为什么要定义rsize_t? [英] Why is rsize_t defined?
问题描述
我发现strncpy_s()
在 VS2013 下定义为
errno_t __cdecl strncpy_s
(
_Out_writes_z_(_SizeInBytes) char * _Dst,
_In_ rsize_t _SizeInBytes,
_In_reads_or_z_(_MaxCount) const char * _Src,
_In_ rsize_t _MaxCount
);
rsize_t
是:
typedef size_t rsize_t;
我认为这是由 Visual Studio 完成的.但是,我在页面 >
I think it's a trick done by Visual Studio. However, I found this function defined as follows on this page
errno_t strncpy_s
(
char *restrict dest,
rsize_t destsz,
const char *restrict src,
rsize_t count
);
为什么在这里定义rsize_t
?
如果在这里使用size_t
怎么办?
What if size_t
was used here?
是否有使用此rsize_t
的特殊情况?
Any special cases to use this rsize_t
?
推荐答案
您已经在Microsoft的C ++标准库中遇到了它,但实际上,它实际上来自C.C 11,这意味着从技术上讲,它不是其中的一部分. C ++.
You've encountered it in Microsoft's C++ standard library, but it actually comes from C. C 11, to be precise, which means it's not technically a part of C++.
C 11标准的附件K 介绍了所有_s
函数和相应的typedef,包括rsize_t
.还有一个最大值"宏RSIZE_MAX
,它对于典型的应用程序来说足够大,但小于该类型的实际最大值.当类型rsize_t
的值超过RSIZE_MAX
时,安全功能不执行任何操作并报告错误.
C 11 standard, Annex K introduced all the _s
functions and the corresponding typedefs, including rsize_t
. There is also a "maximum value" macro RSIZE_MAX
which is large enough for typical applications, but smaller than the real maximum value of the type. The secure functions do nothing and report an error when a value of type rsize_t
exceeds RSIZE_MAX
.
此想法是为了避免缓冲区溢出崩溃以及由于无效大小而导致的类似错误,通常是由于使用负值来导致大小错误.在2的补数有符号值表示中(最常见的一种),当被视为无符号时,负数对应于非常大数. RSIZE_MAX
应该抓住这种不正确的用法.
The idea is to avoid crashes on buffer overruns and similar errors caused by invalid sizes, usually resulting from using a negative value for size. In 2's complement signed value representation (the most common one), a negative number corresponds to a very large number when treated as unsigned. RSIZE_MAX
should catch such incorrect use.
在K.3.2中引用C11(N1570)的理性"部分:
Quoting the "rationale" part of C11 (N1570), K.3.2:
3非常大的对象尺寸通常表示已计算出对象的尺寸 错误地.例如,负数在出现以下情况时会显示为非常大的正数 转换为无符号类型,例如
size_t
.另外,某些实现不支持 与size_t
类型可以表示的最大值一样大的对象.
3 Extremely large object sizes are frequently a sign that an object’s size was calculated incorrectly. For example, negative numbers appear as very large positive numbers when converted to an unsigned type like
size_t
. Also, some implementations do not support objects as large as the maximum value that can be represented by typesize_t
.
4由于这些原因,有时限制要检测的对象大小范围是有益的
编程错误.对于以具有大地址空间的机器为目标的实现,
建议将RSIZE_MAX
定义为最大尺寸的较小者
支持的对象或(SIZE_MAX >> 1)
,即使此限制小于的大小
一些合法但非常大的物体.以小型机器为目标的实施
地址空间可能希望将RSIZE_MAX
定义为SIZE_MAX
,这意味着不存在被认为是运行时约束冲突的对象大小.
4 For those reasons, it is sometimes beneficial to restrict the range of object sizes to detect
programming errors. For implementations targeting machines with large address spaces,
it is recommended that RSIZE_MAX
be defined as the smaller of the size of the largest
object supported or (SIZE_MAX >> 1)
, even if this limit is smaller than the size of
some legitimate, but very large, objects. Implementations targeting machines with small
address spaces may wish to define RSIZE_MAX
as SIZE_MAX
, which means that there is no object size that is considered a runtime-constraint violation.
It is worth noting that Annex K has very few implementations and there is a proposal (N1967) to deprecate and/or remove it from the standard.
这篇关于为什么要定义rsize_t?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!