| @node Introduction, Error Reporting, Top, Top |
| @chapter Introduction |
| @c %MENU% Purpose of the GNU C Library |
| |
| The C language provides no built-in facilities for performing such |
| common operations as input/output, memory management, string |
| manipulation, and the like. Instead, these facilities are defined |
| in a standard @dfn{library}, which you compile and link with your |
| programs. |
| @cindex library |
| |
| @Theglibc{}, described in this document, defines all of the |
| library functions that are specified by the @w{ISO C} standard, as well as |
| additional features specific to POSIX and other derivatives of the Unix |
| operating system, and extensions specific to @gnusystems{}. |
| |
| The purpose of this manual is to tell you how to use the facilities |
| of @theglibc{}. We have mentioned which features belong to which |
| standards to help you identify things that are potentially non-portable |
| to other systems. But the emphasis in this manual is not on strict |
| portability. |
| |
| @menu |
| * Getting Started:: What this manual is for and how to use it. |
| * Standards and Portability:: Standards and sources upon which the GNU |
| C library is based. |
| * Using the Library:: Some practical uses for the library. |
| * Roadmap to the Manual:: Overview of the remaining chapters in |
| this manual. |
| @end menu |
| |
| @node Getting Started, Standards and Portability, , Introduction |
| @section Getting Started |
| |
| This manual is written with the assumption that you are at least |
| somewhat familiar with the C programming language and basic programming |
| concepts. Specifically, familiarity with ISO standard C |
| (@pxref{ISO C}), rather than ``traditional'' pre-ISO C dialects, is |
| assumed. |
| |
| @Theglibc{} includes several @dfn{header files}, each of which |
| provides definitions and declarations for a group of related facilities; |
| this information is used by the C compiler when processing your program. |
| For example, the header file @file{stdio.h} declares facilities for |
| performing input and output, and the header file @file{string.h} |
| declares string processing utilities. The organization of this manual |
| generally follows the same division as the header files. |
| |
| If you are reading this manual for the first time, you should read all |
| of the introductory material and skim the remaining chapters. There are |
| a @emph{lot} of functions in @theglibc{} and it's not realistic to |
| expect that you will be able to remember exactly @emph{how} to use each |
| and every one of them. It's more important to become generally familiar |
| with the kinds of facilities that the library provides, so that when you |
| are writing your programs you can recognize @emph{when} to make use of |
| library functions, and @emph{where} in this manual you can find more |
| specific information about them. |
| |
| |
| @node Standards and Portability, Using the Library, Getting Started, Introduction |
| @section Standards and Portability |
| @cindex standards |
| |
| This section discusses the various standards and other sources that @theglibc{} |
| is based upon. These sources include the @w{ISO C} and |
| POSIX standards, and the System V and Berkeley Unix implementations. |
| |
| The primary focus of this manual is to tell you how to make effective |
| use of the @glibcadj{} facilities. But if you are concerned about |
| making your programs compatible with these standards, or portable to |
| operating systems other than GNU, this can affect how you use the |
| library. This section gives you an overview of these standards, so that |
| you will know what they are when they are mentioned in other parts of |
| the manual. |
| |
| @xref{Library Summary}, for an alphabetical list of the functions and |
| other symbols provided by the library. This list also states which |
| standards each function or symbol comes from. |
| |
| @menu |
| * ISO C:: The international standard for the C |
| programming language. |
| * POSIX:: The ISO/IEC 9945 (aka IEEE 1003) standards |
| for operating systems. |
| * Berkeley Unix:: BSD and SunOS. |
| * SVID:: The System V Interface Description. |
| * XPG:: The X/Open Portability Guide. |
| @end menu |
| |
| @node ISO C, POSIX, , Standards and Portability |
| @subsection ISO C |
| @cindex ISO C |
| |
| @Theglibc{} is compatible with the C standard adopted by the |
| American National Standards Institute (ANSI): |
| @cite{American National Standard X3.159-1989---``ANSI C''} and later |
| by the International Standardization Organization (ISO): |
| @cite{ISO/IEC 9899:1990, ``Programming languages---C''}. |
| We here refer to the standard as @w{ISO C} since this is the more |
| general standard in respect of ratification. |
| The header files and library facilities that make up @theglibc{} are |
| a superset of those specified by the @w{ISO C} standard.@refill |
| |
| @pindex gcc |
| If you are concerned about strict adherence to the @w{ISO C} standard, you |
| should use the @samp{-ansi} option when you compile your programs with |
| the GNU C compiler. This tells the compiler to define @emph{only} ISO |
| standard features from the library header files, unless you explicitly |
| ask for additional features. @xref{Feature Test Macros}, for |
| information on how to do this. |
| |
| Being able to restrict the library to include only @w{ISO C} features is |
| important because @w{ISO C} puts limitations on what names can be defined |
| by the library implementation, and the GNU extensions don't fit these |
| limitations. @xref{Reserved Names}, for more information about these |
| restrictions. |
| |
| This manual does not attempt to give you complete details on the |
| differences between @w{ISO C} and older dialects. It gives advice on how |
| to write programs to work portably under multiple C dialects, but does |
| not aim for completeness. |
| |
| |
| @node POSIX, Berkeley Unix, ISO C, Standards and Portability |
| @subsection POSIX (The Portable Operating System Interface) |
| @cindex POSIX |
| @cindex POSIX.1 |
| @cindex IEEE Std 1003.1 |
| @cindex ISO/IEC 9945-1 |
| @cindex POSIX.2 |
| @cindex IEEE Std 1003.2 |
| @cindex ISO/IEC 9945-2 |
| |
| @Theglibc{} is also compatible with the ISO @dfn{POSIX} family of |
| standards, known more formally as the @dfn{Portable Operating System |
| Interface for Computer Environments} (ISO/IEC 9945). They were also |
| published as ANSI/IEEE Std 1003. POSIX is derived mostly from various |
| versions of the Unix operating system. |
| |
| The library facilities specified by the POSIX standards are a superset |
| of those required by @w{ISO C}; POSIX specifies additional features for |
| @w{ISO C} functions, as well as specifying new additional functions. In |
| general, the additional requirements and functionality defined by the |
| POSIX standards are aimed at providing lower-level support for a |
| particular kind of operating system environment, rather than general |
| programming language support which can run in many diverse operating |
| system environments.@refill |
| |
| @Theglibc{} implements all of the functions specified in |
| @cite{ISO/IEC 9945-1:1996, the POSIX System Application Program |
| Interface}, commonly referred to as POSIX.1. The primary extensions to |
| the @w{ISO C} facilities specified by this standard include file system |
| interface primitives (@pxref{File System Interface}), device-specific |
| terminal control functions (@pxref{Low-Level Terminal Interface}), and |
| process control functions (@pxref{Processes}). |
| |
| Some facilities from @cite{ISO/IEC 9945-2:1993, the POSIX Shell and |
| Utilities standard} (POSIX.2) are also implemented in @theglibc{}. |
| These include utilities for dealing with regular expressions and other |
| pattern matching facilities (@pxref{Pattern Matching}). |
| |
| @menu |
| * POSIX Safety Concepts:: Safety concepts from POSIX. |
| * Unsafe Features:: Features that make functions unsafe. |
| * Conditionally Safe Features:: Features that make functions unsafe |
| in the absence of workarounds. |
| * Other Safety Remarks:: Additional safety features and remarks. |
| @end menu |
| |
| @comment Roland sez: |
| @comment The GNU C library as it stands conforms to 1003.2 draft 11, which |
| @comment specifies: |
| @comment |
| @comment Several new macros in <limits.h>. |
| @comment popen, pclose |
| @comment <regex.h> (which is not yet fully implemented--wait on this) |
| @comment fnmatch |
| @comment getopt |
| @comment <glob.h> |
| @comment <wordexp.h> (not yet implemented) |
| @comment confstr |
| |
| @node POSIX Safety Concepts, Unsafe Features, , POSIX |
| @subsubsection POSIX Safety Concepts |
| @cindex POSIX Safety Concepts |
| |
| This manual documents various safety properties of @glibcadj{} |
| functions, in lines that follow their prototypes and look like: |
| |
| @sampsafety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} |
| |
| The properties are assessed according to the criteria set forth in the |
| POSIX standard for such safety contexts as Thread-, Async-Signal- and |
| Async-Cancel- -Safety. Intuitive definitions of these properties, |
| attempting to capture the meaning of the standard definitions, follow. |
| |
| @itemize @bullet |
| |
| @item |
| @cindex MT-Safe |
| @cindex Thread-Safe |
| @code{MT-Safe} or Thread-Safe functions are safe to call in the presence |
| of other threads. MT, in MT-Safe, stands for Multi Thread. |
| |
| Being MT-Safe does not imply a function is atomic, nor that it uses any |
| of the memory synchronization mechanisms POSIX exposes to users. It is |
| even possible that calling MT-Safe functions in sequence does not yield |
| an MT-Safe combination. For example, having a thread call two MT-Safe |
| functions one right after the other does not guarantee behavior |
| equivalent to atomic execution of a combination of both functions, since |
| concurrent calls in other threads may interfere in a destructive way. |
| |
| Whole-program optimizations that could inline functions across library |
| interfaces may expose unsafe reordering, and so performing inlining |
| across the @glibcadj{} interface is not recommended. The documented |
| MT-Safety status is not guaranteed under whole-program optimization. |
| However, functions defined in user-visible headers are designed to be |
| safe for inlining. |
| |
| |
| @item |
| @cindex AS-Safe |
| @cindex Async-Signal-Safe |
| @code{AS-Safe} or Async-Signal-Safe functions are safe to call from |
| asynchronous signal handlers. AS, in AS-Safe, stands for Asynchronous |
| Signal. |
| |
| Many functions that are AS-Safe may set @code{errno}, or modify the |
| floating-point environment, because their doing so does not make them |
| unsuitable for use in signal handlers. However, programs could |
| misbehave should asynchronous signal handlers modify this thread-local |
| state, and the signal handling machinery cannot be counted on to |
| preserve it. Therefore, signal handlers that call functions that may |
| set @code{errno} or modify the floating-point environment @emph{must} |
| save their original values, and restore them before returning. |
| |
| |
| @item |
| @cindex AC-Safe |
| @cindex Async-Cancel-Safe |
| @code{AC-Safe} or Async-Cancel-Safe functions are safe to call when |
| asynchronous cancellation is enabled. AC in AC-Safe stands for |
| Asynchronous Cancellation. |
| |
| The POSIX standard defines only three functions to be AC-Safe, namely |
| @code{pthread_cancel}, @code{pthread_setcancelstate}, and |
| @code{pthread_setcanceltype}. At present @theglibc{} provides no |
| guarantees beyond these three functions, but does document which |
| functions are presently AC-Safe. This documentation is provided for use |
| by @theglibc{} developers. |
| |
| Just like signal handlers, cancellation cleanup routines must configure |
| the floating point environment they require. The routines cannot assume |
| a floating point environment, particularly when asynchronous |
| cancellation is enabled. If the configuration of the floating point |
| environment cannot be performed atomically then it is also possible that |
| the environment encountered is internally inconsistent. |
| |
| |
| @item |
| @cindex MT-Unsafe |
| @cindex Thread-Unsafe |
| @cindex AS-Unsafe |
| @cindex Async-Signal-Unsafe |
| @cindex AC-Unsafe |
| @cindex Async-Cancel-Unsafe |
| @code{MT-Unsafe}, @code{AS-Unsafe}, @code{AC-Unsafe} functions are not |
| safe to call within the safety contexts described above. Calling them |
| within such contexts invokes undefined behavior. |
| |
| Functions not explicitly documented as safe in a safety context should |
| be regarded as Unsafe. |
| |
| |
| @item |
| @cindex Preliminary |
| @code{Preliminary} safety properties are documented, indicating these |
| properties may @emph{not} be counted on in future releases of |
| @theglibc{}. |
| |
| Such preliminary properties are the result of an assessment of the |
| properties of our current implementation, rather than of what is |
| mandated and permitted by current and future standards. |
| |
| Although we strive to abide by the standards, in some cases our |
| implementation is safe even when the standard does not demand safety, |
| and in other cases our implementation does not meet the standard safety |
| requirements. The latter are most likely bugs; the former, when marked |
| as @code{Preliminary}, should not be counted on: future standards may |
| require changes that are not compatible with the additional safety |
| properties afforded by the current implementation. |
| |
| Furthermore, the POSIX standard does not offer a detailed definition of |
| safety. We assume that, by ``safe to call'', POSIX means that, as long |
| as the program does not invoke undefined behavior, the ``safe to call'' |
| function behaves as specified, and does not cause other functions to |
| deviate from their specified behavior. We have chosen to use its loose |
| definitions of safety, not because they are the best definitions to use, |
| but because choosing them harmonizes this manual with POSIX. |
| |
| Please keep in mind that these are preliminary definitions and |
| annotations, and certain aspects of the definitions are still under |
| discussion and might be subject to clarification or change. |
| |
| Over time, we envision evolving the preliminary safety notes into stable |
| commitments, as stable as those of our interfaces. As we do, we will |
| remove the @code{Preliminary} keyword from safety notes. As long as the |
| keyword remains, however, they are not to be regarded as a promise of |
| future behavior. |
| |
| |
| @end itemize |
| |
| Other keywords that appear in safety notes are defined in subsequent |
| sections. |
| |
| |
| @node Unsafe Features, Conditionally Safe Features, POSIX Safety Concepts, POSIX |
| @subsubsection Unsafe Features |
| @cindex Unsafe Features |
| |
| Functions that are unsafe to call in certain contexts are annotated with |
| keywords that document their features that make them unsafe to call. |
| AS-Unsafe features in this section indicate the functions are never safe |
| to call when asynchronous signals are enabled. AC-Unsafe features |
| indicate they are never safe to call when asynchronous cancellation is |
| enabled. There are no MT-Unsafe marks in this section. |
| |
| @itemize @bullet |
| |
| @item @code{lock} |
| @cindex lock |
| |
| Functions marked with @code{lock} as an AS-Unsafe feature may be |
| interrupted by a signal while holding a non-recursive lock. If the |
| signal handler calls another such function that takes the same lock, the |
| result is a deadlock. |
| |
| Functions annotated with @code{lock} as an AC-Unsafe feature may, if |
| cancelled asynchronously, fail to release a lock that would have been |
| released if their execution had not been interrupted by asynchronous |
| thread cancellation. Once a lock is left taken, attempts to take that |
| lock will block indefinitely. |
| |
| |
| @item @code{corrupt} |
| @cindex corrupt |
| |
| Functions marked with @code{corrupt} as an AS-Unsafe feature may corrupt |
| data structures and misbehave when they interrupt, or are interrupted |
| by, another such function. Unlike functions marked with @code{lock}, |
| these take recursive locks to avoid MT-Safety problems, but this is not |
| enough to stop a signal handler from observing a partially-updated data |
| structure. Further corruption may arise from the interrupted function's |
| failure to notice updates made by signal handlers. |
| |
| Functions marked with @code{corrupt} as an AC-Unsafe feature may leave |
| data structures in a corrupt, partially updated state. Subsequent uses |
| of the data structure may misbehave. |
| |
| @c A special case, probably not worth documenting separately, involves |
| @c reallocing, or even freeing pointers. Any case involving free could |
| @c be easily turned into an ac-safe leak by resetting the pointer before |
| @c releasing it; I don't think we have any case that calls for this sort |
| @c of fixing. Fixing the realloc cases would require a new interface: |
| @c instead of @code{ptr=realloc(ptr,size)} we'd have to introduce |
| @c @code{acsafe_realloc(&ptr,size)} that would modify ptr before |
| @c releasing the old memory. The ac-unsafe realloc could be implemented |
| @c in terms of an internal interface with this semantics (say |
| @c __acsafe_realloc), but since realloc can be overridden, the function |
| @c we call to implement realloc should not be this internal interface, |
| @c but another internal interface that calls __acsafe_realloc if realloc |
| @c was not overridden, and calls the overridden realloc with async |
| @c cancel disabled. --lxoliva |
| |
| |
| @item @code{heap} |
| @cindex heap |
| |
| Functions marked with @code{heap} may call heap memory management |
| functions from the @code{malloc}/@code{free} family of functions and are |
| only as safe as those functions. This note is thus equivalent to: |
| |
| @sampsafety{@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}} |
| |
| |
| @c Check for cases that should have used plugin instead of or in |
| @c addition to this. Then, after rechecking gettext, adjust i18n if |
| @c needed. |
| @item @code{dlopen} |
| @cindex dlopen |
| |
| Functions marked with @code{dlopen} use the dynamic loader to load |
| shared libraries into the current execution image. This involves |
| opening files, mapping them into memory, allocating additional memory, |
| resolving symbols, applying relocations and more, all of this while |
| holding internal dynamic loader locks. |
| |
| The locks are enough for these functions to be AS- and AC-Unsafe, but |
| other issues may arise. At present this is a placeholder for all |
| potential safety issues raised by @code{dlopen}. |
| |
| @c dlopen runs init and fini sections of the module; does this mean |
| @c dlopen always implies plugin? |
| |
| |
| @item @code{plugin} |
| @cindex plugin |
| |
| Functions annotated with @code{plugin} may run code from plugins that |
| may be external to @theglibc{}. Such plugin functions are assumed to be |
| MT-Safe, AS-Unsafe and AC-Unsafe. Examples of such plugins are stack |
| @cindex NSS |
| unwinding libraries, name service switch (NSS) and character set |
| @cindex iconv |
| conversion (iconv) back-ends. |
| |
| Although the plugins mentioned as examples are all brought in by means |
| of dlopen, the @code{plugin} keyword does not imply any direct |
| involvement of the dynamic loader or the @code{libdl} interfaces, those |
| are covered by @code{dlopen}. For example, if one function loads a |
| module and finds the addresses of some of its functions, while another |
| just calls those already-resolved functions, the former will be marked |
| with @code{dlopen}, whereas the latter will get the @code{plugin}. When |
| a single function takes all of these actions, then it gets both marks. |
| |
| |
| @item @code{i18n} |
| @cindex i18n |
| |
| Functions marked with @code{i18n} may call internationalization |
| functions of the @code{gettext} family and will be only as safe as those |
| functions. This note is thus equivalent to: |
| |
| @sampsafety{@mtsafe{@mtsenv{}}@asunsafe{@asucorrupt{} @ascuheap{} @ascudlopen{}}@acunsafe{@acucorrupt{}}} |
| |
| |
| @item @code{timer} |
| @cindex timer |
| |
| Functions marked with @code{timer} use the @code{alarm} function or |
| similar to set a time-out for a system call or a long-running operation. |
| In a multi-threaded program, there is a risk that the time-out signal |
| will be delivered to a different thread, thus failing to interrupt the |
| intended thread. Besides being MT-Unsafe, such functions are always |
| AS-Unsafe, because calling them in signal handlers may interfere with |
| timers set in the interrupted code, and AC-Unsafe, because there is no |
| safe way to guarantee an earlier timer will be reset in case of |
| asynchronous cancellation. |
| |
| @end itemize |
| |
| |
| @node Conditionally Safe Features, Other Safety Remarks, Unsafe Features, POSIX |
| @subsubsection Conditionally Safe Features |
| @cindex Conditionally Safe Features |
| |
| For some features that make functions unsafe to call in certain |
| contexts, there are known ways to avoid the safety problem other than |
| refraining from calling the function altogether. The keywords that |
| follow refer to such features, and each of their definitions indicate |
| how the whole program needs to be constrained in order to remove the |
| safety problem indicated by the keyword. Only when all the reasons that |
| make a function unsafe are observed and addressed, by applying the |
| documented constraints, does the function become safe to call in a |
| context. |
| |
| @itemize @bullet |
| |
| @item @code{init} |
| @cindex init |
| |
| Functions marked with @code{init} as an MT-Unsafe feature perform |
| MT-Unsafe initialization when they are first called. |
| |
| Calling such a function at least once in single-threaded mode removes |
| this specific cause for the function to be regarded as MT-Unsafe. If no |
| other cause for that remains, the function can then be safely called |
| after other threads are started. |
| |
| Functions marked with @code{init} as an AS- or AC-Unsafe feature use the |
| internal @code{libc_once} machinery or similar to initialize internal |
| data structures. |
| |
| If a signal handler interrupts such an initializer, and calls any |
| function that also performs @code{libc_once} initialization, it will |
| deadlock if the thread library has been loaded. |
| |
| Furthermore, if an initializer is partially complete before it is |
| canceled or interrupted by a signal whose handler requires the same |
| initialization, some or all of the initialization may be performed more |
| than once, leaking resources or even resulting in corrupt internal data. |
| |
| Applications that need to call functions marked with @code{init} as an |
| AS- or AC-Unsafe feature should ensure the initialization is performed |
| before configuring signal handlers or enabling cancellation, so that the |
| AS- and AC-Safety issues related with @code{libc_once} do not arise. |
| |
| @c We may have to extend the annotations to cover conditions in which |
| @c initialization may or may not occur, since an initial call in a safe |
| @c context is no use if the initialization doesn't take place at that |
| @c time: it doesn't remove the risk for later calls. |
| |
| |
| @item @code{race} |
| @cindex race |
| |
| Functions annotated with @code{race} as an MT-Safety issue operate on |
| objects in ways that may cause data races or similar forms of |
| destructive interference out of concurrent execution. In some cases, |
| the objects are passed to the functions by users; in others, they are |
| used by the functions to return values to users; in others, they are not |
| even exposed to users. |
| |
| We consider access to objects passed as (indirect) arguments to |
| functions to be data race free. The assurance of data race free objects |
| is the caller's responsibility. We will not mark a function as |
| MT-Unsafe or AS-Unsafe if it misbehaves when users fail to take the |
| measures required by POSIX to avoid data races when dealing with such |
| objects. As a general rule, if a function is documented as reading from |
| an object passed (by reference) to it, or modifying it, users ought to |
| use memory synchronization primitives to avoid data races just as they |
| would should they perform the accesses themselves rather than by calling |
| the library function. @code{FILE} streams are the exception to the |
| general rule, in that POSIX mandates the library to guard against data |
| races in many functions that manipulate objects of this specific opaque |
| type. We regard this as a convenience provided to users, rather than as |
| a general requirement whose expectations should extend to other types. |
| |
| In order to remind users that guarding certain arguments is their |
| responsibility, we will annotate functions that take objects of certain |
| types as arguments. We draw the line for objects passed by users as |
| follows: objects whose types are exposed to users, and that users are |
| expected to access directly, such as memory buffers, strings, and |
| various user-visible @code{struct} types, do @emph{not} give reason for |
| functions to be annotated with @code{race}. It would be noisy and |
| redundant with the general requirement, and not many would be surprised |
| by the library's lack of internal guards when accessing objects that can |
| be accessed directly by users. |
| |
| As for objects that are opaque or opaque-like, in that they are to be |
| manipulated only by passing them to library functions (e.g., |
| @code{FILE}, @code{DIR}, @code{obstack}, @code{iconv_t}), there might be |
| additional expectations as to internal coordination of access by the |
| library. We will annotate, with @code{race} followed by a colon and the |
| argument name, functions that take such objects but that do not take |
| care of synchronizing access to them by default. For example, |
| @code{FILE} stream @code{unlocked} functions will be annotated, but |
| those that perform implicit locking on @code{FILE} streams by default |
| will not, even though the implicit locking may be disabled on a |
| per-stream basis. |
| |
| In either case, we will not regard as MT-Unsafe functions that may |
| access user-supplied objects in unsafe ways should users fail to ensure |
| the accesses are well defined. The notion prevails that users are |
| expected to safeguard against data races any user-supplied objects that |
| the library accesses on their behalf. |
| |
| @c The above describes @mtsrace; @mtasurace is described below. |
| |
| This user responsibility does not apply, however, to objects controlled |
| by the library itself, such as internal objects and static buffers used |
| to return values from certain calls. When the library doesn't guard |
| them against concurrent uses, these cases are regarded as MT-Unsafe and |
| AS-Unsafe (although the @code{race} mark under AS-Unsafe will be omitted |
| as redundant with the one under MT-Unsafe). As in the case of |
| user-exposed objects, the mark may be followed by a colon and an |
| identifier. The identifier groups all functions that operate on a |
| certain unguarded object; users may avoid the MT-Safety issues related |
| with unguarded concurrent access to such internal objects by creating a |
| non-recursive mutex related with the identifier, and always holding the |
| mutex when calling any function marked as racy on that identifier, as |
| they would have to should the identifier be an object under user |
| control. The non-recursive mutex avoids the MT-Safety issue, but it |
| trades one AS-Safety issue for another, so use in asynchronous signals |
| remains undefined. |
| |
| When the identifier relates to a static buffer used to hold return |
| values, the mutex must be held for as long as the buffer remains in use |
| by the caller. Many functions that return pointers to static buffers |
| offer reentrant variants that store return values in caller-supplied |
| buffers instead. In some cases, such as @code{tmpname}, the variant is |
| chosen not by calling an alternate entry point, but by passing a |
| non-@code{NULL} pointer to the buffer in which the returned values are |
| to be stored. These variants are generally preferable in multi-threaded |
| programs, although some of them are not MT-Safe because of other |
| internal buffers, also documented with @code{race} notes. |
| |
| |
| @item @code{const} |
| @cindex const |
| |
| Functions marked with @code{const} as an MT-Safety issue non-atomically |
| modify internal objects that are better regarded as constant, because a |
| substantial portion of @theglibc{} accesses them without |
| synchronization. Unlike @code{race}, that causes both readers and |
| writers of internal objects to be regarded as MT-Unsafe and AS-Unsafe, |
| this mark is applied to writers only. Writers remain equally MT- and |
| AS-Unsafe to call, but the then-mandatory constness of objects they |
| modify enables readers to be regarded as MT-Safe and AS-Safe (as long as |
| no other reasons for them to be unsafe remain), since the lack of |
| synchronization is not a problem when the objects are effectively |
| constant. |
| |
| The identifier that follows the @code{const} mark will appear by itself |
| as a safety note in readers. Programs that wish to work around this |
| safety issue, so as to call writers, may use a non-recursve |
| @code{rwlock} associated with the identifier, and guard @emph{all} calls |
| to functions marked with @code{const} followed by the identifier with a |
| write lock, and @emph{all} calls to functions marked with the identifier |
| by itself with a read lock. The non-recursive locking removes the |
| MT-Safety problem, but it trades one AS-Safety problem for another, so |
| use in asynchronous signals remains undefined. |
| |
| @c But what if, instead of marking modifiers with const:id and readers |
| @c with just id, we marked writers with race:id and readers with ro:id? |
| @c Instead of having to define each instance of “id”, we'd have a |
| @c general pattern governing all such “id”s, wherein race:id would |
| @c suggest the need for an exclusive/write lock to make the function |
| @c safe, whereas ro:id would indicate “id” is expected to be read-only, |
| @c but if any modifiers are called (while holding an exclusive lock), |
| @c then ro:id-marked functions ought to be guarded with a read lock for |
| @c safe operation. ro:env or ro:locale, for example, seems to convey |
| @c more clearly the expectations and the meaning, than just env or |
| @c locale. |
| |
| |
| @item @code{sig} |
| @cindex sig |
| |
| Functions marked with @code{sig} as a MT-Safety issue (that implies an |
| identical AS-Safety issue, omitted for brevity) may temporarily install |
| a signal handler for internal purposes, which may interfere with other |
| uses of the signal, identified after a colon. |
| |
| This safety problem can be worked around by ensuring that no other uses |
| of the signal will take place for the duration of the call. Holding a |
| non-recursive mutex while calling all functions that use the same |
| temporary signal; blocking that signal before the call and resetting its |
| handler afterwards is recommended. |
| |
| There is no safe way to guarantee the original signal handler is |
| restored in case of asynchronous cancellation, therefore so-marked |
| functions are also AC-Unsafe. |
| |
| @c fixme: at least deferred cancellation should get it right, and would |
| @c obviate the restoring bit below, and the qualifier above. |
| |
| Besides the measures recommended to work around the MT- and AS-Safety |
| problem, in order to avert the cancellation problem, disabling |
| asynchronous cancellation @emph{and} installing a cleanup handler to |
| restore the signal to the desired state and to release the mutex are |
| recommended. |
| |
| |
| @item @code{term} |
| @cindex term |
| |
| Functions marked with @code{term} as an MT-Safety issue may change the |
| terminal settings in the recommended way, namely: call @code{tcgetattr}, |
| modify some flags, and then call @code{tcsetattr}; this creates a window |
| in which changes made by other threads are lost. Thus, functions marked |
| with @code{term} are MT-Unsafe. The same window enables changes made by |
| asynchronous signals to be lost. These functions are also AS-Unsafe, |
| but the corresponding mark is omitted as redundant. |
| |
| It is thus advisable for applications using the terminal to avoid |
| concurrent and reentrant interactions with it, by not using it in signal |
| handlers or blocking signals that might use it, and holding a lock while |
| calling these functions and interacting with the terminal. This lock |
| should also be used for mutual exclusion with functions marked with |
| @code{@mtasurace{:tcattr(fd)}}, where @var{fd} is a file descriptor for |
| the controlling terminal. The caller may use a single mutex for |
| simplicity, or use one mutex per terminal, even if referenced by |
| different file descriptors. |
| |
| Functions marked with @code{term} as an AC-Safety issue are supposed to |
| restore terminal settings to their original state, after temporarily |
| changing them, but they may fail to do so if cancelled. |
| |
| @c fixme: at least deferred cancellation should get it right, and would |
| @c obviate the restoring bit below, and the qualifier above. |
| |
| Besides the measures recommended to work around the MT- and AS-Safety |
| problem, in order to avert the cancellation problem, disabling |
| asynchronous cancellation @emph{and} installing a cleanup handler to |
| restore the terminal settings to the original state and to release the |
| mutex are recommended. |
| |
| |
| @end itemize |
| |
| |
| @node Other Safety Remarks, , Conditionally Safe Features, POSIX |
| @subsubsection Other Safety Remarks |
| @cindex Other Safety Remarks |
| |
| Additional keywords may be attached to functions, indicating features |
| that do not make a function unsafe to call, but that may need to be |
| taken into account in certain classes of programs: |
| |
| @itemize @bullet |
| |
| @item @code{locale} |
| @cindex locale |
| |
| Functions annotated with @code{locale} as an MT-Safety issue read from |
| the locale object without any form of synchronization. Functions |
| annotated with @code{locale} called concurrently with locale changes may |
| behave in ways that do not correspond to any of the locales active |
| during their execution, but an unpredictable mix thereof. |
| |
| We do not mark these functions as MT- or AS-Unsafe, however, because |
| functions that modify the locale object are marked with |
| @code{const:locale} and regarded as unsafe. Being unsafe, the latter |
| are not to be called when multiple threads are running or asynchronous |
| signals are enabled, and so the locale can be considered effectively |
| constant in these contexts, which makes the former safe. |
| |
| @c Should the locking strategy suggested under @code{const} be used, |
| @c failure to guard locale uses is not as fatal as data races in |
| @c general: unguarded uses will @emph{not} follow dangling pointers or |
| @c access uninitialized, unmapped or recycled memory. Each access will |
| @c read from a consistent locale object that is or was active at some |
| @c point during its execution. Without synchronization, however, it |
| @c cannot even be assumed that, after a change in locale, earlier |
| @c locales will no longer be used, even after the newly-chosen one is |
| @c used in the thread. Nevertheless, even though unguarded reads from |
| @c the locale will not violate type safety, functions that access the |
| @c locale multiple times may invoke all sorts of undefined behavior |
| @c because of the unexpected locale changes. |
| |
| |
| @item @code{env} |
| @cindex env |
| |
| Functions marked with @code{env} as an MT-Safety issue access the |
| environment with @code{getenv} or similar, without any guards to ensure |
| safety in the presence of concurrent modifications. |
| |
| We do not mark these functions as MT- or AS-Unsafe, however, because |
| functions that modify the environment are all marked with |
| @code{const:env} and regarded as unsafe. Being unsafe, the latter are |
| not to be called when multiple threads are running or asynchronous |
| signals are enabled, and so the environment can be considered |
| effectively constant in these contexts, which makes the former safe. |
| |
| |
| @item @code{hostid} |
| @cindex hostid |
| |
| The function marked with @code{hostid} as an MT-Safety issue reads from |
| the system-wide data structures that hold the ``host ID'' of the |
| machine. These data structures cannot generally be modified atomically. |
| Since it is expected that the ``host ID'' will not normally change, the |
| function that reads from it (@code{gethostid}) is regarded as safe, |
| whereas the function that modifies it (@code{sethostid}) is marked with |
| @code{@mtasuconst{:@mtshostid{}}}, indicating it may require special |
| care if it is to be called. In this specific case, the special care |
| amounts to system-wide (not merely intra-process) coordination. |
| |
| |
| @item @code{sigintr} |
| @cindex sigintr |
| |
| Functions marked with @code{sigintr} as an MT-Safety issue access the |
| @code{_sigintr} internal data structure without any guards to ensure |
| safety in the presence of concurrent modifications. |
| |
| We do not mark these functions as MT- or AS-Unsafe, however, because |
| functions that modify the this data structure are all marked with |
| @code{const:sigintr} and regarded as unsafe. Being unsafe, the latter |
| are not to be called when multiple threads are running or asynchronous |
| signals are enabled, and so the data structure can be considered |
| effectively constant in these contexts, which makes the former safe. |
| |
| |
| @item @code{fd} |
| @cindex fd |
| |
| Functions annotated with @code{fd} as an AC-Safety issue may leak file |
| descriptors if asynchronous thread cancellation interrupts their |
| execution. |
| |
| Functions that allocate or deallocate file descriptors will generally be |
| marked as such. Even if they attempted to protect the file descriptor |
| allocation and deallocation with cleanup regions, allocating a new |
| descriptor and storing its number where the cleanup region could release |
| it cannot be performed as a single atomic operation. Similarly, |
| releasing the descriptor and taking it out of the data structure |
| normally responsible for releasing it cannot be performed atomically. |
| There will always be a window in which the descriptor cannot be released |
| because it was not stored in the cleanup handler argument yet, or it was |
| already taken out before releasing it. It cannot be taken out after |
| release: an open descriptor could mean either that the descriptor still |
| has to be closed, or that it already did so but the descriptor was |
| reallocated by another thread or signal handler. |
| |
| Such leaks could be internally avoided, with some performance penalty, |
| by temporarily disabling asynchronous thread cancellation. However, |
| since callers of allocation or deallocation functions would have to do |
| this themselves, to avoid the same sort of leak in their own layer, it |
| makes more sense for the library to assume they are taking care of it |
| than to impose a performance penalty that is redundant when the problem |
| is solved in upper layers, and insufficient when it is not. |
| |
| This remark by itself does not cause a function to be regarded as |
| AC-Unsafe. However, cumulative effects of such leaks may pose a |
| problem for some programs. If this is the case, suspending asynchronous |
| cancellation for the duration of calls to such functions is recommended. |
| |
| |
| @item @code{mem} |
| @cindex mem |
| |
| Functions annotated with @code{mem} as an AC-Safety issue may leak |
| memory if asynchronous thread cancellation interrupts their execution. |
| |
| The problem is similar to that of file descriptors: there is no atomic |
| interface to allocate memory and store its address in the argument to a |
| cleanup handler, or to release it and remove its address from that |
| argument, without at least temporarily disabling asynchronous |
| cancellation, which these functions do not do. |
| |
| This remark does not by itself cause a function to be regarded as |
| generally AC-Unsafe. However, cumulative effects of such leaks may be |
| severe enough for some programs that disabling asynchronous cancellation |
| for the duration of calls to such functions may be required. |
| |
| |
| @item @code{cwd} |
| @cindex cwd |
| |
| Functions marked with @code{cwd} as an MT-Safety issue may temporarily |
| change the current working directory during their execution, which may |
| cause relative pathnames to be resolved in unexpected ways in other |
| threads or within asynchronous signal or cancellation handlers. |
| |
| This is not enough of a reason to mark so-marked functions as MT- or |
| AS-Unsafe, but when this behavior is optional (e.g., @code{nftw} with |
| @code{FTW_CHDIR}), avoiding the option may be a good alternative to |
| using full pathnames or file descriptor-relative (e.g. @code{openat}) |
| system calls. |
| |
| |
| @item @code{!posix} |
| @cindex !posix |
| |
| This remark, as an MT-, AS- or AC-Safety note to a function, indicates |
| the safety status of the function is known to differ from the specified |
| status in the POSIX standard. For example, POSIX does not require a |
| function to be Safe, but our implementation is, or vice-versa. |
| |
| For the time being, the absence of this remark does not imply the safety |
| properties we documented are identical to those mandated by POSIX for |
| the corresponding functions. |
| |
| |
| @item @code{:identifier} |
| @cindex :identifier |
| |
| Annotations may sometimes be followed by identifiers, intended to group |
| several functions that e.g. access the data structures in an unsafe way, |
| as in @code{race} and @code{const}, or to provide more specific |
| information, such as naming a signal in a function marked with |
| @code{sig}. It is envisioned that it may be applied to @code{lock} and |
| @code{corrupt} as well in the future. |
| |
| In most cases, the identifier will name a set of functions, but it may |
| name global objects or function arguments, or identifiable properties or |
| logical components associated with them, with a notation such as |
| e.g. @code{:buf(arg)} to denote a buffer associated with the argument |
| @var{arg}, or @code{:tcattr(fd)} to denote the terminal attributes of a |
| file descriptor @var{fd}. |
| |
| The most common use for identifiers is to provide logical groups of |
| functions and arguments that need to be protected by the same |
| synchronization primitive in order to ensure safe operation in a given |
| context. |
| |
| |
| @item @code{/condition} |
| @cindex /condition |
| |
| Some safety annotations may be conditional, in that they only apply if a |
| boolean expression involving arguments, global variables or even the |
| underlying kernel evaluates to true. Such conditions as |
| @code{/hurd} or @code{/!linux!bsd} indicate the preceding marker only |
| applies when the underlying kernel is the HURD, or when it is neither |
| Linux nor a BSD kernel, respectively. @code{/!ps} and |
| @code{/one_per_line} indicate the preceding marker only applies when |
| argument @var{ps} is NULL, or global variable @var{one_per_line} is |
| nonzero. |
| |
| When all marks that render a function unsafe are adorned with such |
| conditions, and none of the named conditions hold, then the function can |
| be regarded as safe. |
| |
| |
| @end itemize |
| |
| |
| @node Berkeley Unix, SVID, POSIX, Standards and Portability |
| @subsection Berkeley Unix |
| @cindex BSD Unix |
| @cindex 4.@var{n} BSD Unix |
| @cindex Berkeley Unix |
| @cindex SunOS |
| @cindex Unix, Berkeley |
| |
| @Theglibc{} defines facilities from some versions of Unix which |
| are not formally standardized, specifically from the 4.2 BSD, 4.3 BSD, |
| and 4.4 BSD Unix systems (also known as @dfn{Berkeley Unix}) and from |
| @dfn{SunOS} (a popular 4.2 BSD derivative that includes some Unix System |
| V functionality). These systems support most of the @w{ISO C} and POSIX |
| facilities, and 4.4 BSD and newer releases of SunOS in fact support them all. |
| |
| The BSD facilities include symbolic links (@pxref{Symbolic Links}), the |
| @code{select} function (@pxref{Waiting for I/O}), the BSD signal |
| functions (@pxref{BSD Signal Handling}), and sockets (@pxref{Sockets}). |
| |
| @node SVID, XPG, Berkeley Unix, Standards and Portability |
| @subsection SVID (The System V Interface Description) |
| @cindex SVID |
| @cindex System V Unix |
| @cindex Unix, System V |
| |
| The @dfn{System V Interface Description} (SVID) is a document describing |
| the AT&T Unix System V operating system. It is to some extent a |
| superset of the POSIX standard (@pxref{POSIX}). |
| |
| @Theglibc{} defines most of the facilities required by the SVID |
| that are not also required by the @w{ISO C} or POSIX standards, for |
| compatibility with System V Unix and other Unix systems (such as |
| SunOS) which include these facilities. However, many of the more |
| obscure and less generally useful facilities required by the SVID are |
| not included. (In fact, Unix System V itself does not provide them all.) |
| |
| The supported facilities from System V include the methods for |
| inter-process communication and shared memory, the @code{hsearch} and |
| @code{drand48} families of functions, @code{fmtmsg} and several of the |
| mathematical functions. |
| |
| @node XPG, , SVID, Standards and Portability |
| @subsection XPG (The X/Open Portability Guide) |
| |
| The X/Open Portability Guide, published by the X/Open Company, Ltd., is |
| a more general standard than POSIX. X/Open owns the Unix copyright and |
| the XPG specifies the requirements for systems which are intended to be |
| a Unix system. |
| |
| @Theglibc{} complies to the X/Open Portability Guide, Issue 4.2, |
| with all extensions common to XSI (X/Open System Interface) |
| compliant systems and also all X/Open UNIX extensions. |
| |
| The additions on top of POSIX are mainly derived from functionality |
| available in @w{System V} and BSD systems. Some of the really bad |
| mistakes in @w{System V} systems were corrected, though. Since |
| fulfilling the XPG standard with the Unix extensions is a |
| precondition for getting the Unix brand chances are good that the |
| functionality is available on commercial systems. |
| |
| |
| @node Using the Library, Roadmap to the Manual, Standards and Portability, Introduction |
| @section Using the Library |
| |
| This section describes some of the practical issues involved in using |
| @theglibc{}. |
| |
| @menu |
| * Header Files:: How to include the header files in your |
| programs. |
| * Macro Definitions:: Some functions in the library may really |
| be implemented as macros. |
| * Reserved Names:: The C standard reserves some names for |
| the library, and some for users. |
| * Feature Test Macros:: How to control what names are defined. |
| @end menu |
| |
| @node Header Files, Macro Definitions, , Using the Library |
| @subsection Header Files |
| @cindex header files |
| |
| Libraries for use by C programs really consist of two parts: @dfn{header |
| files} that define types and macros and declare variables and |
| functions; and the actual library or @dfn{archive} that contains the |
| definitions of the variables and functions. |
| |
| (Recall that in C, a @dfn{declaration} merely provides information that |
| a function or variable exists and gives its type. For a function |
| declaration, information about the types of its arguments might be |
| provided as well. The purpose of declarations is to allow the compiler |
| to correctly process references to the declared variables and functions. |
| A @dfn{definition}, on the other hand, actually allocates storage for a |
| variable or says what a function does.) |
| @cindex definition (compared to declaration) |
| @cindex declaration (compared to definition) |
| |
| In order to use the facilities in @theglibc{}, you should be sure |
| that your program source files include the appropriate header files. |
| This is so that the compiler has declarations of these facilities |
| available and can correctly process references to them. Once your |
| program has been compiled, the linker resolves these references to |
| the actual definitions provided in the archive file. |
| |
| Header files are included into a program source file by the |
| @samp{#include} preprocessor directive. The C language supports two |
| forms of this directive; the first, |
| |
| @smallexample |
| #include "@var{header}" |
| @end smallexample |
| |
| @noindent |
| is typically used to include a header file @var{header} that you write |
| yourself; this would contain definitions and declarations describing the |
| interfaces between the different parts of your particular application. |
| By contrast, |
| |
| @smallexample |
| #include <file.h> |
| @end smallexample |
| |
| @noindent |
| is typically used to include a header file @file{file.h} that contains |
| definitions and declarations for a standard library. This file would |
| normally be installed in a standard place by your system administrator. |
| You should use this second form for the C library header files. |
| |
| Typically, @samp{#include} directives are placed at the top of the C |
| source file, before any other code. If you begin your source files with |
| some comments explaining what the code in the file does (a good idea), |
| put the @samp{#include} directives immediately afterwards, following the |
| feature test macro definition (@pxref{Feature Test Macros}). |
| |
| For more information about the use of header files and @samp{#include} |
| directives, @pxref{Header Files,,, cpp.info, The GNU C Preprocessor |
| Manual}.@refill |
| |
| @Theglibc{} provides several header files, each of which contains |
| the type and macro definitions and variable and function declarations |
| for a group of related facilities. This means that your programs may |
| need to include several header files, depending on exactly which |
| facilities you are using. |
| |
| Some library header files include other library header files |
| automatically. However, as a matter of programming style, you should |
| not rely on this; it is better to explicitly include all the header |
| files required for the library facilities you are using. The @glibcadj{} |
| header files have been written in such a way that it doesn't |
| matter if a header file is accidentally included more than once; |
| including a header file a second time has no effect. Likewise, if your |
| program needs to include multiple header files, the order in which they |
| are included doesn't matter. |
| |
| @strong{Compatibility Note:} Inclusion of standard header files in any |
| order and any number of times works in any @w{ISO C} implementation. |
| However, this has traditionally not been the case in many older C |
| implementations. |
| |
| Strictly speaking, you don't @emph{have to} include a header file to use |
| a function it declares; you could declare the function explicitly |
| yourself, according to the specifications in this manual. But it is |
| usually better to include the header file because it may define types |
| and macros that are not otherwise available and because it may define |
| more efficient macro replacements for some functions. It is also a sure |
| way to have the correct declaration. |
| |
| @node Macro Definitions, Reserved Names, Header Files, Using the Library |
| @subsection Macro Definitions of Functions |
| @cindex shadowing functions with macros |
| @cindex removing macros that shadow functions |
| @cindex undefining macros that shadow functions |
| |
| If we describe something as a function in this manual, it may have a |
| macro definition as well. This normally has no effect on how your |
| program runs---the macro definition does the same thing as the function |
| would. In particular, macro equivalents for library functions evaluate |
| arguments exactly once, in the same way that a function call would. The |
| main reason for these macro definitions is that sometimes they can |
| produce an inline expansion that is considerably faster than an actual |
| function call. |
| |
| Taking the address of a library function works even if it is also |
| defined as a macro. This is because, in this context, the name of the |
| function isn't followed by the left parenthesis that is syntactically |
| necessary to recognize a macro call. |
| |
| You might occasionally want to avoid using the macro definition of a |
| function---perhaps to make your program easier to debug. There are |
| two ways you can do this: |
| |
| @itemize @bullet |
| @item |
| You can avoid a macro definition in a specific use by enclosing the name |
| of the function in parentheses. This works because the name of the |
| function doesn't appear in a syntactic context where it is recognizable |
| as a macro call. |
| |
| @item |
| You can suppress any macro definition for a whole source file by using |
| the @samp{#undef} preprocessor directive, unless otherwise stated |
| explicitly in the description of that facility. |
| @end itemize |
| |
| For example, suppose the header file @file{stdlib.h} declares a function |
| named @code{abs} with |
| |
| @smallexample |
| extern int abs (int); |
| @end smallexample |
| |
| @noindent |
| and also provides a macro definition for @code{abs}. Then, in: |
| |
| @smallexample |
| #include <stdlib.h> |
| int f (int *i) @{ return abs (++*i); @} |
| @end smallexample |
| |
| @noindent |
| the reference to @code{abs} might refer to either a macro or a function. |
| On the other hand, in each of the following examples the reference is |
| to a function and not a macro. |
| |
| @smallexample |
| #include <stdlib.h> |
| int g (int *i) @{ return (abs) (++*i); @} |
| |
| #undef abs |
| int h (int *i) @{ return abs (++*i); @} |
| @end smallexample |
| |
| Since macro definitions that double for a function behave in |
| exactly the same way as the actual function version, there is usually no |
| need for any of these methods. In fact, removing macro definitions usually |
| just makes your program slower. |
| |
| |
| @node Reserved Names, Feature Test Macros, Macro Definitions, Using the Library |
| @subsection Reserved Names |
| @cindex reserved names |
| @cindex name space |
| |
| The names of all library types, macros, variables and functions that |
| come from the @w{ISO C} standard are reserved unconditionally; your program |
| @strong{may not} redefine these names. All other library names are |
| reserved if your program explicitly includes the header file that |
| defines or declares them. There are several reasons for these |
| restrictions: |
| |
| @itemize @bullet |
| @item |
| Other people reading your code could get very confused if you were using |
| a function named @code{exit} to do something completely different from |
| what the standard @code{exit} function does, for example. Preventing |
| this situation helps to make your programs easier to understand and |
| contributes to modularity and maintainability. |
| |
| @item |
| It avoids the possibility of a user accidentally redefining a library |
| function that is called by other library functions. If redefinition |
| were allowed, those other functions would not work properly. |
| |
| @item |
| It allows the compiler to do whatever special optimizations it pleases |
| on calls to these functions, without the possibility that they may have |
| been redefined by the user. Some library facilities, such as those for |
| dealing with variadic arguments (@pxref{Variadic Functions}) |
| and non-local exits (@pxref{Non-Local Exits}), actually require a |
| considerable amount of cooperation on the part of the C compiler, and |
| with respect to the implementation, it might be easier for the compiler |
| to treat these as built-in parts of the language. |
| @end itemize |
| |
| In addition to the names documented in this manual, reserved names |
| include all external identifiers (global functions and variables) that |
| begin with an underscore (@samp{_}) and all identifiers regardless of |
| use that begin with either two underscores or an underscore followed by |
| a capital letter are reserved names. This is so that the library and |
| header files can define functions, variables, and macros for internal |
| purposes without risk of conflict with names in user programs. |
| |
| Some additional classes of identifier names are reserved for future |
| extensions to the C language or the POSIX.1 environment. While using these |
| names for your own purposes right now might not cause a problem, they do |
| raise the possibility of conflict with future versions of the C |
| or POSIX standards, so you should avoid these names. |
| |
| @itemize @bullet |
| @item |
| Names beginning with a capital @samp{E} followed a digit or uppercase |
| letter may be used for additional error code names. @xref{Error |
| Reporting}. |
| |
| @item |
| Names that begin with either @samp{is} or @samp{to} followed by a |
| lowercase letter may be used for additional character testing and |
| conversion functions. @xref{Character Handling}. |
| |
| @item |
| Names that begin with @samp{LC_} followed by an uppercase letter may be |
| used for additional macros specifying locale attributes. |
| @xref{Locales}. |
| |
| @item |
| Names of all existing mathematics functions (@pxref{Mathematics}) |
| suffixed with @samp{f} or @samp{l} are reserved for corresponding |
| functions that operate on @code{float} and @code{long double} arguments, |
| respectively. |
| |
| @item |
| Names that begin with @samp{SIG} followed by an uppercase letter are |
| reserved for additional signal names. @xref{Standard Signals}. |
| |
| @item |
| Names that begin with @samp{SIG_} followed by an uppercase letter are |
| reserved for additional signal actions. @xref{Basic Signal Handling}. |
| |
| @item |
| Names beginning with @samp{str}, @samp{mem}, or @samp{wcs} followed by a |
| lowercase letter are reserved for additional string and array functions. |
| @xref{String and Array Utilities}. |
| |
| @item |
| Names that end with @samp{_t} are reserved for additional type names. |
| @end itemize |
| |
| In addition, some individual header files reserve names beyond |
| those that they actually define. You only need to worry about these |
| restrictions if your program includes that particular header file. |
| |
| @itemize @bullet |
| @item |
| The header file @file{dirent.h} reserves names prefixed with |
| @samp{d_}. |
| @pindex dirent.h |
| |
| @item |
| The header file @file{fcntl.h} reserves names prefixed with |
| @samp{l_}, @samp{F_}, @samp{O_}, and @samp{S_}. |
| @pindex fcntl.h |
| |
| @item |
| The header file @file{grp.h} reserves names prefixed with @samp{gr_}. |
| @pindex grp.h |
| |
| @item |
| The header file @file{limits.h} reserves names suffixed with @samp{_MAX}. |
| @pindex limits.h |
| |
| @item |
| The header file @file{pwd.h} reserves names prefixed with @samp{pw_}. |
| @pindex pwd.h |
| |
| @item |
| The header file @file{signal.h} reserves names prefixed with @samp{sa_} |
| and @samp{SA_}. |
| @pindex signal.h |
| |
| @item |
| The header file @file{sys/stat.h} reserves names prefixed with @samp{st_} |
| and @samp{S_}. |
| @pindex sys/stat.h |
| |
| @item |
| The header file @file{sys/times.h} reserves names prefixed with @samp{tms_}. |
| @pindex sys/times.h |
| |
| @item |
| The header file @file{termios.h} reserves names prefixed with @samp{c_}, |
| @samp{V}, @samp{I}, @samp{O}, and @samp{TC}; and names prefixed with |
| @samp{B} followed by a digit. |
| @pindex termios.h |
| @end itemize |
| |
| @comment Include the section on Creature Nest Macros. |
| @include creature.texi |
| |
| @node Roadmap to the Manual, , Using the Library, Introduction |
| @section Roadmap to the Manual |
| |
| Here is an overview of the contents of the remaining chapters of |
| this manual. |
| |
| @c The chapter overview ordering is: |
| @c Error Reporting (2) |
| @c Virtual Memory Allocation and Paging (3) |
| @c Character Handling (4) |
| @c Strings and Array Utilities (5) |
| @c Character Set Handling (6) |
| @c Locales and Internationalization (7) |
| @c Searching and Sorting (9) |
| @c Pattern Matching (10) |
| @c Input/Output Overview (11) |
| @c Input/Output on Streams (12) |
| @c Low-level Input/Ooutput (13) |
| @c File System Interface (14) |
| @c Pipes and FIFOs (15) |
| @c Sockets (16) |
| @c Low-Level Terminal Interface (17) |
| @c Syslog (18) |
| @c Mathematics (19) |
| @c Aritmetic Functions (20) |
| @c Date and Time (21) |
| @c Non-Local Exist (23) |
| @c Signal Handling (24) |
| @c The Basic Program/System Interface (25) |
| @c Processes (26) |
| @c Job Control (28) |
| @c System Databases and Name Service Switch (29) |
| @c Users and Groups (30) -- References `User Database' and `Group Database' |
| @c System Management (31) |
| @c System Configuration Parameters (32) |
| @c C Language Facilities in the Library (AA) |
| @c Summary of Library Facilities (AB) |
| @c Installing (AC) |
| @c Library Maintenance (AD) |
| |
| @c The following chapters need overview text to be added: |
| @c Message Translation (8) |
| @c Resource Usage And Limitations (22) |
| @c Inter-Process Communication (27) |
| @c DES Encryption and Password Handling (33) |
| @c Debugging support (34) |
| @c POSIX Threads (35) |
| @c Internal Probes (36) |
| @c Platform-specific facilities (AE) |
| @c Contributors to (AF) |
| @c Free Software Needs Free Documentation (AG) |
| @c GNU Lesser General Public License (AH) |
| @c GNU Free Documentation License (AI) |
| |
| @itemize @bullet |
| @item |
| @ref{Error Reporting}, describes how errors detected by the library |
| are reported. |
| |
| |
| @item |
| @ref{Memory}, describes @theglibc{}'s facilities for managing and |
| using virtual and real memory, including dynamic allocation of virtual |
| memory. If you do not know in advance how much memory your program |
| needs, you can allocate it dynamically instead, and manipulate it via |
| pointers. |
| |
| @item |
| @ref{Character Handling}, contains information about character |
| classification functions (such as @code{isspace}) and functions for |
| performing case conversion. |
| |
| @item |
| @ref{String and Array Utilities}, has descriptions of functions for |
| manipulating strings (null-terminated character arrays) and general |
| byte arrays, including operations such as copying and comparison. |
| |
| @item |
| @ref{Character Set Handling}, contains information about manipulating |
| characters and strings using character sets larger than will fit in |
| the usual @code{char} data type. |
| |
| @item |
| @ref{Locales}, describes how selecting a particular country |
| or language affects the behavior of the library. For example, the locale |
| affects collation sequences for strings and how monetary values are |
| formatted. |
| |
| @item |
| @ref{Searching and Sorting}, contains information about functions |
| for searching and sorting arrays. You can use these functions on any |
| kind of array by providing an appropriate comparison function. |
| |
| @item |
| @ref{Pattern Matching}, presents functions for matching regular expressions |
| and shell file name patterns, and for expanding words as the shell does. |
| |
| @item |
| @ref{I/O Overview}, gives an overall look at the input and output |
| facilities in the library, and contains information about basic concepts |
| such as file names. |
| |
| @item |
| @ref{I/O on Streams}, describes I/O operations involving streams (or |
| @w{@code{FILE *}} objects). These are the normal C library functions |
| from @file{stdio.h}. |
| |
| @item |
| @ref{Low-Level I/O}, contains information about I/O operations |
| on file descriptors. File descriptors are a lower-level mechanism |
| specific to the Unix family of operating systems. |
| |
| @item |
| @ref{File System Interface}, has descriptions of operations on entire |
| files, such as functions for deleting and renaming them and for creating |
| new directories. This chapter also contains information about how you |
| can access the attributes of a file, such as its owner and file protection |
| modes. |
| |
| @item |
| @ref{Pipes and FIFOs}, contains information about simple interprocess |
| communication mechanisms. Pipes allow communication between two related |
| processes (such as between a parent and child), while FIFOs allow |
| communication between processes sharing a common file system on the same |
| machine. |
| |
| @item |
| @ref{Sockets}, describes a more complicated interprocess communication |
| mechanism that allows processes running on different machines to |
| communicate over a network. This chapter also contains information about |
| Internet host addressing and how to use the system network databases. |
| |
| @item |
| @ref{Low-Level Terminal Interface}, describes how you can change the |
| attributes of a terminal device. If you want to disable echo of |
| characters typed by the user, for example, read this chapter. |
| |
| @item |
| @ref{Mathematics}, contains information about the math library |
| functions. These include things like random-number generators and |
| remainder functions on integers as well as the usual trigonometric and |
| exponential functions on floating-point numbers. |
| |
| @item |
| @ref{Arithmetic,, Low-Level Arithmetic Functions}, describes functions |
| for simple arithmetic, analysis of floating-point values, and reading |
| numbers from strings. |
| |
| @item |
| @ref{Date and Time}, describes functions for measuring both calendar time |
| and CPU time, as well as functions for setting alarms and timers. |
| |
| @item |
| @ref{Non-Local Exits}, contains descriptions of the @code{setjmp} and |
| @code{longjmp} functions. These functions provide a facility for |
| @code{goto}-like jumps which can jump from one function to another. |
| |
| @item |
| @ref{Signal Handling}, tells you all about signals---what they are, |
| how to establish a handler that is called when a particular kind of |
| signal is delivered, and how to prevent signals from arriving during |
| critical sections of your program. |
| |
| @item |
| @ref{Program Basics}, tells how your programs can access their |
| command-line arguments and environment variables. |
| |
| @item |
| @ref{Processes}, contains information about how to start new processes |
| and run programs. |
| |
| @item |
| @ref{Job Control}, describes functions for manipulating process groups |
| and the controlling terminal. This material is probably only of |
| interest if you are writing a shell or other program which handles job |
| control specially. |
| |
| @item |
| @ref{Name Service Switch}, describes the services which are available |
| for looking up names in the system databases, how to determine which |
| service is used for which database, and how these services are |
| implemented so that contributors can design their own services. |
| |
| @item |
| @ref{User Database}, and @ref{Group Database}, tell you how to access |
| the system user and group databases. |
| |
| @item |
| @ref{System Management}, describes functions for controlling and getting |
| information about the hardware and software configuration your program |
| is executing under. |
| |
| @item |
| @ref{System Configuration}, tells you how you can get information about |
| various operating system limits. Most of these parameters are provided for |
| compatibility with POSIX. |
| |
| @item |
| @ref{Language Features}, contains information about library support for |
| standard parts of the C language, including things like the @code{sizeof} |
| operator and the symbolic constant @code{NULL}, how to write functions |
| accepting variable numbers of arguments, and constants describing the |
| ranges and other properties of the numerical types. There is also a simple |
| debugging mechanism which allows you to put assertions in your code, and |
| have diagnostic messages printed if the tests fail. |
| |
| @item |
| @ref{Library Summary}, gives a summary of all the functions, variables, and |
| macros in the library, with complete data types and function prototypes, |
| and says what standard or system each is derived from. |
| |
| @item |
| @ref{Installation}, explains how to build and install @theglibc{} on |
| your system, and how to report any bugs you might find. |
| |
| @item |
| @ref{Maintenance}, explains how to add new functions or port the |
| library to a new system. |
| @end itemize |
| |
| If you already know the name of the facility you are interested in, you |
| can look it up in @ref{Library Summary}. This gives you a summary of |
| its syntax and a pointer to where you can find a more detailed |
| description. This appendix is particularly useful if you just want to |
| verify the order and type of arguments to a function, for example. It |
| also tells you what standard or system each function, variable, or macro |
| is derived from. |