From: Rich Felker <dalias@aerifal.cx>
To: Eric Blake <eblake@redhat.com>
Cc: musl@lists.openwall.com, Isaac Dunham <idunham@lavabit.com>,
Paul Eggert <eggert@cs.ucla.edu>,
bug-gnulib@gnu.org, Reuben Thomas <rrt@sc3d.org>
Subject: Re: Re: musl bugs found through gnulib
Date: Mon, 18 Jun 2012 22:52:32 -0400 [thread overview]
Message-ID: <20120619025232.GL163@brightrain.aerifal.cx> (raw)
In-Reply-To: <4FDFDEEC.8050304@redhat.com>
On Mon, Jun 18, 2012 at 08:07:40PM -0600, Eric Blake wrote:
> On 06/18/2012 06:11 PM, Rich Felker wrote:
> > Some updates...
> >
> > On Mon, Jun 18, 2012 at 12:49:44AM +0200, Bruno Haible wrote:
> >> There is a recipe, in <http://sourceware.org/glibc/wiki/Testing/Gnulib>,
> >> that explains how to use gnulib to check a libc against bugs. When I apply
> >> this to musl-0.9.1, I get this list of problems:
> >>
> >> Replacements of *printf, because of
> >> [...]
> >> checking whether printf survives out-of-memory conditions... no
> >
> > No idea. Copying out the test and running it directly, it passes just
> > fine for me. Maybe gnulib has already replaced printf with its own
> > malloc-using version by the time it gets to this test??
>
> No; configure-time tests are relatively independent, and all done prior
> to any replacements at compile-time. You should be able to inspect
> config.log to see the actual test that configure ran.
OK, then no idea what's causing this. I was going to try running the
test but I didn't have autotools installed on the system I wanted to
test on, so I put it off..
> >> Replacement of fdopen, because of
> >> checking whether fdopen sets errno... no
> >
> > There was one bug here (failure to set errno when mode string was
> > invalid) but I don't think that's the case gnulib was testing for. It
> > seems gnulib wants an error for the "may fail" when the fd is invalid.
>
> The 'EBADF may fail' condition is rather weak. And since glibc
> guarantees a definite failure, it is nicer to program to the glibc
> interface that guarantees immediate failure on a bad fd at fdopen() time
> than it is to deal with the surprises that result when fdopen() succeeds
> but later attempts to use the stream fail. Perhaps it might be worth
The only real-world situation I can think of where you'd care that
fdopen detect EBADF is when you've just called a function that
allocates the file descriptor and directly passed it to fdopen without
first checking the return value. For instance:
FILE *f = fdopen(open(pathname, O_RDWR|O_CLOEXEC), "rb+");
instead of:
int fd = open(pathname, O_RDWR|O_CLOEXEC);
if (fd<0) goto error;
FILE *f = fdopen(fd, "rb+");
The former is rather lazy programming, but maybe gnulib intends to
support this kind of programming.
> splitting this into two gnulib modules, one for the strict POSIX
> compliance and one for the glibc interface, but that depends on how
> likely people are to want to program to the weaker POSIX interface when
> it is just as easy to make fdopen() guarantee failure on bad fds and
> save efforts up front.
My thought in having musl skip the test is to maximize performance of
fdopen, assuming you might be using it in a situation like on a newly
accept()ed network connection where every syscall counts (think
multi-threaded httpd). For read-only fdopen, no syscalls are needed,
but if writing is possible, fdopen has to make a syscall to check
whether the fd is a tty in order to decide whether to enable line
buffering or full buffering, and in principle it could detect EBADF at
the same time for no cost.
> >> Replacement of futimens, because of
> >> checking whether futimens works... no
> >
> > gnulib always forces this test to fail if __linux__ is defined.
>
> That's because the Linux kernel got it wrong for quite some time, and
> worse, it was file-system dependent - even if it worked on one machine
> and file system, compiling in support for futimens and then running on
> another file system would experience random compliance failures due to
> the poor file system implementation.
>
> It's been a while, so maybe we can finally graduate this module into
> assuming that the Linux kernel is better behaved by default, and make
> the user specifically request the fallbacks if they are worried about
> using the binary on a file system that still has bugs. But don't take
> it personally - this is not a case of musl getting it wrong, but of the
> kernel getting it wrong.
Yes, it might be nice if the test output made it clear that it was
hard-coded to fail so nobody goes looking for nonexistant bugs..
Rich
next prev parent reply other threads:[~2012-06-19 2:52 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20120609230541.47eac2de@newbook>
[not found] ` <4FD55156.7050302@cs.ucla.edu>
[not found] ` <20120611182202.1ee4d019@newbook>
2012-06-17 22:49 ` Bruno Haible
2012-06-17 23:54 ` Rich Felker
2012-06-18 8:21 ` Szabolcs Nagy
2012-06-18 13:02 ` John Spencer
2012-06-18 14:55 ` Rich Felker
2012-06-18 15:26 ` Szabolcs Nagy
2012-06-18 16:00 ` Rich Felker
2012-06-19 13:26 ` John Spencer
2012-06-18 0:16 ` [musl] " idunham
2012-06-19 0:11 ` Rich Felker
2012-06-19 2:07 ` [musl] " Eric Blake
2012-06-19 2:52 ` Rich Felker [this message]
2012-06-19 11:03 ` musl, fdopen test Bruno Haible
2012-06-19 11:09 ` Jim Meyering
2012-06-20 20:52 ` Bruno Haible
2012-06-19 10:45 ` musl, printf out-of-memory test Bruno Haible
2012-06-19 19:16 ` Rich Felker
2012-06-19 20:04 ` Bruno Haible
2012-06-19 20:08 ` Rich Felker
2012-06-19 21:17 ` Bruno Haible
2012-06-20 1:52 ` Rich Felker
2012-06-20 7:30 ` Szabolcs Nagy
2012-06-20 9:35 ` Bruno Haible
2012-06-20 11:00 ` Jim Meyering
2012-06-21 19:58 ` Tom Tromey
2012-06-20 3:04 ` Re: musl bugs found through gnulib Rich Felker
2012-06-20 4:10 ` [musl] " Eric Blake
2012-06-20 13:27 ` Rich Felker
2012-06-20 7:32 ` Szabolcs Nagy
2012-06-22 10:39 ` grantpt test Bruno Haible
2012-07-02 22:33 ` [musl] Re: musl bugs found through gnulib Pádraig Brady
2012-06-20 19:28 ` Rich Felker
2012-06-21 2:21 ` Rich Felker
2012-06-21 8:52 ` [musl] " Paul Eggert
2012-06-18 0:05 idunham
2012-06-18 0:29 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120619025232.GL163@brightrain.aerifal.cx \
--to=dalias@aerifal.cx \
--cc=bug-gnulib@gnu.org \
--cc=eblake@redhat.com \
--cc=eggert@cs.ucla.edu \
--cc=idunham@lavabit.com \
--cc=musl@lists.openwall.com \
--cc=rrt@sc3d.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).