Re: [PATCH] bind.2, mount_setattr.2, openat2.2, perf_event_open.2, pidfd_send_signal.2, recvmmsg.2, seccomp_unotify.2, select_tut.2, sendmmsg.2, set_thread_area.2, sysctl.2, bzero.3, getaddrinfo.3, getaddrinfo_a.3, getutent.3, mbrtowc.3, mbsinit.3, rtime.3, rtnetlink.3, strptime.3, NULL.3const, size_t.3type, void.3type, aio.7, netlink.7, unix.7: Prefer bzero(3) over memset(3)

[Alejandro Colomar <alx.manpages@gmail.com>]

[-- Attachment #1.1: Type: text/plain, Size: 2005 bytes --]

Hi Paul,

On 1/5/23 21:55, Paul Eggert wrote:
> On 2023-01-05 12:48, Adhemerval Zanella Netto via Libc-alpha wrote:
>>
>>
>> On 05/01/23 16:37, Alejandro Colomar via Libc-alpha wrote:
>>> bzero(3) is simpler to use, and can avoid silly mistakes that are hard
>>> to spot.  memset(3), while it is necessary in a few very-specific cases,
>>> should be avoided when the memory is to be zeroed.
>>>
>>> POSIX and ISO can say otherwise, but it doesn't make any sense to
>>> recommend using memset(3) over bzero(3).
>>
>> bzero is deprecated by POSIX.1-2001, removed by POSIX.1-2008, and on glibc
>> implementation now calls memset (previously some architecture added ifunc
>> redirection to optimized bzero to avoid the extra function call, it was
>> removed from all architectures).
>>
>> Also, GCC for some time also replaces bzero with memset so there is no gain
>> in actually call bzero (check glibc commit 
>> 9403b71ae97e3f1a91c796ddcbb4e6f044434734).
> 
> In addition, gcc -Wall warns if you mistakenly pass 0 as memset's 3rd arg, which 
> undercuts the argument that bzero avoids silly mistakes.

That's a good counterargument for the silly mistakes point.  But the cognitive 
load that programmers need to care about the extra useless argument for no good 
reason is still a problem of the memset(3) API that bszero(3) simply hasn't.

If it's about defending a minimal set of functions that serve the basic purposes 
that programmer may need, I'll prepare a counterargument:

Why does POSIX have strnlen(3)?  strnlen(s, n) is just a shorthand for memchr(s, 
'\0', n);

If the similarity wasn't obvious enough, I'll put them together:

strnlen(p, n)  ----  memchr(p, 0, n)
bzero(p, n)    ----  memset(p, 0, n)

I'd like to get a rationale for why we should promote strnlen(3) but not 
bzero(3) that doesn't reduce to "it is standard".  Why would the standard cover 
on and not the other?

Cheers,

Alex

> 

-- 
<http://www.alejandro-colomar.es/>

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]