chromium / subspace

A concept-centered standard library for C++20, enabling safer and more reliable products and a more modern feel for C++ code.; Also home of Subdoc the code-documentation generator.
https://suslib.cc
Apache License 2.0
89 stars 14 forks source link

sus::fs and sus::path #385

Open danakj opened 1 year ago

danakj commented 1 year ago

Paths in C++ are a mess.

Some pointers on Windows: https://mastodon.gamedev.place/@AshleyGullen/111109299141510319

std has file paths support but does weird things with operators, and unclear how well it handles windows. Maybe we can build on top of it for good compat.

The std filesystem functions work with paths instead of file objects so its extremely vulnerable to TOCTOU vulns/bugs and needs to be replaced with a port of the Rust apis.

danakj commented 1 year ago

https://news.ycombinator.com/item?id=37632232

There is a note that TOCTOU problems in std filesystem actually causes UB internally.

I think some people might be wary of the std::filesystem APIs because the standard allows implementations to completely disregard TOCTOU issues internally, to the point of breaking memory safety [0]:

A file system race is the condition that occurs when multiple threads, processes, or computers interleave access and modification of the same object within a file system. Behavior is undefined if calls to functions provided by subclause [filesystems] introduce a file system race.

It's not just implementation-defined behavior, but full UB! You're utterly at the mercy of your implementation to do something reasonable when it encounters a TOCTOU issue, or, for that matter, any kind of concurrent modification to a file or directory. And C++ has a long history of implementations being unreliable in their behavior when UB is encountered.

[0] https://wg21.link/fs.race.behavior#1