From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) by sourceware.org (Postfix) with ESMTPS id EF65D3858C39 for ; Sun, 3 Dec 2023 10:59:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EF65D3858C39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EF65D3858C39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::229 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701601158; cv=none; b=dp1+fIXAYyLROnjl4h64t5jYRPTnyCC/2sEqvefyAwqJwpr95ooFZ1R3EqDVGqUaL5by+cppR6voBF1MOjgQnfHblam78BRxnrJlANM8RU3x1hov7OkeV1r7FjBfbqKBMge9TYAO3rEV6K52RKwP/NeAvyhE2zDrANZOH1Jm0U4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701601158; c=relaxed/simple; bh=OibAzfqlbdYxkqPe4SU+Au3Hc8Dn0fWnWXuOQm1SdDw=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=CxPm1m8wjL5Dv8QWK4ry7FWuoeTqzwkZccttDBBhxmMfXhuG6fTOUAZCPMfPXiMZ/4GcX6WiYwald4WKRVeXNSc0qyO57PxucmAXmoMJxNc7MkFHNmL4VYzHyCaQdH8B/bbzOaZaK5N4GzsMoIdQxWoltwTZMYfutuUlABmftN8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2c9f62447c2so7441531fa.0 for ; Sun, 03 Dec 2023 02:59:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701601154; x=1702205954; darn=sourceware.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qs/XGcpbvFmohP30Ip0PNjBWSzI6Rs8LJkLaAl5tfnk=; b=fq+q7YFK+LLd+AJIqofQGaUHEiMsg2yQSwtPk+036qwQCXE8fTNtj5T7bzaKJPaRSH ftnJPG+gDBRnTdcWfqlIy4rqeZn5nO66/3/11ZwtZGz/YgT0cs+HPJzGRgsD7CycDH85 GKkTwCE1C+wc0oDHLNKD3UEg513o4R8l6tWgA/25MQt1lr637FjWkIq917bvvJCsAw9j jGU9mgAX/Ta7B//ttYOIfkUSVCE8zlqI/Hr5QPQqRCOfr6gZeMdUljzFiegCgBmQaSQV Ni4lgFqA2BL4zSAtcbMfTGcoP3zrbWoUoRUrb2DPDUKj10DIAKDchMAS2zUaAUea9/Vg RtHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701601154; x=1702205954; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qs/XGcpbvFmohP30Ip0PNjBWSzI6Rs8LJkLaAl5tfnk=; b=lcnVaI8L6L0gNX3FBnLr4PYE3PzfP0h29Y6+3Zl0WCvWot2grBqZqmix+PZQxhfqkM di95doFkohE1GyKakN0DvSdpxl+yGpnzXXj1G2kmt1pxKWovDHmfyCXU1rCudMbIyE4T oAZDa44kxfCR9On4XdE7DcR6+gCTk7YWufT+1sPi2cUBoNfuywKv0MLhA+HgL9Fkj297 av5ooOi5xl42ly3jc/bT9ySF1HD/aZqNve0Or/IBhXYxRxhQC5luvwbzANtTLb3HX+5x fT2IKmwMNNfzIffCVi6w1QkGmqZcUBJb4+Zvjbi90eag2sVM+WYvDLGRP8ap9aJ2OYHA Qk4g== X-Gm-Message-State: AOJu0YyGNPnkOBpmDG3/3uI2EHJlAlYn1z8fmRmseiw4Koue1AagyXz/ Zi633CesPywKOq1ULmUPttiFXHGFbnEoZZhXmlXrAxI/R+9lJA== X-Google-Smtp-Source: AGHT+IGiRT5z6HUkTqjyZk1dESXbqZ0bk8xL+nU7flPnM60i5OREkk3NXfSsR8cKSChASRjjgWhjnpTTjr35hWhpJfE= X-Received: by 2002:a2e:8e99:0:b0:2c9:f60f:7ba9 with SMTP id z25-20020a2e8e99000000b002c9f60f7ba9mr849813ljk.10.1701601153939; Sun, 03 Dec 2023 02:59:13 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Amol Surati Date: Sun, 3 Dec 2023 16:29:07 +0530 Message-ID: Subject: Re: restrictness of strtoi(3bsd) and strtol(3) To: Alejandro Colomar Cc: libc-help@sourceware.org, gcc-help@gcc.gnu.org, Guillem Jover , libbsd@lists.freedesktop.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Sat, 2 Dec 2023 at 18:05, Alejandro Colomar via Gcc-help wrote: > > On Sat, Dec 02, 2023 at 01:29:01PM +0100, Alejandro Colomar wrote: > > On Sat, Dec 02, 2023 at 12:50:28PM +0100, Alejandro Colomar wrote: > > > Hi, > > > > > > I've been implementing my own copy of strto[iu](3bsd), to avoid the > > > complexity of calling strtol(3) et al. In the process, I've noticed > > > that all of these functions use restrict for their parameters. > > > > > > Why do these functions use restrict? While the second parameter is not > > > used for accessing nptr memory (**endptr is not accessed), it can point > > > to the same memory. Here is an example of how these functions can have > > > pointers to the same memory in the two arguments. > > > > > > l = strtol(p, &p, 0); > > > > > > The use of restrict in the prototype of the function could result in > > > compiler warnings, no? Currently, I don't see any warnings, but I > > > suspect the compiler could complain, since the same memory is available > > > to the function via two different arguments (albeit with a different > > > number of references). > > > > > > The use of restrict in the definition of the function doesn't help the > > > optimizer, since it already knows that the second parameter is out-only, > > > so even if it weren't restrict, the only way to access memory is via the > > > first parameter. > > > > In the case of strto[iu](3bsd), I have even more doubts. > > > > Here's libbsd's version of it (omitting unimportant parts): > > > > $ grepc -tfd strtoi . > > ./src/strtoi.c:intmax_t > > strtoi(const char *__restrict nptr, > > char **__restrict endptr, int base, > > intmax_t lo, intmax_t hi, int *rstatus) > > { > > ... > > > > im = strtoimax(nptr, endptr, base); > > > > *rstatus = errno; > > errno = serrno; > > > > if (*rstatus == 0) { > > /* No digits were found */ > > if (nptr == *endptr) > > *rstatus = ECANCELED; > > /* There are further characters after number */ > > else if (**endptr != '\0') > > *rstatus = ENOTSUP; > > } > > > > ... > > > > return im; > > } > > > > Let's say the base is unsupported (e.g., -42), and endptr initially > > points to nptr-1. Imagine this call: > > > > i = strtoimax(p + 1, &p, -42); > > > > ISO C doesn't specify what happens if the base is not between 0 and 36, > > so the behavior is probably undefined in ISO C. > > > > POSIX says it returns 0 and sets errno to EINVAL, but doesn't say what > > happens to endptr. I expect two possible implementations: > > > > - Leave endptr untouched. > > - Set *endptr = nptr. > > > > Let's suppose it leaves endptr untouched (otherwise, it would be > > impossible to portably differentiate an EINVAL due to unsupported base > > from an EINVAL due to no digits in the string). > > > > So, the test (nptr == *endptr) would be false (because p+1 != p), and > > the code would jump into accessing **endptr without having derived > > that pointer from nptr, which is a violation of restrict. > > Oops, it's within an (errno == 0) path, so *endptr is guaranteed to be > derived from nptr here. > > So no bug, but still unclear to me what's the benefit of using restrict, The section "7. Library" at [1] has some information about the 'restrict' keyword. I think the restrict keywords compel the programmer to keep the string (or that portion of the string that strtol actually accesses) and the pointer to a string in non-overlapping memory regions. Calling strtol(p, &p, 0) should be well-defined in such cases. ------------------- [1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n881.pdf -Amol > and also unclear why GCC doesn't warn about it at call site. > > > I made many assumptions here, where the standards are not clear, so I > > may be wrong in some of them. But it looks to me like a bug. > > > > CCing libbsd. > > > > Cheers, > > Alex > > > > -- > > > > > > -- >