I can’t find anything in C11 that forbids the max value of size_t being a lot smaller than my address space? If so, than we could build a system on which malloc(-1) can succeed?
-
-
Replying to @TerminateThread
on a segmented machine where segments are smaller than RAM this will definitely happen (and did, not so long ago...)
2 replies 0 retweets 1 like -
Replying to @johnregehr @TerminateThread
It still seems like it's bad to turn *possible* UB (which won't happen if your memory is full) into incorrect code. I mean, that doesn't even comply with the shitty ANSI standard, does it?
1 reply 0 retweets 1 like -
Replying to @kragen @TerminateThread
well, the question is whether this malloc is allowed to succeed. cases like this are not really addressed in the standard.
3 replies 0 retweets 0 likes -
The optimization, though, assumes it succeeds. Which is clearly bogus, even if malloc could in some cases succeed here.
1 reply 0 retweets 2 likes -
you've got it slightly backwards -- the optimization works because malloc is allowed to succeed (for smaller allocations there isn't much to argue about here)
2 replies 0 retweets 2 likes -
But this invokes UB iff it succeeds? If malloc fails there is no UB reached. The compiler is assuming success, not just permitting it.
1 reply 0 retweets 0 likes -
well, it's a dodgy optimization for sure. not one I'd have put into a compiler I wrote...
1 reply 0 retweets 0 likes -
Replying to @johnregehr @pikhq and
Note that this kind of optimization can break security properties of real legitimate code.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @johnregehr and
For example, saturating multiply then letting malloc fail, assuming mul didn't saturate if malloc succeeded.
2 replies 0 retweets 0 likes
Similarly (better example I think), calling calloc(n,m) and assuming n*m doesn't overflow if calloc succeeded.
-
-
Replying to @RichFelker @johnregehr and
Ah yes that one. We had to put “requires n*m < PTRDIFF_MAX” as pre-condition of calloc when we realized what was going on and that felt stupid. (NB “*” means mathematical multiplication in ACSL specifications)
0 replies 0 retweets 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.