message back up to the
application as a popup message to display, and another plugin just
wanting to render the message text as a file preview in place of an
image...

> > Yes, basically. Dependency on glib means your library will impose
> > bloat and it will preclude robustness.
> 
> Yet glib gives you oh-so-many-features (I fell for it once), sadly there
> aren't many utility libs that provide sort of useful data structures,

If you want the data structures, I think that means you should be
using C++, not C.

> eventloops,

If your program is event-loop-performance-critical (think httpd), you
probably need a custom one for your application.

If it's not, you could probably write a much simpler program using
threads. It might even perform better too.

> threadpools

Similar situation. Threadpools are an optimization that shouldn't be
applied prematurely, and if you do need them, you probably want a
custom solution.

> and portable string mangling (e.g. strl*
> functions) in a single widespread package.

strl* considered harmful, for 3 reasons:

1. Concatenation is a bad idiom. See
http://en.wikipedia.org/wiki/Schlemiel_the_Painter's_algorithm

2. It duplicates standard functionality in snprintf. Yes it's quicker
for some cases (pure copying), but in that case you probably should
just be using the original string in-place. On the other hand,
building the whole output in one step with snprintf makes it obvious
that your code is correct and avoids issue #1 above.

3. While returning the length that "would be needed" is useful if you
want to allocate and retry, it's harmful if your goal is to protect
against malicious inputs. For instance,

    strlcpy(buf, some_500_gb_string, 10)

has to process the whole input string even though it's going to throw
away most of it. BTW this issue applies to snprintf too, but at least
it has something useful to be computing. With strl*, the return value
is always something that would be trivial to obtain yourself if you
needed it.

I'm aware some people like strl* and we have them in musl because it's
better to provide them than to deal with people rolling their own and
doing it in wrong and insecure ways. But I still would recommend
against using them in new code.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.