你使用TR 24731的“安全”功能吗? [英] Do you use the TR 24731 'safe' functions?
问题描述
ISO C委员会( ISO / IEC JTC1 / SC21 / WG14 )已发布 TR 24731-1 并正在处理 TR 24731-2 :
The ISO C committee (ISO/IEC JTC1/SC21/WG14) has published TR 24731-1 and is working on TR 24731-2:
TR 24731-1:C库的扩展第一部分:边界检查接口
WG14正在开发一个更安全的C库函数的TR。这个TR面向修改现有程序,通常通过添加具有缓冲区长度的额外参数。最新草案见文件N1225。理由是在文件N1173。这将成为技术报告类型2.
TR 24731-1: Extensions to the C Library Part I: Bounds-checking interfaces
WG14 is working on a TR on safer C library functions. This TR is oriented towards modifying existing programs, often by adding an extra parameter with the buffer length. The latest draft is in document N1225. A rationale is in document N1173. This is to become a Technical Report type 2.
WG14正在开发一个更安全的C库函数的TR。这个TR面向使用动态分配的新程序,而不是缓冲区长度的额外参数。最新草案见文件N1337。这将成为技术报告类型2.
WG14 is working on a TR on safer C library functions. This TR is oriented towards new programs using dynamic allocation instead of an extra parameter for the buffer length. The latest draft is in document N1337. This is to become a Technical Report type 2.
问题
- 您是否使用支持TR24731-1功能的库或编译器?
- 如果是这样,那么哪个编译器或库以及哪个平台? li>
- 您是否发现修改代码以使用这些功能所造成的任何错误?
- 哪些功能最具价值? $ b
- 您是否打算在未来使用该图书馆?
- 是否有提供没有价值或负值?你跟踪TR24731-2的工作吗?
- Do you use a library or compiler with support for the TR24731-1 functions?
- If so, which compiler or library and on which platform(s)?
- Did you uncover any bugs as a result of fixing your code to use these functions?
- Which functions provide the most value?
- Are there any that provide no value or negative value?
- Are you planning to use the library in the future?
- Are you tracking the TR24731-2 work at all?
Questions
推荐答案
这些TR从它们的开始(当它是一个单一的TR),永远不会使用它们在我的任何软件。他们掩盖症状而不是解决原因,我的意见是,如果任何他们将对软件设计产生负面影响,因为他们提供了一种虚假的安全感,而不是促进现有的做法,可以更有效地实现相同的目标。我不是孤独的,事实上我不知道在开发这些TRs的委员会之外的一个主要支持者。
I have been a vocal critic of these TRs since their inception (when it was a single TR) and would never use them in any of my software. They mask symptoms instead of addressing causes and it is my opinion that if anything they will have a negative impact on software design as they provide a false sense of security instead of promoting existing practices that can accomplish the same goals much more effectively. I am not alone, in fact I am not aware of a single major proponent outside of the committee developing these TRs.
我使用glibc,因为我知道我会不必处理这个废话,如Ulibre Drepper,glibc的主要维护者,关于主题:
I use glibc and as such know that I will be spared having to deal with this nonsense, as Ulrich Drepper, lead maintainer for glibc, said about the topic:
建议的安全(r)ISO C库
失败以便完全解决问题。
...建议让一个
程序员的生命更难以实现
的帮助。但这正是什么是
提出的。 ...他们都需要更多的
工作,或只是纯粹的
愚蠢。
The proposed safe(r) ISO C library fails to address to issue completely. ... Proposing to make the life of a programmer even harder is not going to help. But this is exactly what is proposed. ... They all require more work to be done or are just plain silly.
奥斯汀集团(负责维护POSIX)提供了一个非常关键的审核TR,其意见和委员会提供的答复这里。
The Austin Group (responsible for maintaining POSIX) provided a very critical review of the TR, their comments and the committee responses available here. The Austin Group review does a very good job detailing many of the problems with the TR so I won't go into individual details here.
因此,底线是:我在这里做了一个很好的工作,详细说明了TR的许多问题,不要使用支持或将支持这一点的实现,我不打算使用这些功能,我没有看到TR的正值。我个人认为,TR以任何形式仍然活着的唯一原因是因为它是由微软推动的,最近证明非常有能力通过标准委员会,尽管广泛的反对通过抨击。如果这些功能标准化了,我不认为它们会被广泛使用,因为这个提案已经存在几年了,并没有获得任何真正的社区支持。
So the bottom line is: I don't use an implementation that supports or will support this, I don't plan on ever using these functions, and I see no positive value in the TR. I personally believe that the only reason the TR is still alive in any form is because it is being pushed hard by Microsoft who has recently proved very capable of getting things rammed though standards committees despite wide-spread opposition. If these functions are ever standardized I don't think they will ever become widely used as the proposal has been around for a few years now and has failed to garner any real community support.
这篇关于你使用TR 24731的“安全”功能吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
