On 03/25/2011 09:59 AM, Paul Eggert wrote: > On 03/25/2011 06:53 AM, Eric Blake wrote: >> +/* Change the size of an allocated block of memory P to N bytes, with >> + error checking. This version explicitly rejects non-NULL P >> + combined with N of 0, since the GNU realloc semantics of freeing P >> + and returning NULL interfere with the promise of x*alloc methods >> + never returning NULL. */ > > This doesn't sound right. xrealloc shouldn't reject a > set of arguments that realloc accepts.
Fair enough. But we _still_ need to fix the regression you introduced yesterday. realloc(NULL, 0) is an uncontroversial case to request the same behavior as malloc(0). (The controversy is only over a non-null pointer argument). GNU malloc(0) always allocates a zero-size object, therefore, so does GNU realloc(NULL, 0). But your patch yesterday makes it end up returning NULL instead of a zero-size object. > For example, xmalloc (0) always succeeds, no matter what; > it never invokes xalloc_die (). If the underlying malloc (0) > returns NULL, xmalloc (0) returns NULL. The caller can't dereference > the NULL, but that's OK, as the caller couldn't dereference any > non-NULL returned value either. True enough. But if you are using the gnulib malloc-gnu module, then you are guaranteed that malloc(0) never returns NULL, and therefore that xmalloc(0) never returns NULL. And I have written code that assumes that xmalloc() never returns NULL. > Now, perhaps we should think about changing the semantics, so that > the x*alloc methods always return non-NULL. But does any application > require the changed semantics? If not, I'd be leery about changing > them. Most of my code that uses xmalloc in an assumption where it never fails is malloc-ing non-zero sizes. That is, I rarely use zero-size objects. So off hand, I don't have a good example of code that does xmalloc() where the size argument could be 0, to prove whether the subsequent code depended on a non-NULL result. My personal opinion is that xalloc(0) should guarantee GNU semantics, as should xrealloc(NULL, 0), in returning a zero-size object even if the underlying malloc(0) returns NULL. But looking again at xmalloc.c, I do indeed see that xmalloc(0) will return NULL if malloc(0) has not been replaced by the malloc-gnu module to guarantee a non-NULL result. So you have convinced me that xrealloc(p, 0) may safely return NULL; however, I still think that xrealloc(NULL,0) _must_ return malloc(0) rather than blindly returning NULL. -- Eric Blake [email protected] +1-801-349-2682 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
