On 2024-10-27 09:51, Bruno Haible wrote:
Paul Eggert wrote:
How about 'alloc-0-nonnull'?
Whatever the module's name is, it should affect malloc too, as there's
little point to adjusting realloc without also adjusting malloc.
A dependency from the new module to 'malloc-gnu' should fit the bill, no?
Yes, for malloc.
Then I would opt for the name 'realloc-0safe', with such a dependency.
I don't want the new module to affect just realloc. I want it to affect
all alloc variants. I don't want to worry whether realloc returns
nonnull but reallocarray, aligned_alloc, etc. do not. They should all be
consistent. Part of the problem with the current glibc situation is that
realloc is inconsistent with malloc and this understandably confuses
people. We should try to avoid similar confusion in the future.
Also from experience I've learned not to call these things "safe", as
they are sharp tools that can cut you no matter what.
For the others, I would say that '*-0safe' variants are not needed, because
the allocation is special and therefore the programmer can be assumed to be
careful there (cf. option (c) in [1]).
I'd rather not make that assumption, as programmers are too error-prone
and it should be easy for us to not make that assumption.
I'll try to squeeze some time free soon to write up a new module to do
this along the lines I'm thinking of. I've already drafted some minor
changes to Autoconf that will help avoid spurious differences between it
and Gnulib in this area.
