473,786 Members | 2,806 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Safe C library

We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx

jacob
Feb 4 '07 #1
72 4452
jacob navia wrote:
We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx

jacob
"My team owns the Visual C++ Libraries, which includes some of the newest code
in the developer division (such as ATL Server) as well as some of the oldest
code in the product (such as the CRT). When we looked at the code, we saw
some large differences in coding standards as common practice has improved in
the last 20 years. One thing that stood out was that some of the older code
was written at a time when every extra byte of code was precious, and thus
lacked full validation of all parameters.

The newer code is littered with assertions and checks, and we've found that
these really help debugging. Increasingly, we've focused on making sure that
the retail code is just as robust as our debug code in the face of unexpected
conditions. These checks aren't just for debugging any more—they also make
the library code safer. A key part of the Safe Libraries initiative has been
to add validation code to most of the library functions that has impact on
both debug and retail code. For example, if you pass the libraries invalid
flags, they will now assert and tell you about your bug."

Otherwise known as:

The new libraries will be slower.
Feb 4 '07 #2
jacob navia <ja***@jacob.re mcomp.frwrites:
We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx
This is one the most preposterous documents I've seen[1]. It would
make an interesting tutorial if it was as an essay from and
undergraduate, but as a serious proposal from a major software
company? Might it actually get in?

They start from the point of view that it is safer to pass the
destination size around than to subtract and use the "strn*"
functions. It may be one operation shorter (in some cases), but
safer? And so much safer that a whole new set of functions should be
added to standard C?

It references code fragments to show how much better this stuff is.
For example:

// Original
wchar_t dest[20];
wcscpy(dest, src); // compiler warning
wcscat(dest, L"..."); // compiler warning

can be improved with their shiny new _s functions. Duh! They could
show how some correct code can be made a little shorter, but it seems
disingenuous to start with such incorrect nonsense and "improve" it.

But the oddest part of all is that none of the things suggested (in
the part I read, at least) is at all hard to do in standard C.
I.e. any programmer who prefers that style will already have these
functions a library. For example, strnlen_s is a one-liner: testing
that is not passed NULL and then calling memchr. And, of course, if
you don't like that style it is perfectly possible to write safe code
without these extras.

I may have missed the real "meat" of the proposal, so I should say
that it is only the cited rationale that is daft. But if there is
meat to this, they miss a trick by not making it clear up front.

[1] It includes C++ stuff that I did not look into and, yes, it is
probably troll-bait, but it is Sunday and I don't have to walk the dog
for a bit.

--
Ben.
Feb 4 '07 #3
Ben Bacarisse wrote:
This is one the most preposterous documents I've seen[1]. It would
make an interesting tutorial if it was as an essay from and
undergraduate, but as a serious proposal from a major software
company? Might it actually get in?
Microsoft.
Feb 4 '07 #4

"jacob navia" <ja***@jacob.re mcomp.frwrote in message
We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx
I've just shelled out over 500 pounds on a nice new dual core machine with
Windows Vista. I installed my version of Visual Studio and, guess what, the
C library is the safest imaginable. The compiler won't link in any code at
all or produce an executable. Such heights of security could not be achieved
by any other company.
Feb 4 '07 #5
Ben Bacarisse escreveu:
jacob navia <ja***@jacob.re mcomp.frwrites:
>We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx

This is one the most preposterous documents I've seen[1]. It would
make an interesting tutorial if it was as an essay from and
undergraduate, but as a serious proposal from a major software
company? Might it actually get in?

They start from the point of view that it is safer to pass the
destination size around than to subtract and use the "strn*"
functions. It may be one operation shorter (in some cases), but
safer? And so much safer that a whole new set of functions should be
added to standard C?

It references code fragments to show how much better this stuff is.
For example:

// Original
wchar_t dest[20];
wcscpy(dest, src); // compiler warning
wcscat(dest, L"..."); // compiler warning

can be improved with their shiny new _s functions. Duh! They could
show how some correct code can be made a little shorter, but it seems
disingenuous to start with such incorrect nonsense and "improve" it.

But the oddest part of all is that none of the things suggested (in
the part I read, at least) is at all hard to do in standard C.
I.e. any programmer who prefers that style will already have these
functions a library. For example, strnlen_s is a one-liner: testing
that is not passed NULL and then calling memchr. And, of course, if
you don't like that style it is perfectly possible to write safe code
without these extras.

I may have missed the real "meat" of the proposal, so I should say
that it is only the cited rationale that is daft. But if there is
meat to this, they miss a trick by not making it clear up front.
The "meat" is in the Title: "Repel Attacks on Your Code with the Visual
Studio 2005 Safe C and C++ Libraries"
[1] It includes C++ stuff that I did not look into and, yes, it is
probably troll-bait, but it is Sunday and I don't have to walk the dog
for a bit.
No, it is a consequence that for a lot of hosted implementations , the
compiler industry made a choice to sell a "C/C++" compiler as a bundle
of a C compiler plus a C++ compiler.
Feb 4 '07 #6
jacob navia escreveu:
We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx
Let's add then:
http://www.research.avayalabs.com/gc...ProjectDetails
http://directory.fsf.org/libsafe.html

Feb 4 '07 #7
In article <87************ @bsb.me.uk>, Ben Bacarisse
<be********@bsb .me.ukwrites
>jacob navia <ja***@jacob.re mcomp.frwrites:
>We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx

This is one the most preposterous documents I've seen[1]. It would
make an interesting tutorial if it was as an essay from and
undergraduat e, but as a serious proposal from a major software
company? Might it actually get in?
Unfortunately yes.

I argued against it from the fist time I saw it in 2004.
BTW it covers all 2000 functions in the C library..... :-)

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ ch***@phaedsys. org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

Feb 4 '07 #8
Malcolm McLean escreveu:
"jacob navia" <ja***@jacob.re mcomp.frwrote in message
>We have discussed often the proposition from Microsoft
for a safer C library.

A rationale document is published here by one of the members of
the design team at microsoft:
http://msdn.microsoft.com/msdnmag/is...C/default.aspx
I've just shelled out over 500 pounds on a nice new dual core machine with
Windows Vista. I installed my version of Visual Studio and, guess what, the
C library is the safest imaginable. The compiler won't link in any code at
all or produce an executable. Such heights of security could not be achieved
by any other company.
Code that never gets compiled is the safest of all!?
Feb 4 '07 #9
In article <45************ **********@news .orange.fr>, jacob navia
<ja***@jacob.re mcomp.frwrites
>We have discussed often the proposition from Microsoft
for a safer C library.
It is NOT the "safer C" library.

This is for 2 reasons.
1 The library is not safer
2 the name "safer C" belongs to some one else.

BTW they are actually calling it the "Safe C Library"
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ ch***@phaedsys. org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

Feb 4 '07 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
8
1918
4suite XSLT thread safe ?
by: Ola Natvig | last post by:
Anybody out there who knows if the 4suite implementation of XSLT are a threadsafe one? -- -------------------------------------- Ola Natvig <ola.natvig@infosense.no> infoSense AS / development
Python
4
7314
Automating Source Safe
by: Peter Tragardh | last post by:
Is it possible to automate Source Safe the way Office is automated by writing your own code? What I would like to do is to create some code to enhance Source Safe, to customize it. There is an official object model for Office. Does one like it exist for Source Safe? /Peter
C# / C Sharp
3
1968
Visual Source Safe Integration
by: Sam | last post by:
Does anyone know if the .NET Framework defines a set of classes that allow you to access Visual Source Safe within your C# programs I know there is some type of COM interface (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvss/html/vssauto.asp?frame=true) that allows programmers to access Visual Source Safe from a VB or C++ app, however; I hoping to avoid accessing non-managed code from my C# apps
C# / C Sharp
6
1280
Referenced class lib output is checked into source safe.
by: Peter Strøiman | last post by:
Hi. I have a situation where I have a web project and a class library in the same solution. The web project uses the class library. Therefore, I created a "project reference" in the web project to the call library. This creates a subfolder for my web application called "bin" where the output of my class library is placed. The problem is that this bin directory is placed in source safe when I check in the project to source control. And...
ASP.NET
4
1420
GAC and Source Safe
by: Sridhar | last post by:
Hi, I have a question regarding the Global Assembly Cache (GAC) and Source Safe. We have some common dlls which we would like to put in GAC so that they can be used in different applications. We are using Source Safe as a Version Control. Let's say I have created a data access library( one of common dll) and put in the source safe. I have created one web application which needs to access this data access dll. Can I put this data access...
ASP.NET
1
10363
ASP.NET cache object thread safe?
by: Macca | last post by:
Hi I have a N-tier ASP.NET application that uses a data access tier to get data from a database and pass it to the middleware/business tier for processing/filtering and then passes the modified data to the web tier for presentaion. What I would like to do is introduce a cache to the middleware tier to cut down on the round trips to the database.
C# / C Sharp
2
4207
Web project, bin folder, and Visual Source Safe questions.
by: clintonb | last post by:
I'm using: Microsoft Visual Studio 2005 Version 8.0.50727.42 Issue 1: We have a solution with a web project and some class library projects. The web project references the class library projects via a project reference. Whenever we compile the class library projects, their dlls are added to the bin folder of the web project. Visual Studio wants to add
ASP.NET
44
7829
Is malloc() function provided in <stdlib.h> thread-safe?
by: climber.cui | last post by:
Hi all, Does anyone have experience on the thread-safty issue with malloc()? Some people said this function provided in stdlib.h is not thread- safe, but someone said it is thread safe. Is it possible this function evolves from thread-unsafe to thread-safe in recent years? How could i find out? I am using the C library coming with GNU linux distribution. thanks a lot.
C / C++
3
1525
Do compiled library dll's in ASP.NEt need to be thread safe?
by: =?Utf-8?B?anBhdHJjaWs=?= | last post by:
Don't see any official notice that compiled library dll's loaded in the BIN directory of an asp.net website need to be thread safe, but concurrent visits to the same web site sure bear this out. Does anyone know the answer to this?
ASP.NET
0
9650
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9497
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
1
7515
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6748
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5398
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5534
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4067
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3670
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2894
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us