From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=RgY7=C5=owlfolio.org=zack@sourceware.org>
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26])
	by sourceware.org (Postfix) with ESMTPS id 840463858D1E
	for <libc-alpha@sourceware.org>; Tue, 11 Jul 2023 19:13:12 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 840463858D1E
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=owlfolio.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=owlfolio.org
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailout.nyi.internal (Postfix) with ESMTP id 868DD5C00B1;
	Tue, 11 Jul 2023 15:13:10 -0400 (EDT)
Received: from imap42 ([10.202.2.92])
  by compute1.internal (MEProxy); Tue, 11 Jul 2023 15:13:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=owlfolio.org; h=
	cc:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm1; t=
	1689102790; x=1689189190; bh=q5G61fiwbx4C9RPmzUuhuYb+10NMIN7pfEv
	4Vs4Kqc0=; b=phZQGWRAzwyj9nGml8DE7bcDdv/vgT/2mE1chOBEh15kbXRZ5+w
	wPY0xLCTLUtouMmBfMAQpjKHDUImL/tXmPE3TA2s3tfP5uufOLQkTbBNT7t0brvi
	cfre739XMRzLr6M0+wcVdr1vnZB2iGF7s9/POmHLhv4pnqOWmibS2NFa5RRn0KLe
	cczK0BZtQu1XfNu8EV20cxEM9H4h6MjDZg9i46E4riIjl0fBKGFRuUntQUWbt9OP
	XeBXtbjqRhvtLNnIqjFWu6K57EurR2qgLOM0z0qGSJF3c/yI3DlX9fALD3iHrQtu
	ImLwJOVUDVXD1RpahQOVoK9OTSilhljiGgQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=
	1689102790; x=1689189190; bh=q5G61fiwbx4C9RPmzUuhuYb+10NMIN7pfEv
	4Vs4Kqc0=; b=dfIHAEY/sT+Rg5B0y3oc+log84ippVe3sT8YdJkF9bEPWsWOjb1
	2TNDQyvVnd/gO20HEh0nk99Q/YQuQaYDC7WjfibjRoBF88IAlKroswrDJWvUA9jh
	bB1bl+Qrfi/ReJIDrTRGcTrhanayPKYTGqzmqMqj6OJzPHuXbMxrr1vnBKcZs/Dc
	ICCccpwHXdAnFoG6LpS8b4jSI5Ccfqc1hrVsAk1SfxIXJ3ai49oaMWw9FGvXJETS
	eZ9hxNgQIrfUfQfZ3kXekCAgxsUDxNq6UjuArqWunoh4Q2aDqhfIMQTrtqXm+b7n
	il82+ZB98nc4w+2ebPZ0kfzDqsfiRS1Sr8A==
X-ME-Sender: <xms:xqmtZMoY31dxWgvNB5usvaDluf8ssEQL8HwB1Ty2mvyczrYvgjXdhw>
    <xme:xqmtZComcShzlHktcuUFp5PYwO9r_O-E14R2iYxkso6fk5NIJ2_tokhhHI7infVTS
    emYorjk1Nl_Be958dw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfedtgddufeehucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepofgfggfkjghffffhvfevufgtgfesthhqredtreerjeenucfhrhhomhepfdgk
    rggtkhcuhggvihhnsggvrhhgfdcuoeiirggtkhesohiflhhfohhlihhordhorhhgqeenuc
    ggtffrrghtthgvrhhnpeduueeigeehffekiefhtdehiedvueffteevtefhudfguedtueei
    tdetgfetieeiieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh
    hrohhmpeiirggtkhesohiflhhfohhlihhordhorhhg
X-ME-Proxy: <xmx:xqmtZBNUj3KzkGrGYlsb_Mff-gyYVBzmP_IPLcxhadEZVyndpS1jaw>
    <xmx:xqmtZD5K98xNFYR4cooI1zm6_-igznMkdThbBoTQCva_ZaLhMzagvg>
    <xmx:xqmtZL4UauO2SA6GkabQ-5OI_Q4hbiuJi_IPffSkryQ9U8m-JIAlMA>
    <xmx:xqmtZItEzLTxpdGhSXZjBF5VLskQ-DAGa0ETnxzxxTRGfmtMmDQRrg>
Feedback-ID: i876146a2:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 024B9BC007E; Tue, 11 Jul 2023 15:13:10 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-531-gfdfa13a06d-fm-20230703.001-gfdfa13a0
Mime-Version: 1.0
Message-Id: <e2e3e462-760c-43d0-a345-3cd7e5f0b3c1@app.fastmail.com>
In-Reply-To: <0a832d2f597a363e55aa69281dcbab200ade3bc1.camel@xry111.site>
References: <20230710161300.1678172-1-xry111@xry111.site>
 <a3a0c195-1149-461b-807e-46eaa3d68fcc@app.fastmail.com>
 <ed86d013-1df5-2880-3e39-0caf8f49a999@gotplt.org>
 <60947356-1710-4658-9169-9535505befd4@app.fastmail.com>
 <5d050e86-4c98-de22-5ef0-4cc9ead273d7@gotplt.org>
 <de4b1987522a3f9e1e2eecc0aae47960e55cc203.camel@xry111.site>
 <18affbe3-00c1-1cb1-6860-f7c78585f52b@gotplt.org>
 <e4674b4946decca0e6fe96876a8022b35ba9fc0f.camel@xry111.site>
 <25b31a74-5f06-1cce-dca5-ae84666c92b7@gmail.com>
 <f73bdacd-58f7-4d4c-9cee-614bc55f6193@app.fastmail.com>
 <2b0a78ff42fb00b92cf7a2d940dfeb141b0dfcfe.camel@xry111.site>
 <7ae4346f-f803-4d0f-8317-04a6d2ea2116@app.fastmail.com>
 <0a832d2f597a363e55aa69281dcbab200ade3bc1.camel@xry111.site>
Date: Tue, 11 Jul 2023 15:12:49 -0400
From: "Zack Weinberg" <zack@owlfolio.org>
To: "Xi Ruoyao" <xry111@xry111.site>, "Jeff Law" <jeffreyalaw@gmail.com>,
 "Siddhesh Poyarekar" <siddhesh@gotplt.org>,
 "GNU libc development" <libc-alpha@sourceware.org>
Cc: "Adhemerval Zanella" <adhemerval.zanella@linaro.org>,
 "Carlos O'Donell" <carlos@redhat.com>,
 "'Alejandro Colomar (man-pages)'" <alx.manpages@gmail.com>,
 "Andreas Schwab" <schwab@suse.de>, "David Malcolm" <dmalcolm@redhat.com>
Subject: Re: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in
 stdio.h
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On Mon, Jul 10, 2023, at 5:33 PM, Xi Ruoyao via Libc-alpha wrote:
> On Mon, 2023-07-10 at 17:22 -0400, Zack Weinberg wrote:
>> I don't like that we have __nonnull at all. But adding it to stdio.h
>> functions in particular is especially dangerous because of how widely
>> used they are. I would say the same thing if you=C2=A0 were adding it=
 to
>> string.h or stdlib.h.
>
> They *are* already in string.h and stdlib.h.

I've realized that yesterday I was trying to say two different things at
the same time and I probably confused all of you.  My apologies.  Let me
attempt to clarify:

I raised an objection to Xi's patches (adding non-null annotations to
stdio.h in particular) specifically because of the timing.  Having
thought about it some more, I'm fine with having those annotations, but
I think it is unwise to *add* them to such a widely-used, standardized
header right before a release freeze.  Instead, I'd like to see Xi's
patches land on trunk almost immediately after the 2.38 release branch
is created, so that we have the maximum amount of time to find any
problems before 2.39.

Independent of that, I have some concerns about C compilers, *in
general*, drawing inferences about what the program may or may not do,
based on the presence of a construct with runtime undefined behavior on
particular control flow paths.  I brought these up to explain why I
think Xi's patches are too risky for this stage of the glibc development
cycle, but I wasn't intending to suggest that glibc needed to take
existing non-null annotations out of its headers.  (I did say "I don't
like that we have __nonnull at all" but, given that we *do* have it, we
ought to have heard about it by now if the existing uses were causing
problems.)  I also wasn't trying to start an argument about those
inferences, and perhaps that conversation should move to one of GCC's
mailing lists.

zw