This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: malloc attributes and realloc



On Jan 2, 2004, at 11:30 AM, Joseph S. Myers wrote:


On Fri, 2 Jan 2004, Ian Lance Taylor wrote:

Although I initially believed otherwise, I now think that it is
possible to write a reasonable program which may be miscompiled if gcc
thinks that realloc has the malloc attribute.  Whether such a program
actually exists in practice, I don't know.  Whether such a program
strictly conforms to the C standard, I don't know.

Should we really consider such a program more reasonable than the sort of
program accessing freed memory, which certainly exists in practice?
glibc has had the attribute on realloc for four years (stdlib/stdlib.h
version 1.80), plenty of time for any miscompilation problems with such
code to show up.

glibc has never been compiled, AFAIK, with any compiler that performs points-to analysis, only compilers that perform type based analysis, in particular, regular gcc.
Points-to analysis is what would use this type of optimization (IE assuming that attribute malloc functions return different pointers).


Looking at compiler source that i have that implement some form of points-to analysis (which is all of them, including gcc on the tree-ssa-branch), all of them[1] make the same two optimizations (it's probably specified in some paper somewhere):

1. heap allocation functions return pointers that don't point to anything.
2. pointer destroying operations destroy pointers irreversibly.


If #1 does not hold for realloc, it should not be attribute malloc. The fact that it has worked okay so far doesn't mean it will continue to work in the future. If you change the definition of attribute malloc so that #1 doesn't hold for them, it makes it useless for points-to analysis use in determining heap allocation functions. Which may or may not be okay by everyone, i don't know.

I'll note that these compilers seem to look for function names (malloc, calloc, etc) rather than attributes to determine which functions are heap allocation functions.
Possibly because of misuse of attribute malloc, possibly because they don't support attribute malloc, possibly out of laziness. That would require digging around in the parsers to see if they support it.


--Dan


[1] Except gcc. I haven't gotten around to implementing #1 for our points-to analysis that exists in gcc on the tree-ssa-branch.




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]