From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by sourceware.org (Postfix) with ESMTPS id 9F90C384CBBA for ; Sun, 3 Dec 2023 16:46:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9F90C384CBBA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=kernel.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9F90C384CBBA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=145.40.68.75 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701622007; cv=none; b=mp2c5e4HanuWfcs2zKGg0RM3slCTp2/ooZkKZHLYFOeowX1tEExQQVdhLOF4iFZn/Vi6625nUe5haUFRn/6ge7Y30Nosp/vju4MHkGxAbVHheQtHSvJhdMXEgISu4ZoPjsuW9g9JgISgjdri1W19+YYjmiWno98oHIbhjAlQd6Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701622007; c=relaxed/simple; bh=Vy2VLwwMLUFOQ++owbSA1MLLh8DMTmnyeK2mY0Uu0Xk=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=EgKWZDXfWwqohZhMN7Dv5OURdKrlevx1Snl5SkLHFEYFcwezWLvOflSajMwfClLRO0HeX/lXKnOZ8l2kRyOJsSbmO27/5BtyFhb6dZMTqoWm9vSY/2BxGuwZ8AXw+Tl3KpcKP0G3KCz6SbaOZYUgG66UAn7XUFJ2hvk28z50uwE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 23472B80C2E; Sun, 3 Dec 2023 16:46:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54673C433C8; Sun, 3 Dec 2023 16:46:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701622004; bh=Vy2VLwwMLUFOQ++owbSA1MLLh8DMTmnyeK2mY0Uu0Xk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=S7TwTN1XotUcxlbMzwp0Ddu5cNLZ/+4QD5y8DudYmmbMeneHw3OTm3EVjRPiwONAf 34ny+VeN7Cu9LVtCca+NrCuwCIXgzR8JF/4I2Bi6PXDoSuXrTSppECYXnZ4gHJ22h5 qjzHvtZk4/aV8x8eOUMpzRuM8oVE37LFsMheoq5i2w7y8A0WW+K/vsKvN/JkMovFiS HXk1O119O5d1LR7/XtKKx4RFz9c6KJJVYjU7PMU5Wzm1dnGEBARz9hnPhaUtD2r8dj XLd6yfZ9tN7ntCAhCbJaTfFXv6oQb9md8NJLZAIjDWrhCl408vRTzhGCOH8yNQTpM9 Pn3UC4k6Q0Low== Date: Sun, 3 Dec 2023 17:46:39 +0100 From: Alejandro Colomar To: Amol Surati Cc: libc-help@sourceware.org, gcc-help@gcc.gnu.org, Guillem Jover , libbsd@lists.freedesktop.org Subject: Re: restrictness of strtoi(3bsd) and strtol(3) Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dXUUYYSCd27dItMt" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --dXUUYYSCd27dItMt Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Date: Sun, 3 Dec 2023 17:46:39 +0100 From: Alejandro Colomar To: Amol Surati Cc: libc-help@sourceware.org, gcc-help@gcc.gnu.org, Guillem Jover , libbsd@lists.freedesktop.org Subject: Re: restrictness of strtoi(3bsd) and strtol(3) On Sun, Dec 03, 2023 at 05:33:59PM +0100, Alejandro Colomar wrote: > But yeah, the point is there: the standard's definition of restrict > isn't very good. >=20 > > The historical docs point towards a decision to stamp the prototype with > > restrict under the assumption that (1) the string and the pointer to st= ring > > are in disjoint memory locations, >=20 > This justifies the restrict on endptr. >=20 > > and (2) the implementations would > > use endptr for nothing else other than maintaining a position in the gi= ven > > string. >=20 > This is quite brittle. The restrict on ntpr should cause the compiler > to scream. I'll report a missing warning on bugzilla. Here's a reproducer of the bug: $ cat restrict.c=20 long bogus_strtol(const char *restrict s, char **restrict ep, int base); int main(void) { char buf[3] =3D "foo"; char *p =3D buf; bogus_strtol(p, &p, -42); } long bogus_strtol(const char *restrict s, char **restrict ep, int base) { **ep =3D *s; return base; } $ cc -Wall -Wextra restrict.c -fanalyzer $ clang -Weverything restrict.c $ cc -Wall -Wextra restrict.c -fanalyzer -O3 $ clang -Weverything restrict.c -O3 I was expecting to see something, at least from one of the compilers, or maybe from -fanalyzer, but to my surprise, this bug is completely unnoticed; both in the call and in the definition. It's time to file a bug. --=20 --dXUUYYSCd27dItMt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmVssO8ACgkQnowa+77/ 2zLH7Q//ZsXsZ7G4VlbGrkUVlR5T5MxqwsJdnvlJq3wIW16Qi8YHG7AEw6dt2csA qR7wOF2g0YTjUNqUIVQ0toepEv6jGtHq4jZ2dQfHu4/qGzdDh/1X7AiXw3lB9PH/ xG34wRl0zfJxUS275DTTT3qrd3TavEY+GH320VdJkyLg0TTuMU6aR7+/eVfF0TqV Nxbu/m5cL7o8yP17a4lVvJ6gTQfFDcsv46U4UIiP6Z8nVjtWJynGk5RgMYwghaQW d5EoH7YnWtCp/5hIAqt282aQrP4P9OjYd4V9pnuVKE3g9d7B1NGrzuD2/pvX80nm B3t/CS+Xp/SKdLCrvKGJNHlXmZMTGCdEV5kEsQBGDiAswn8zF1Ni+lzchfvJ97ZY bKC7nYou/c/3MIhMUHZ5lYFzHpMJoPjwRGGaI25w5NCV+9pN2/RhH1dkY6CjcgNn 7+C8I02qVPzvSHnk/cZ0Go3zSK23ZSWYhhIS+HAqdBFqj6mFVUE/pQcWB54u1Pqk Bgwlb5veV7hofmgrf//kc91tD025XSLTgFRnm4IbqrcUMRu5gYDbqFQ3PH2uNPb9 wJhSzOGll3nx/dT01xgybK/CHbVjxEPIUa5Db+Ozq5LMagBI2ygxa+fdn3zLLHa3 c8j7F9whn7HxK9cxhH1eCi2M/TFEMkaNiOxyB2Ns6poBQNRn7MA= =SKPC -----END PGP SIGNATURE----- --dXUUYYSCd27dItMt--