unit.git, branch str-v1 Universal Web Application Server Added nxt_usts2str() to make C strings from nxt_str_t. 2022-11-12T19:39:48+00:00 Alejandro Colomar alx@nginx.com 2022-10-27T11:22:19+00:00 b2571ebac22180eb3fb6568726f82293d2dd8be3 This function is identical to nxt_ustr2str(), except that it takes a nxt_str_t structure as input, instead of a 'u_char *' and a size. The documentation of the function: /* * SYNOPSIS * void nxt_usts2str(char dst[restrict .src->length+1], * const nxt_str_t *restrict src); * * ARGUMENTS * dst Pointer to the first byte of the destination buffer. * src Pointer to the source Unterminated STring Structure. * * DESCRIPTION * Copy a string from the source nxt_str_t, which may be * not-NUL-terminated, into a NUL-terminated string in the * destination buffer. * * CAVEATS * If the destination buffer is not wider than the source buffer * at least by 1 byte, the behavior is undefined. * * EXAMPLES * nxt_str_t src = nxt_string("0123456789"); * char dst[src.length + 1]; * * nxt_usts2str(dst, &src); * * SEE ALSO * ustr2str(3), strlcpy(3), strscpy(9) */ Suggested-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> 
This function is identical to nxt_ustr2str(), except that it takes
a nxt_str_t structure as input, instead of a 'u_char *' and a size.

The documentation of the function:

/*
 * SYNOPSIS
 *   void nxt_usts2str(char dst[restrict .src->length+1],
 *                     const nxt_str_t *restrict src);
 *
 * ARGUMENTS
 *      dst     Pointer to the first byte of the destination buffer.
 *      src     Pointer to the source Unterminated STring Structure.
 *
 * DESCRIPTION
 *      Copy a string from the source nxt_str_t, which may be
 *      not-NUL-terminated, into a NUL-terminated string in the
 *      destination buffer.
 *
 * CAVEATS
 *      If the destination buffer is not wider than the source buffer
 *      at least by 1 byte, the behavior is undefined.
 *
 * EXAMPLES
 *      nxt_str_t  src = nxt_string("0123456789");
 *      char       dst[src.length + 1];
 *
 *      nxt_usts2str(dst, &src);
 *
 * SEE ALSO
 *      ustr2str(3), strlcpy(3), strscpy(9)
 */

Suggested-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
Added nxt_ustr2str() to make C strings from fixed-width buffers. 2022-11-12T19:39:48+00:00 Alejandro Colomar alx@nginx.com 2022-10-25T16:42:52+00:00 2461a61574db338ed830de7cce1264cd321ccb2a This function makes it easy to transform a fixed-width buffer (which is how we represent strings in Unit most of the time) into a proper C string (NUL-terminated). We need to do this when interfacing libraries or the kernel, where most APIs expect NUL-terminated strings. The implementation is similar to strncpy_s(3), but avoids the unnecessary runtime checks. It's better to wrap the function in a macro and do as many static_assert(3)s as one considers necessary; in fact, if in the future C allows backwards VLA syntax, static analysis could be better than those static_assert(3)s. We use char for NUL-terminated strings, and u_char for the *u*nterminated strings. The documentation for the function: /* * SYNOPSIS * void ustr2str(char dst[restrict .n+1], * const u_char src[restrict .n], * size_t n); * * ARGUMENTS * dst Pointer to the first byte of the destination buffer. * src Pointer to the first byte of the source string. * n Size of 'src'. * * DESCRIPTION * Copy a string from the fixed-width source string, which may be * not-NUL-terminated, into a NUL-terminated string in the * destination buffer. * * CAVEATS * If the destination buffer is not wider than the source buffer * at least by 1 byte, the behavior is undefined. * * Use of this function normally indicates a problem in the design * of the strings, since normally it's better to guarantee that all * strings are properly terminated. The main use for this function * is to interface with some standard buffers, such as those * defined in utmp(7), which for historical reasons are not * guaranteed to be terminated. * * EXAMPLES * u_char src[10] = "0123456789"; // not NUL-terminated * char dst[sizeof(src) + 1]; * * static_assert(lengthof(src) < lengthof(dst)) * ustr2str(dst, src, lengthof(src)); * * SEE ALSO * nxt_sts2str(3), strlcpy(3), strscpy(9) */ Cc: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> 
This function makes it easy to transform a fixed-width buffer
(which is how we represent strings in Unit most of the time) into
a proper C string (NUL-terminated).  We need to do this when
interfacing libraries or the kernel, where most APIs expect
NUL-terminated strings.

The implementation is similar to strncpy_s(3), but avoids the
unnecessary runtime checks.  It's better to wrap the function in a
macro and do as many static_assert(3)s as one considers necessary;
in fact, if in the future C allows backwards VLA syntax, static
analysis could be better than those static_assert(3)s.

We use char for NUL-terminated strings, and u_char for the
*u*nterminated strings.

The documentation for the function:

/*
 * SYNOPSIS
 *   void ustr2str(char dst[restrict .n+1],
 *                 const u_char src[restrict .n],
 *                 size_t n);
 *
 * ARGUMENTS
 *	dst	Pointer to the first byte of the destination buffer.
 *	src	Pointer to the first byte of the source string.
 *	n	Size of 'src'.
 *
 * DESCRIPTION
 *	Copy a string from the fixed-width source string, which may be
 *	not-NUL-terminated, into a NUL-terminated string in the
 *	destination buffer.
 *
 * CAVEATS
 *	If the destination buffer is not wider than the source buffer
 *	at least by 1 byte, the behavior is undefined.
 *
 *	Use of this function normally indicates a problem in the design
 *	of the strings, since normally it's better to guarantee that all
 *	strings are properly terminated.  The main use for this function
 *	is to interface with some standard buffers, such as those
 *	defined in utmp(7), which for historical reasons are not
 *	guaranteed to be terminated.
 *
 * EXAMPLES
 *	u_char  src[10] = "0123456789";  // not NUL-terminated
 *	char    dst[sizeof(src) + 1];
 *
 *	static_assert(lengthof(src) < lengthof(dst))
 *	ustr2str(dst, src, lengthof(src));
 *
 * SEE ALSO
 *	nxt_sts2str(3), strlcpy(3), strscpy(9)
 */

Cc: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
Workarounded Ruby bug. 2022-11-12T19:39:48+00:00 Alejandro Colomar alx@nginx.com 2022-10-28T00:36:33+00:00 44c24fe163b580a985cb11486f54191c437d3356 Ruby redefines memcpy(3) in public headers. Or at least they did until they fixed it 4 months ago. We need to undefine their broken definition. Link: <https://bugs.ruby-lang.org/issues/18893> Signed-off-by: Alejandro Colomar <alx@nginx.com> 
Ruby redefines memcpy(3) in public headers.  Or at least they did until
they fixed it 4 months ago.  We need to undefine their broken definition.

Link: <https://bugs.ruby-lang.org/issues/18893>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
Split nxt_str_t struct declaration and definition. 2022-11-12T19:22:07+00:00 Alejandro Colomar alx@nginx.com 2022-10-30T12:13:09+00:00 04245f26f6f9dbca1bfb14ee084ba90ae91b5e07 This allows using the type in declarations before it's actually defined, and also to move the typedef to another file. Signed-off-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> 
This allows using the type in declarations before it's actually
defined, and also to move the typedef to another file.

Signed-off-by: Alejandro Colomar <alx@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Added nxt_char_cast() macro for casting safely. 2022-11-12T19:22:07+00:00 Alejandro Colomar alx@kernel.org 2022-11-11T23:48:10+00:00 b08dc96589cdbe65c206d36e2cd516b24967d394 This macro is similar to C++'s static_cast(). It allows a very-limited set of casts to be performed, but rejects most casts. Basically, it only allows converting from char to u_char and vice-versa, while respecting the const qualifier. See the _Generic(3) manual page for more details and examples. Cc: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> 
This macro is similar to C++'s static_cast().  It allows a very-limited
set of casts to be performed, but rejects most casts.  Basically, it
only allows converting from char to u_char and vice-versa, while
respecting the const qualifier.

See the _Generic(3) manual page for more details and examples.

Cc: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Added NXT_HAVE_C11_GENERIC. 2022-11-12T19:22:07+00:00 Alejandro Colomar alx@kernel.org 2022-11-11T23:41:15+00:00 7906529a9fdda226cb5914eec4ab347f4e761a02 Test if _Generic(3) is available. Although we require GNU C11, some old compilers, like the one in CentOS 7 still don't have full support for C11, and _Generic(3) is not available there. Cc: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> 
Test if _Generic(3) is available.  Although we require GNU C11, some
old compilers, like the one in CentOS 7 still don't have full support
for C11, and _Generic(3) is not available there.

Cc: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Using nxt_nitems() instead of sizeof() for strings (arrays). 2022-11-12T19:22:07+00:00 Alejandro Colomar alx@nginx.com 2022-10-29T21:23:06+00:00 317a217bf8fa6c31c1b48193941a50ef64c155ab sizeof() should never be used to get the size of an array. It is very unsafe, since arrays easily decay to pointers, and sizeof() applied to a pointer gives false results that compile and produce silent bugs. It's better to use nxt_items(), which implements sizeof() division, which recent compilers warn when used with pointers. This change would have avoided a bug that we almost introduced recently by using: nxt_str_set(&port, (r->tls ? "https://" : "http://")); which in the macro expansion runs: (&port)->length = nxt_length((r->tls ? : "https://" : "http://")); which evaluates to: port.length = sizeof(r->tls ? "https://" : "http://") - 1; which evaluates to: port.length = 8 - 1; Of course, we didn't want a compile-time-constant 8 there, but rather the length of the string. Link: <https://stackoverflow.com/a/57537491> Cc: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> 
sizeof() should never be used to get the size of an array.  It is
very unsafe, since arrays easily decay to pointers, and sizeof()
applied to a pointer gives false results that compile and produce
silent bugs.

It's better to use nxt_items(), which implements sizeof()
division, which recent compilers warn when used with pointers.

This change would have avoided a bug that we almost introduced
recently by using:

    nxt_str_set(&port, (r->tls ? "https://" : "http://"));

which in the macro expansion runs:

    (&port)->length = nxt_length((r->tls ? : "https://" : "http://"));

which evaluates to:

    port.length = sizeof(r->tls ? "https://" : "http://") - 1;

which evaluates to:

    port.length = 8 - 1;

Of course, we didn't want a compile-time-constant 8 there, but
rather the length of the string.

Link: <https://stackoverflow.com/a/57537491>
Cc: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
Requiring GNU C11. 2022-11-12T18:59:23+00:00 Alejandro Colomar alx@nginx.com 2022-10-27T23:49:55+00:00 3bbb13b7d2275adbeef528cebf8bd9e8a5a07696 Suggested-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> 
Suggested-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
Packages: added Python 3.8 and Python 3.9 modules on RHEL 8 clones. 2022-11-04T09:55:16+00:00 Konstantin Pavlov thresh@nginx.com 2022-11-04T09:55:16+00:00 11f416878a9f5f7ec13d548b85982c5de5b55a11 Refs: https://github.com/nginx/unit/issues/778 
Refs: https://github.com/nginx/unit/issues/778
Removed the unsafe nxt_memchr() wrapper for memchr(3). 2022-11-03T23:30:50+00:00 Alejandro Colomar alx@nginx.com 2022-11-02T20:45:40+00:00 ebf02266a2cd663ad4744d3b8c07e211b8f38da1 The casts are unnecessary, since memchr(3)'s argument is 'const void *'. It might have been necessary in the times of K&R, where 'void *' didn't exist. Nowadays, it's unnecessary, and _very_ unsafe, since casts can hide all classes of bugs by silencing most compiler warnings. The changes from nxt_memchr() to memchr(3) were scripted: $ find src/ -type f \ | grep '\.[ch]$' \ | xargs sed -i 's/nxt_memchr/memchr/' Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> 
The casts are unnecessary, since memchr(3)'s argument is 'const void *'.
It might have been necessary in the times of K&R, where 'void *' didn't
exist.  Nowadays, it's unnecessary, and _very_ unsafe, since casts can
hide all classes of bugs by silencing most compiler warnings.

The changes from nxt_memchr() to memchr(3) were scripted:

$ find src/ -type f \
  | grep '\.[ch]$' \
  | xargs sed -i 's/nxt_memchr/memchr/'

Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>