From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.4 required=3.0 tests=AWL,BAYES_00,BODY_8BITS, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id C151B1F4B4 for ; Mon, 4 Jan 2021 15:56:07 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E7C82388C025; Mon, 4 Jan 2021 15:56:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E7C82388C025 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1609775767; bh=JmFOW/Dsq4X1VP2MPd7Et9oARtOitEwzJPlMOefNrrA=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=y505iuwclnwCb/PbUxMPHZKFhK3jc/VQjyLZrX7nUUOvRikn5psyd9uKJ+9BF20XB ap7CJRpCVG8AlcdfXhdnQFbINh6ggKYqkNgAafso4P7UKKcBB8ECg2yxh/k5GFudrg W3Z37SSx64gVBg3XOYPj1aFKMAthyibRKzp4euB4= Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) by sourceware.org (Postfix) with ESMTPS id 4240C388C025 for ; Mon, 4 Jan 2021 15:56:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4240C388C025 Received: by mail-ot1-x32a.google.com with SMTP id j20so26431376otq.5 for ; Mon, 04 Jan 2021 07:56:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=JmFOW/Dsq4X1VP2MPd7Et9oARtOitEwzJPlMOefNrrA=; b=UFIJOzprCv45L7gwjUawfgxbw3iwBut2eYQxYGTqP2nt9X6IGIe9TvpGbtABatQKja kXnr28EUhBsZFESqpLekJHHPKV1aFlHkV1phtW9xJBgzhOC8t9AHL+VExaKgyI2GxKYz 2gM3yCd7SR91wxXcDSzX3lRcKEItcQD3L177LHUaY4lyq6N22c0s6fcvkqA2k4uQCAyQ 7BFv46YEfPTFkpwKkUiDhvASXs1FwHny1/hDLh0Y4I+XpHxpi2NGnnp9Q11DF93us4LR rGElmtpbErPFeKe5B4QjjAQdXjVGL+o91BJ32Jt5x4gVbw9zG3lvagHOOGy56YHVSMKw PAMA== X-Gm-Message-State: AOAM533DmTkyMna/Lg7aSmbvz9QpOc+7cykUt8fYFSGt4E0oUOLbjxfW cCCqsyPwIXXtnz9XqvTQW3YjW1Qgqrc= X-Google-Smtp-Source: ABdhPJzG6+WYb4kGaoOLHRU8ZTrUcS+bAGT94pl39yI915hpaGCy2Xevvx7Q540jo0mFmto7NS/r3A== X-Received: by 2002:a9d:4c8d:: with SMTP id m13mr52415565otf.229.1609775762550; Mon, 04 Jan 2021 07:56:02 -0800 (PST) Received: from [192.168.0.41] (75-166-96-128.hlrn.qwest.net. [75.166.96.128]) by smtp.gmail.com with ESMTPSA id l73sm11328851ooc.43.2021.01.04.07.56.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Jan 2021 07:56:02 -0800 (PST) Subject: Ping: [PATCH] add support for -Wmismatched-dealloc To: Joseph Myers References: <74efece7-9a4b-83ee-7fdd-475c0d514378@gmail.com> <758e723b-67cf-a211-7bc2-2ccd3fc744e5@gmail.com> <2555516b-4583-21fc-e844-fd44619488cd@gmail.com> <655918b2-16c6-74b1-6a49-505a7607007f@gmail.com> Message-ID: <572110cb-70f7-fd85-bdea-b95eec05e9b8@gmail.com> Date: Mon, 4 Jan 2021 08:56:01 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <655918b2-16c6-74b1-6a49-505a7607007f@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Martin Sebor via Libc-alpha Reply-To: Martin Sebor Cc: Florian Weimer , GNU C Library Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Florian/Joseph and/or others: is the latest patch okay to commit? https://sourceware.org/pipermail/libc-alpha/2020-December/121121.html On 12/27/20 4:13 PM, Martin Sebor wrote: > More testing made me realize that further changes are needed: > 1) correct the return value of the __fclose() alias to int, > 2) declare and use the same alias for fclose in both >    and . > > In addition, I noticed a few more opportunities to use the new > attribute: >  *  in include/programs/xmalloc.h, >  *  in malloc/malloc.h, >  *  and in wcsdup in . > > I also simplified the new macro definitions a bit, and added > a new test to verify that the warning doesn't cause false > positives for open_wmemstream. > > Attached is a patch with these updates. > > On 12/15/20 9:52 AM, Martin Sebor wrote: >> On 12/14/20 6:01 PM, Joseph Myers wrote: >>> On Mon, 14 Dec 2020, Martin Sebor via Libc-alpha wrote: >>> >>>>> I spent some time working around this but in the end it turned out >>>>> to be too convoluted so I decided to make the attribute a little >>>>> smarter.  Instead of associating all allocation functions with all >>>>> deallocation functions (such as fdopen, fopen, fopen64, etc. with >>>>> fclose, freopen, and freopen64) I changed it so that an allocator >>>>> only needs to be associated with a single deallocator (a reallocator >>>>> also needs to be associated with itself).  That makes things quite >>>>> a bit simpler. >>> [...] >>>> The GCC patches have now been committed and the dependency resolved. >>> >>> I've looked at the attribute documentation now in GCC, but I'm afraid >>> I'm >>> unable to understand from that documentation why the proposed glibc >>> patch >>> constitutes a valid way of specifying that, for example, it's valid >>> to use >>> freopen as a deallocator for FILE pointers opened by functions whose >>> attribute only mentions fclose.  Unless there's something I'm missing in >>> the documentation or a separate documentation patch that's not yet >>> committed, I think more work is needed on the GCC documentation to make >>> clear the semantics the glibc patch is asserting for valid >>> combinations of >>> allocators and deallocators, so that those semantics can be reviewed for >>> correctness. >> >> I flip-flopped with freopen.  Initially I wanted to mark it up as >> both an allocator and a deallocator, analogously to realloc (which >> is implicitly both) or reallocarray (which is annotated as both in >> the latest Glibc patch).  Both the initial Glibc and GCC patches >> (the manual for the latter) reflected this and had freopen annotated >> that way. >> >> But because freopen doesn't actually deallocate or allocate a stream >> the markup wouldn't be correct.  It would cause false positives with >> -Wmismatched-dealloc as well with other warnings like the future >> -Wuse-after-free (or with -Wanalyzer-use-after-free when the GCC >> analyzer adds support for the attribute that David Malcolm is >> working on for GCC 11).  I've added a test case to the test suite: >> >>    void f (FILE *f1) >>    { >>      FILE *f2 = freopen ("", "", f1); >>      fclose (f1);   // must not warn >>    } >> >> To answer your question, without the attribute freopen is seen by >> GCC as an ordinary function that happens to take a FILE* and return >> another FILE*.  It neither allocates it nor deallocates it.  For >> GCC 12, I'd like us to consider adding attribute returns_arg(position) >> to improve the analysis here.  The GCC manual also doesn't mention >> freopen anymore but I'd be happy to change the example there to >> show an API that does include a reallocator (e.g., reallocarray). >> >> Having said all this, after double-checking the latest Glibc patch >> I see it still has the attribute on freopen by mistake (as well as >> the ordinary attribute malloc, which would make it even worse). >> I've removed both in the attached revision.  Sorry if this confused >> you -- freopen obviously confused me. >> >> Martin >