From: Igmar Palsenberg <igmar@palsenberg.com>
To: musl@lists.openwall.com
Subject: Re: malloc(0) behaviour
Date: Tue, 15 Jan 2013 13:33:07 +0100 [thread overview]
Message-ID: <4FA1FD0D-5C34-4DE0-AF27-1F48BB194005@palsenberg.com> (raw)
In-Reply-To: <20130115110618.GA4468@port70.net>
>> While the above is clear to me, returning a pointer that can't hold anything just seems wrong to me.
>
> i don't think we have too many options here,
> the standards and historical practices has
> various inconsistencies and musl has the least
> broken one
>
> but we can do a theoretical discussion about
> the merits of malloc(0)!=0:
>
> i'm surprised that it "seems wrong" to you,
> you can access the amount of bytes you requested
> through the returned pointer p, evaluating
> p+size is valid, p is suitably aligned for all
> objects and it can be freed.
> these assumptions are broken if malloc(0)==0
That's there to access if size is 0 ? Sure, you can access :
struct foo {
};
which is size 0. I do wonder what that gives me in practice. That is, not counting the fact that :
if (size == 0)
size = 1;
was a common practice in malloc() implementations a while ago.
> if the standard made malloc(0) work in ansi c
> then it would save some branch logic and would
> made the world a safer place
> (because in a fair amount of code that gets
> array length from external source no special
> casing would be needed for length==0)
>
> in rob pike's words "zero is a perfectly fine value"
> http://code.google.com/p/go/issues/detail?id=4142#c2
He does have a point. If I go to the gas station, hang in the fuel dispencer, pull it out again directly afterwards, and telling the guy behind the desk
that I didn't actually got fuel, I'm probably stared at :)
My way of thinking is just different, and both are fine.
>> It's also a matter of promoting bad code : Doing a malloc(0) is simply a bug. People are just to lazy to check return values,
>> and this makes the loop 3 lines shorter.
>
> malloc(0) is implementation-defined with
> two different conforming implementations
>
> but either one you choose in practice a lot
> of code will rely on the choosen behaviour
> incorrectly
>
> returning 0 does not save you from that
>
> returning 0 has the drawback that realloc(0,0)
> will be inconsistent
> (either with the realloc(0,n)===malloc(n) assumption
> or the realloc(p,0) failure reporting when p needs
> to be freed)
Agree. I always handle that case.
>
>> I'll wrap malloc() to include an abort in my case :)
>
> but don't do that in library code that may be
> used in a long running process: allocation failures
> should be reported to let the caller handle it
No, just in user code. Libraries shouldn't abort, I agree. In my case, it only aborts in debug mode to aid testing.
Igmar
next prev parent reply other threads:[~2013-01-15 12:33 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-14 17:17 Igmar Palsenberg
2013-01-14 18:05 ` Rich Felker
2013-01-14 22:22 ` Strake
2013-01-14 23:05 ` Rich Felker
2013-01-15 8:32 ` Igmar Palsenberg
2013-01-15 12:53 ` Rob Landley
2013-01-15 22:18 ` Igmar Palsenberg
2013-01-15 8:31 ` Igmar Palsenberg
2013-01-15 11:06 ` Szabolcs Nagy
2013-01-15 12:33 ` Igmar Palsenberg [this message]
2013-01-15 13:48 ` Rich Felker
2013-01-15 22:28 ` Igmar Palsenberg
2013-01-15 23:22 ` Rob
2013-01-16 7:46 ` Igmar Palsenberg
2013-01-15 13:46 ` Rich Felker
2013-01-15 12:52 ` Rob Landley
2013-01-14 23:37 ` Rob Landley
2013-01-15 0:24 ` Rich Felker
2013-01-15 12:17 ` Rob Landley
2013-01-15 9:01 ` Igmar Palsenberg
2013-01-15 12:58 ` Rob Landley
2013-01-15 14:54 ` dladdr() pierre
2013-01-15 18:48 ` dladdr() Rich Felker
2013-01-16 11:00 ` dladdr() pierre
2013-01-16 12:51 ` dladdr() Szabolcs Nagy
2013-01-16 14:24 ` dladdr() musl
2013-01-16 15:20 ` dladdr() pierre
2013-01-16 16:49 ` dladdr() Rich Felker
2013-01-16 17:42 ` dladdr() musl
2013-01-21 2:03 ` dladdr() Rich Felker
2013-01-21 6:58 ` dladdr() pierre
2013-01-21 18:35 ` dladdr() Rich Felker
2013-01-22 6:27 ` dladdr() pierre
2013-01-22 13:07 ` dladdr() Szabolcs Nagy
2013-01-22 13:40 ` dladdr() pierre
2013-01-22 13:51 ` dladdr() Rich Felker
2013-01-22 14:59 ` dladdr() pierre
2013-01-22 16:11 ` dladdr() Szabolcs Nagy
2013-01-22 23:43 ` dladdr() Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FA1FD0D-5C34-4DE0-AF27-1F48BB194005@palsenberg.com \
--to=igmar@palsenberg.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).