Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <zxqlvsofala2hrm3gmu7tr5nwe3njalt7f6bviz5gdhc2kcp6o@6oo2jlyl3hfv>
Date: Mon, 10 Nov 2025 11:07:29 +0100
From: Alejandro Colomar <alx@...nel.org>
To: Paul Eggert <eggert@...ucla.edu>
Cc: Rich Felker <dalias@...c.org>, libc-alpha@...rceware.org, 
	musl@...ts.openwall.com, "A. Wilcox" <AWilcox@...cox-tech.com>, 
	Lénárd Szolnoki <cpp@...ardszolnoki.com>, Collin Funk <collin.funk1@...il.com>, 
	Arthur O'Dwyer <arthur.j.odwyer@...il.com>, Jonathan Wakely <jwakely@...hat.com>, 
	"Paul E. McKenney" <paulmck@...nel.org>, Thiago Macieira <thiago@...ieira.org>
Subject: Re: Re: realloci(): A realloc() variant that works in-place

Hi Paul, Rich,

On Sun, Nov 09, 2025 at 06:47:54PM -0800, Paul Eggert wrote:
> On 2025-11-09 17:20, Rich Felker wrote:
> > The only way the lifetime of P does not end is if realloc returns a
> > null pointer indicating failure.
> 
> Yes, and my point was that Alejandro's summary of the situation (which you
> went along with) got this detail wrong. And once one gets this detail right
> (which static analyzers of course can do), that discredits the idea that
> static analyzers are so dumb that they can't handle conditional results from
> functions like realloc. On the contrary, static analyzers do that sort of
> thing routinely, and they could continue to do so if the standard were
> changed slightly in the direction I proposed.

I agree I was wrong in my wording.  And considering that
[[gnu::malloc(free)]] doesn't imply [[gnu::malloc]], then your proposed
semantics are also easy to express.  I guess this could do it:

	void *eggert_realloc(void *, size_t);
	[[gnu::malloc(eggert_realloc, 1)]] [[gnu::malloc(free)]]
	void *eggert_realloc(void *, size_t);

	void *current_realloc(void *, size_t);
	[[gnu::malloc(current_realloc, 1)]] [[gnu::malloc(free)]]
	[[gnu::malloc]]
	void *current_realloc(void *, size_t);

And since analyzers already need to consider when it fails, I guess
you're right that adding p==q to the logic of the analyzer wouldn't hurt
so much.


Have a lovely day!
Alex

-- 
<https://www.alejandro-colomar.es>
Use port 80 (that is, <...:80/>).

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.