Jeevan Mathew(deleted)
|
vsnprintf / vsprintf .. doc question
|
Jeevan Mathew(deleted)
04/17/2008 4:26 AM
post6949
|
vsnprintf / vsprintf .. doc question
Hi,
According to the docs (QNX6.3.X), functions vsnprintf() and vsprintf()
may used in signal handlers but with the following caveat:
It's safe to call ... in a signal handler if the data isn't
floating point.
For functions snprintf() and sprintf() there is NO such restriction.
This seems rather strange to me.
Is the documentation really correct? And if it is, why this
restriction?
Thanks a lot.
Jeevan
|
|
|
Stephane Boucher
|
Re: vsnprintf / vsprintf .. doc question
|
Stephane Boucher
04/17/2008 10:43 AM
post6981
|
Re: vsnprintf / vsprintf .. doc question
On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> For functions snprintf() and sprintf() there is NO such restriction.
> This seems rather strange to me.
I think the restrictions should be the same, since internally, both the
vsprintf and sprintf internally call _Printf.
See for yourself in the source repository for files:
lib/c/stdio/sprintf.c
lib/c/stdio/vsprintf.c
> Is the documentation really correct? And if it is, why this
> restriction?
Well, as far as posix goes, you shouldn't use either in a signal
handler, look at the async-signal-safe functions at:
http://www.opengroup.org/onlinepubs/000095399/
|
|
|
Sean Boudreau(deleted)
|
Re: vsnprintf / vsprintf .. doc question
|
Sean Boudreau(deleted)
04/17/2008 10:54 AM
post6984
|
Re: vsnprintf / vsprintf .. doc question
On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
>
> > For functions snprintf() and sprintf() there is NO such restriction.
> > This seems rather strange to me.
>
> I think the restrictions should be the same, since internally, both the
> vsprintf and sprintf internally call _Printf.
But which is correct? I can see printf() and friends
that take a FILE * not being safe as they have to lock
the FILE, but the 's' variants that operate on a buffer
'may' be safe (haven't rigorously verified it).
>
> See for yourself in the source repository for files:
>
> lib/c/stdio/sprintf.c
> lib/c/stdio/vsprintf.c
>
> > Is the documentation really correct? And if it is, why this
> > restriction?
>
> Well, as far as posix goes, you shouldn't use either in a signal
> handler, look at the async-signal-safe functions at:
>
> http://www.opengroup.org/onlinepubs/000095399/
>
>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post6981
|
|
|
Thomas Haupt
|
AW: vsnprintf / vsprintf .. doc question
|
Thomas Haupt
04/17/2008 11:05 AM
post6986
|
AW: vsnprintf / vsprintf .. doc question
Maybe the difference is in one kind taking a va_list
as an argument, and the other creating that argument
list itself. IIRC, there are platforms that deal with
the va_list in rather strange ways (believe you could
end up actually copying the arguments - theoretically).
That /might/ make a difference if you're in a signal
handler and your floating point context isn't saved.
Just my 1/2 cent worth of wild guessing....
- Thomas
> -----Ursprüngliche Nachricht-----
> Von: Sean Boudreau
> Gesendet: 17 April 2008 16:55
> An: ostech-core_os
> Betreff: Re: vsnprintf / vsprintf .. doc question
>
>
> On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> > On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> >
> > > For functions snprintf() and sprintf() there is NO such
> restriction.
> > > This seems rather strange to me.
> >
> > I think the restrictions should be the same, since
> internally, both the
> > vsprintf and sprintf internally call _Printf.
>
> But which is correct? I can see printf() and friends
> that take a FILE * not being safe as they have to lock
> the FILE, but the 's' variants that operate on a buffer
> 'may' be safe (haven't rigorously verified it).
>
> >
> > See for yourself in the source repository for files:
> >
> > lib/c/stdio/sprintf.c
> > lib/c/stdio/vsprintf.c
> >
> > > Is the documentation really correct? And if it is, why this
> > > restriction?
> >
> > Well, as far as posix goes, you shouldn't use either in a signal
> > handler, look at the async-signal-safe functions at:
> >
> > http://www.opengroup.org/onlinepubs/000095399/
> >
> >
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post6981
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post6984
>
|
|
|
Stephane Boucher
|
Re: vsnprintf / vsprintf .. doc question
|
Stephane Boucher
04/17/2008 11:14 AM
post6990
|
Re: vsnprintf / vsprintf .. doc question
On Thu, 2008-04-17 at 10:54 -0400, Sean Boudreau wrote:
> On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> > On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> >
> > > For functions snprintf() and sprintf() there is NO such
> restriction.
> > > This seems rather strange to me.
> >
> > I think the restrictions should be the same, since internally, both
> the
> > vsprintf and sprintf internally call _Printf.
>
> But which is correct? I can see printf() and friends
> that take a FILE * not being safe as they have to lock
> the FILE, but the 's' variants that operate on a buffer
> 'may' be safe (haven't rigorously verified it).
The 's' ones may be safe, and probably are. However, the only way to
know what the real answer is is to read the code. FILE is the obvious
gotcha, but less obvious gotchas could have to do with temporary
buffers. Nothing in posix says that sprintf needs to be re-entrant, so
in practice, one could decide to use a thread-local storage from within
printf (though, I don't believe this is the case with our libc)
Out of the top of my head, I recall seeing code that was doing floating
point divisions. This could therefore theoretically cause a SIGFPE.
This may be the reason for the mentioned restriction, but if so, it
would apply to all of the *printf, since the conversion code is common
to all. But, don't quote me on that, and the code in HEAD has changed
since last time I looked at it.
Alternatively, if you can ask the doc people to look at the history of
the doc, they might dig up a related PR which would explain this.
|
|
|
Colin Burgess(deleted)
|
Re: vsnprintf / vsprintf .. doc question
|
Colin Burgess(deleted)
04/28/2008 3:28 PM
post7422
|
Re: vsnprintf / vsprintf .. doc question
None of the *printf variants can be safe, since they may call malloc(),
which has
a BGL within.
Sean Boudreau wrote:
> On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> > On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> >
> > > For functions snprintf() and sprintf() there is NO such restriction.
> > > This seems rather strange to me.
> >
> > I think the restrictions should be the same, since internally, both the
> > vsprintf and sprintf internally call _Printf.
>
> But which is correct? I can see printf() and friends
> that take a FILE * not being safe as they have to lock
> the FILE, but the 's' variants that operate on a buffer
> 'may' be safe (haven't rigorously verified it).
>
> >
> > See for yourself in the source repository for files:
> >
> > lib/c/stdio/sprintf.c
> > lib/c/stdio/vsprintf.c
> >
> > > Is the documentation really correct? And if it is, why this
> > > restriction?
> >
> > Well, as far as posix goes, you shouldn't use either in a signal
> > handler, look at the async-signal-safe functions at:
> >
> > http://www.opengroup.org/onlinepubs/000095399/
> >
> >
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post6981
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post6984
>
--
cburgess@qnx.com
|
|
|
Stephane Boucher
|
Re: vsnprintf / vsprintf .. doc question
|
Stephane Boucher
04/28/2008 3:48 PM
post7425
|
Re: vsnprintf / vsprintf .. doc question
On Mon, 2008-04-28 at 15:28 -0400, Colin Burgess wrote:
> None of the *printf variants can be safe, since they may call
> malloc(),
> which has
> a BGL within.
Well, our documentation says that sprintf is safe from within a signal
handler. For the s*printf ones, it shouldn't be needed to malloc()
anything, but if our implementation does use malloc() for the s*printf
ones, then we need to fix the documentation.
|
|
|
Thomas Fletcher
|
Re: vsnprintf / vsprintf .. doc question
|
Thomas Fletcher
04/28/2008 6:37 PM
post7430
|
Re: vsnprintf / vsprintf .. doc question
On Mon, Apr 28, 2008 at 3:28 PM, Colin Burgess <cburgess@qnx.com> wrote:
> None of the *printf variants can be safe, since they may call malloc(),
> which has
> a BGL within.
I don't buy that. I think that the buffered variants could be safe for use
(and making
them such would be quite handy) and taking a quick trace through the code
they
are safe (no mallocs, no locks) assuming that the vararg usage was also
acceptable.
For what it is worth, and it is no lasting guarantee, I'm using snprintf in
interrupt
handler code on multiple platforms right now with integer and string data
and life
hasn't turned nasty on me. If it does however, I know the first place I'll
comment
out =;-)
Thomas
>
>
> Sean Boudreau wrote:
> > On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> > > On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> > >
> > > > For functions snprintf() and sprintf() there is NO such
> restriction.
> > > > This seems rather strange to me.
> > >
> > > I think the restrictions should be the same, since internally, both
> the
> > > vsprintf and sprintf internally call _Printf.
> >
> > But which is correct? I can see printf() and friends
> > that take a FILE * not being safe as they have to lock
> > the FILE, but the 's' variants that operate on a buffer
> > 'may' be safe (haven't rigorously verified it).
> >
> > >
> > > See for yourself in the source repository for files:
> > >
> > > lib/c/stdio/sprintf.c
> > > lib/c/stdio/vsprintf.c
> > >
> > > > Is the documentation really correct? And if it is, why this
> > > > restriction?
> > >
> > > Well, as far as posix goes, you shouldn't use either in a signal
> > > handler, look at the async-signal-safe functions at:
> > >
> > > http://www.opengroup.org/onlinepubs/000095399/
> > >
> > >
> > >
> > > _______________________________________________
> > > OSTech
> > > http://community.qnx.com/sf/go/post6981
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post6984
> >
>
> --
> cburgess@qnx.com
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post7422
>
>
|
|
|
Colin Burgess(deleted)
|
Re: vsnprintf / vsprintf .. doc question
|
Colin Burgess(deleted)
04/28/2008 8:48 PM
post7432
|
Re: vsnprintf / vsprintf .. doc question
Thomas Fletcher wrote:
> On Mon, Apr 28, 2008 at 3:28 PM, Colin Burgess <cburgess@qnx.com> wrote:
>
> > None of the *printf variants can be safe, since they may call malloc(),
> > which has
> > a BGL within.
>
>
> I don't buy that. I think that the buffered variants could be safe for
use
> (and making
> them such would be quite handy) and taking a quick trace through the code
> they
> are safe (no mallocs, no locks) assuming that the vararg usage was also
> acceptable.
It may call malloc for wide strings.
> For what it is worth, and it is no lasting guarantee, I'm using snprintf
in
> interrupt
> handler code on multiple platforms right now with integer and string data
> and life
> hasn't turned nasty on me. If it does however, I know the first place
I'll
> comment
> out =;-)
Living on the edge? ;-)
>
> Thomas
>
>
>
> >
> >
> > Sean Boudreau wrote:
> > > On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> > > > On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> > > >
> > > > > For functions snprintf() and sprintf() there is NO such
> > restriction.
> > > > > This seems rather strange to me.
> > > >
> > > > I think the restrictions should be the same, since internally,
both
> > the
> > > > vsprintf and sprintf internally call _Printf.
> > >
> > > But which is correct? I can see printf() and friends
> > > that take a FILE * not being safe as they have to lock
> > > the FILE, but the 's' variants that operate on a buffer
> > > 'may' be safe (haven't rigorously verified it).
> > >
> > > >
> > > > See for yourself in the source repository for files:
> > > >
> > > > lib/c/stdio/sprintf.c
> > > > lib/c/stdio/vsprintf.c
> > > >
> > > > > Is the documentation really correct? And if it is, why this
> > > > > restriction?
> > > >
> > > > Well, as far as posix goes, you shouldn't use either in a signal
> > > > handler, look at the async-signal-safe functions at:
> > > >
> > > > http://www.opengroup.org/onlinepubs/000095399/
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > OSTech
> > > > http://community.qnx.com/sf/go/post6981
> > >
> > > _______________________________________________
> > > OSTech
> > > http://community.qnx.com/sf/go/post6984
> > >
> >
> > --
> > cburgess@qnx.com
> >
> > _______________________________________________
> > OSTech
> > http://community.qnx.com/sf/go/post7422
> >
> >
>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post7430
>
--
cburgess@qnx.com
|
|
|
Thomas Fletcher
|
Re: vsnprintf / vsprintf .. doc question
|
Thomas Fletcher
04/28/2008 9:57 PM
post7435
|
Re: vsnprintf / vsprintf .. doc question
On Mon, Apr 28, 2008 at 8:48 PM, Colin Burgess <cburgess@qnx.com> wrote:
>
>
> Thomas Fletcher wrote:
> > On Mon, Apr 28, 2008 at 3:28 PM, Colin Burgess <cburgess@qnx.com> wrote:
> >
> > > None of the *printf variants can be safe, since they may call
> malloc(),
> > > which has
> > > a BGL within.
> >
> >
> > I don't buy that. I think that the buffered variants could be safe for
> use
> > (and making
> > them such would be quite handy) and taking a quick trace through the
> code
> > they
> > are safe (no mallocs, no locks) assuming that the vararg usage was also
> > acceptable.
>
> It may call malloc for wide strings.
Doesn't it put the content for wide string expansion on the stack? Wouldn't
that also come throught the w*printf path as well so it could be easily
avoided
if need be.
I just think that this is a handy functionality to have, it would be nice to
ensure
its safety in a limited set of circumstances (still usefull) so everyone
doesn't
have to roll their own code ala kprintf().
> > For what it is worth, and it is no lasting guarantee, I'm using snprintf
> in
> > interrupt
> > handler code on multiple platforms right now with integer and string
> data
> > and life
> > hasn't turned nasty on me. If it does however, I know the first place
> I'll
> > comment
> > out =;-)
> Living on the edge? ;-)
The edge is a beautiful place when everything is working. When the wind
blows though it gets a little dicey =;-)
Thomas
>
> > > Sean Boudreau wrote:
> > > > On Thu, Apr 17, 2008 at 10:43:46AM -0400, Stephane Boucher wrote:
> > > > > On Thu, 2008-04-17 at 04:26 -0400, Jeevan Mathew wrote:
> > > > >
> > > > > > For functions snprintf() and sprintf() there is NO such
> > > restriction.
> > > > > > This seems rather strange to me.
> > > > >
> > > > > I think the restrictions should be the same, since internally,
> both
> > > the
> > > > > vsprintf and sprintf internally call _Printf.
> > > >
> > > > But which is correct? I can see printf() and friends
> > > > that take a FILE * not being safe as they have to lock
> > > > the FILE, but the 's' variants that operate on a buffer
> > > > 'may' be safe (haven't rigorously verified it).
> > > >
> > > > >
> > > > > See for yourself in the source repository for files:
> > > > >
> > > > > lib/c/stdio/sprintf.c
> > > > > lib/c/stdio/vsprintf.c
> > > > >
> > > > > > Is the documentation really correct? And if it is, why this
> > > > > > restriction?
> > > > >
> > > > > Well, as far as posix goes, you shouldn't use either in a signal
> > > > > handler, look at the async-signal-safe functions at:
> > > > >
> > > > > http://www.opengroup.org/onlinepubs/000095399/
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > OSTech
> > > > > http://community.qnx.com/sf/go/post6981
> > > >
> > > > _______________________________________________
> > > > OSTech
> > > > http://community.qnx.com/sf/go/post6984
> > > >
> > >
> > > --
> > > cburgess@qnx.com
> > >
> > >...
|
|
|
Stephane Boucher
|
Re: vsnprintf / vsprintf .. doc question
|
Stephane Boucher
04/18/2008 3:56 PM
post7083
|
Re: vsnprintf / vsprintf .. doc question
To follow up, I went hunting for more information.
As I said before, posix doesn't require that the *sprintf functions be signal safe.
On NTO, many of those functions are documented as safe in signal handler.
However, *all* functions marked as signal safe are subject to the caveat that floating point are not safe (floating
point registers are not saved before invoking the signal handler).
I've asked that the documentation be updated to reflect this.
|
|
|
Josef Rossmeier(deleted)
|
Re: vsnprintf / vsprintf .. doc question
|
Josef Rossmeier(deleted)
04/21/2008 2:18 AM
post7097
|
Re: vsnprintf / vsprintf .. doc question
> To follow up, I went hunting for more information.
>As I said before, posix doesn't require that the *sprintf functions be signal safe.
> On NTO, many of those functions are documented as safe in signal handler.
> However, *all* functions marked as signal safe are subject to the caveat that floating point are not safe (floating
> point registers are not saved before invoking the signal handler).
Does this really mean that using ANY floating point variables in a
signal handler is potentially unsafe?!
> I've asked that the documentation be updated to reflect this.
|
|
|
Stephane Boucher
|
Re: vsnprintf / vsprintf .. doc question
|
Stephane Boucher
04/21/2008 9:57 AM
post7117
|
Re: vsnprintf / vsprintf .. doc question
On Mon, 2008-04-21 at 02:18 -0400, Josef Rossmeier wrote:
> > However, *all* functions marked as signal safe are subject to the
> caveat that floating point are not safe (floating
> > point registers are not saved before invoking the signal handler).
>
> Does this really mean that using ANY floating point variables in a
> signal handler is potentially unsafe?!
yes.
|
|
|
|