The Winter of My Discontent with stdio.h (LLO Archive)
Created 2025-12-13, last modified 2025-12-13. Visibility: public
Part of my archive of Layover Linux Official posts on Tumblr.
2025-11-23
Strings with length metadata are good. Being able to analyze and produce strings with null bytes is good. But if you make this language design decision, you will eventually find yourself scouring the buffered IO APIs in stdio.h for any function that does what you need without treating a null byte like a safeword.
2025-11-23 (by @scheme-official)
Unfortunately, "strings with metadata" implies a degree of boxing that is too slow and inconvenient if you're working low-level.
Fortunately, you can just go lower-level and write your own memory managers.
2025-11-23 (by me again)
There are some C APIs that strike a good balance by accepting a length parameter, which is basically saying "I don't really care how you keep track of length information, just as long as you have it." And not by coincidence, those are the APIs you're usually encouraged to use if you don't want to end up on the CVE registry.
I wouldn't describe the coverage of those safer APIs as complete, there are plenty of functions with no length-indicated doppelganger, and that's fundamentally what I'm bothered about in this context. I'd use 'em if I had 'em! In this particular case though, I was able to read the tempfile character by character (not egregious thanks to buffering), which got me where I needed to go, even though I felt a little silly.
As an aside in the tags:
And of course there's never been a one size fits all definition of “low level. But the core idea of Prone is to be a high level language that compiles to fast low-level code, and how fast/low level depends on which features you're still using after a pretty aggressive optimizer works it over. So I am really curious in practice how many fat boxed strings can boil off in that process! That's exactly the kind of question that Prone exists (in a research project sense) to answer.
