On Thu, Aug 4, 2011 at 3:01 PM, Richard Guenther
<richard.guent...@gmail.com> wrote:
> On Thu, Aug 4, 2011 at 2:58 PM, Gabriel Dos Reis
> <g...@integrable-solutions.net> wrote:
>> On Wed, Aug 3, 2011 at 1:14 PM, Jason Merrill <ja...@redhat.com> wrote:
>>> On 08/03/2011 08:46 AM, Richard Guenther wrote:
>>>>
>>>> If that's reasonable then adding the malloc attribute should be, too.
>>>> Finally. Please. Doesn't C++0x maybe "fix" the issue we were
>>>> discussing to death?
>>>
>>> Nope, as far as I can tell nobody raised it with the committee. I have now.
>>>
>>> I think we ought to be able to assume that a program which accesses the
>>> allocated storage other than through the returned pointer has undefined
>>> behavior.
>>
>> Hmm, how do you define "other than the returned pointer"? Do you intend
>> to rule out garbage collectors? Should not access as raw memory (e.g.
>> through
>> char* or void*) be allowed?
>
> No. But "other than the returned pointer" should probably
> "other than through a pointer derived from the returned pointer".
To make the point clearer, consider a C malloc implementation that
sets a global pointer to the last pointer it returned. We "miscompile" then
extern int *last_malloc_result;
int main()
{
int *p = malloc (4);
*p = 0;
*last_malloc_result = 1;
return *p;
}
if malloc is declared with the malloc attribute. Similar issues I can
see happening with C++ - but it's nothing special with C++ but
happens with C as well (given glibc malloc surely exposes interfaces
to get access to its pools behind our back).
Richard.
