Hacker News new | ask | show | jobs
by astrange 530 days ago
C doesn't have "alias analysis" in the standard. It has an (informally specified) memory model which has "memory objects" which have a single type, which means treating them as a different type is undefined behavior.

This enables security analysis like valgrind/ASan and secure hardware like MTE/CHERI so it's very important and you can't get rid of it.

However, it's not possible to implement malloc() in C because malloc() is defined as returning new "memory objects" and there is no C operation which creates "memory objects" except malloc() itself. So it only works as long as you can't see into the implementation, or if the compiler gives you special forgiveness somehow.

C++ has such an operation called "placement new", so you want something like that.
1 comments
kevin_thibedeau 530 days ago
You can definitely implement malloc in C. It does nothing special in its most basic form but cough up void pointers into its own arena.

It gets complicated when you have virtual memory and an OS involved but even then you can override the system malloc with a simple implementation that allocates from a large static array.

link
astrange 529 days ago
No, returning parts of an array does not implement malloc as described in the standard. That's not a new memory object, it's a part of an existing one.
link
kevin_thibedeau 529 days ago
The standard is written to accommodate obsolete tagged memory architectures that require special support. They aren't relevant today and data pointers are fungible regardless of where they originate.
link
astrange 529 days ago
> data pointers are fungible regardless of where they originate.

This was never true because of something called provenance: https://www.ralfj.de/blog/2020/12/14/provenance.html. Though it usually doesn't matter and I think it annoys anyone who finds out about it.

But in practice it's not always true on Apple A12 or later because they support PAC (so pointers of different type to the same address can be not equal bit-wise) and is even less true on very latest Android because it supports the really big gun MTE. And MTE is great; you don't want to miss out on it. No explainer here because there's no Wikipedia article for it(!).

Also becomes not true on any system if you use -fbounds-safety or some of the sanitizers.

link
kragen 529 days ago
Morello is.
link