<div dir="ltr">Sorry, forgot to source where I quoted: <a href="http://en.cppreference.com/w/c/memory/free">http://en.cppreference.com/w/c/memory/free</a> p.5<div>Kevin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 11, 2017 at 5:12 PM, Jonathan Roelofs <span dir="ltr"><<a href="mailto:jonathan@codesourcery.com" target="_blank">jonathan@codesourcery.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 4/11/17 6:09 PM, Flamedoge via llvm-dev wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I don't know when this was added on cppreference but<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The behavior is undefined if after |free()| returns, an access is made<br>
</blockquote>
through the pointer |ptr| (unless another allocation function happened<br>
to result in a pointer value equal to |ptr|)<br>
<br>
This seems to suggest that there is no UB... However, I couldn't find<br>
the corresponding line or relevant part on latest C<br>
std, <a href="http://www.open-std.org/jtc1/sc22/WG14/www/docs/n1570.pdf" rel="noreferrer" target="_blank">http://www.open-std.org/jtc1/s<wbr>c22/WG14/www/docs/n1570.pdf</a><br>
</blockquote>
<br></span>
C99 says that p0 has indeterminate value after the free.<br>
<br>
<br>
Jon<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
Regards,<br>
Kevin<br>
<br>
On Tue, Apr 11, 2017 at 4:27 PM, Sanjoy Das<br></span>
<<a href="mailto:sanjoy@playingwithpointers.com" target="_blank">sanjoy@playingwithpointers.co<wbr>m</a> <mailto:<a href="mailto:sanjoy@playingwithpointers.com" target="_blank">sanjoy@playingwithpoin<wbr>ters.com</a>>><span class=""><br>
wrote:<br>
<br>
Hi Kevin,<br>
<br>
On April 11, 2017 at 4:14:14 PM, Flamedoge (<a href="mailto:code.kchoi@gmail.com" target="_blank">code.kchoi@gmail.com</a><br></span><span class="">
<mailto:<a href="mailto:code.kchoi@gmail.com" target="_blank">code.kchoi@gmail.com</a>>) wrote:<br>
> So only "non-freed" malloc pointers are No-Alias which makes it<br>
> flow-sensitive. There is no reason why malloc couldn't return previously<br>
> freed location.<br>
<br>
Yes.<br>
<br>
Talking to Nick Lewycky on IRC, I figured out a shorter way of saying<br>
what I wanted to say. We know that programs like this are UB in C:<br>
<br>
p0 = malloc();<br>
free(p0);<br>
p1 = malloc();<br>
if (p0 == p1) {<br>
int v = *p0; // Semantically free'ed but bitwise equal to an<br>
allocated value<br>
}<br>
<br>
and we relied on them having UB when marking malloc's return value<br>
as noalias.<br>
<br>
However, we can end up in cases like the above by applying<br>
loop-unswitch + GVN to well defined C programs.<br>
<br>
-- Sanjoy<br>
<br>
<br>
<br>
<br></span><span class="">
______________________________<wbr>_________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-dev</a><br>
<br>
</span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
-- <br>
Jon Roelofs<br>
<a href="mailto:jonathan@codesourcery.com" target="_blank">jonathan@codesourcery.com</a><br>
CodeSourcery / Mentor Embedded / Siemens<br>
</font></span></blockquote></div><br></div>