Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <24847552-e2ff-4cd7-ae12-f167f6fd822b@cs.ucla.edu>
Date: Sun, 9 Nov 2025 07:31:37 -0800
From: Paul Eggert <eggert@...ucla.edu>
To: Alejandro Colomar <alx@...nel.org>
Cc: libc-alpha@...rceware.org, musl@...ts.openwall.com,
 "A. Wilcox" <AWilcox@...cox-tech.com>,
 Lénárd Szolnoki <cpp@...ardszolnoki.com>,
 Collin Funk <collin.funk1@...il.com>,
 Arthur O'Dwyer <arthur.j.odwyer@...il.com>,
 Jonathan Wakely <jwakely@...hat.com>, "Paul E. McKenney"
 <paulmck@...nel.org>, Thiago Macieira <thiago@...ieira.org>
Subject: Re: Re: realloci(): A realloc() variant that works in-place

On 2025-11-09 03:37, Alejandro Colomar wrote:
>>> That would make sanitizers and static analyzers unable to verify lots of
>>> code
>> No, just the opposite. Currently sanitizers etc. spend useless work checking
>> for C23 rules that don't correspond to any hardware or correctness needs;
>> they're simply rules imposed by the C committee. This checking is
>> counterproductive to real-world software development.
> I'm worried that it might decrease the ability of static analyzers to
> detect memory leaks.  Currently, a static analyzer (such as GCC's
> -fanalyzer) can see calls to [[gnu::malloc(realloc, 1)]] functions and
> assume that realloc(3) free's them.  If realloc(3) would only free(3)
> conditionally, then you couldn't apply that attribute, which would make
> analysis more difficult.

Again, this is backwards. If the spec for P=realloc(Q,R) is changed so 
that it's valid to check P==Q afterwards (which it is on every practical 
production platform), then static analyzers can and should be changed 
accordingly. The P==Q situation will not count as a memory leak, and 
other situations will still count. This will be an improvement over the 
current situation, where static analyzers issue false alarms about such 
code.

Static analyzers should be our servants, not our masters.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.