Page MenuHomeFreeBSD

Use of nullability attributes in string functions.
AbandonedPublic

Authored by pfg on Mar 16 2017, 6:46 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 20 2023, 7:10 AM
Unknown Object (File)
Aug 25 2023, 8:31 PM
Unknown Object (File)
May 18 2023, 4:41 PM
Unknown Object (File)
Jan 3 2023, 11:40 AM
Unknown Object (File)
Mar 23 2017, 5:53 AM
Unknown Object (File)
Mar 16 2017, 7:45 PM
Subscribers

Details

Summary

We have avoided using the GCC nonnull attributes that glibc uses
extensively because they would cause undesirable (and dangerous)
optimizations. The clang attributes are much more benign and basically
only have effect for the static analyzer (recently also ubsan).

These are based on the bionic libc.

Test Plan

Passes tinderbox build.

Diff Detail

Event Timeline

include/string.h
40

This is only needed if the header is only being annotated partially, right? Considering that you're already annotating almost all of the functions there, would it make sense not to add this, but annotate the header entirely?

include/string.h
40

Hmm ...

We would have to annotate ´swab(3)´, ´timingsafe_bcmp(3)´, and ´timingsafe_memcmp(3)´. Not a bad idea but I would prefer to annotate only what Android is annotating first.

At a glance this seems fine. Is it stalled for review or abandoned?

At a glance this seems fine. Is it stalled for review or abandoned?

Well, Android did this to better mimic linux/glibc. On FreeBSD this is perhaps less exciting and no one approved it so I lost interest.
I wouldn't object if you feel like committing it ;).

There is little interest on this.