efriedma-quic wrote: It's hard for me to analyze this because we don't really have a model for how new/delete/malloc/free create and destroy provenance, in the case where the implementation is visible to the compiler.
Say you have an implementation of new which uses malloc to get an hunk of memory from the OS, divides it up, and returns the pieces. operator delete takes the pointer, and sticks the pointer in a free list. Presumably operator new creates provenance for the pieces, and operator delete destroys it. But what about the provenance of the underlying malloc'ed memory? You could say that the pointer received by operator delete has no provenance, and if we want to perform any access, we need to recreate the malloc's provenance. But that's not the only possible interpretation. I'm a little worried about adding provenance annotations when we haven't nailed this down yet. Especially with -fno-assume-sane-operator-new, since that's the only escape hatch we have at the moment. https://github.com/llvm/llvm-project/pull/198202 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
