Proposed C99 features section for MIT krb5 coding style
Greg Hudson
ghudson at mit.edu
Wed Jan 6 12:33:55 EST 2016
I would like to add a section on using C99 features to
http://k5wiki.kerberos.org/wiki/Coding_style/Practices
based on the discussion here:
http://mailman.mit.edu/pipermail/krbdev/2015-June/012375.html
When MSVC stops being a factor, I think this section can go away with
its contents folded into other sections. Until then, it makes sense to
document this stuff in one place.
Comments are appreciated. The only significant change to current
practice is that designated initializers and compound literals can be
used in non-Windows code.
C99 features
------------
Use static inline functions instead of macros where possible. Variadic
macros may be used when needed.
Where fixed-width integer types are required, use types from <stdint.h>
such as int32_t. Where an integer type of at least 64 bits is required,
use "long long".
Do not use designated initializers or compound literals in code which is
built on Windows. They may be used in code which is not built on
Windows.
Avoid using declarations after statements (see [Local Variables]).
Absolutely do not use them in code which is built on Windows.
Do not use variable-length arrays.
Do not use // comments (see [[Formatting#Comment Formatting]]).
Current conformance
-------------------
Older code uses Kerberos-specific fixed-width integer types such as
krb5_int32. Types from <stdint.h> can be used interchangeably with
these types while we migrate away from them.
Rationale
---------
At this time, official builds of Kerberos for Windows are performed
using Visual Studio 2010, which supports only a subset of C99 features
(see [[Portability research]]). Support for the inline keyword is
ensured by <win-mac.h>.
Variable-length arrays are unsafe because there is no error checking.
If the length can be controlled by an attacker, security-critical bugs
may result.
More information about the krbdev
mailing list