Re: [PATCH v3 1/1] man/man3/aligned_alloc.3: HISTORY: Document bogus specification from C11

Wed, 17 Dec 2025 12:43:06 -0800 

Hi Eugene,

On Wed, Dec 17, 2025 at 06:05:53PM +0100, Alejandro Colomar wrote:
> Let's see if I'm following:
> 
> C11 (or at least, the draft that I know of, which is n1570) has two
> cases of UB for aligned_alloc(3):
> 
> -  size is not multiple of alignment
> -  alignment is unsupported (often, this means not a power of two)
> 
> <https://port70.net/~nsz/c/c11/n1570.html#7.22.3.1p2>
> 
> DR460 (2014) reported both cases of UB, and fixed them with a TC.
> 
> <https://www.open-std.org/jtc1/sc22/wg14/www/docs/summary.htm#dr_460>
> 
> N2072 (2016) reported that the restriction that the size is not a
> multiple of alignment is superfluous, and fixed it with a TC.
> 
> <https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2072.htm>
> 
> C17 (or at least, the draft that I know of, which is n2176) is the first
> standard that incorporates both DR460 and N2076.
> 
> While C17 is a different standard, it is actually a bugfix release, and
> both DR460 and N2072 are meant to retroactively affect C11, so all
> conforming implementations of C11 should in fact be conforming to C17
> and not C11.  However, OpenBSD conforms to C11+DR460, but not C17.
> From what you said, FreeBSD seems to conform to C17, but it claims to
> conform to C11.
> 
> Please correct me if I'm wrong.

I've written the following draft for the next revision of this patch.
This time, I've included all of this information in the manual page.

        HISTORY
             glibc 2.16.  C11, POSIX.1‐2024.

           C11
             In C11, the specification of this function had several is‐
             sues.

             •  size had to be a multiple of alignment.  Otherwise, the
                behavior was undefined.

                Some implementations still implement that  restriction,
                or claim to have it.

                OpenBSD
                       The  function  reports an error if this restric‐
                       tion is violated.

                FreeBSD
                jemalloc
                       The documentation claims to have  this  restric‐
                       tion,  but the implementation works correctly if
                       it is violated.

             •  If alignment was not a power of two, the  behavior  was
                undefined.

             No  known implementations ever exploited these cases of UB
             in a dangerous way.  They were only theoretical UB.   Pro‐
             grammers should expect unnecessary failures in some imple‐
             mentations, but nothing worrying.

             In 2014, DR460 transformed both cases of UB into failures.

             Later,  in  2016,  N2072 removed the restriction that size
             had to be multiple of alignment.

             The following revision of the standard, C17,  incorporated
             both of these changes, resulting in the current specifica‐
             tion.

Does this sound good?


Cheers,
Alex

-- 
<https://www.alejandro-colomar.es>

Attachment: signature.asc
Description: PGP signature

Reply via email to