On Wed, 17 May 2017, Martin Sebor wrote:
> > The patch passes bootstrap+test on x86_64 and found a few functions in
> > the source tree (attached func_names.txt) that could be annotated with
> > malloc (I gave a brief look at some of the functions and didn't appear
> > to be false positives but I will recheck thoroughly)
>
> virtual char* libcp1::compiler::find(std::__cxx11::string&) const
>
> The virtual on the list of your candidates gave me pause. Consider
> this completely contrived example:
>
> struct B {
> virtual void* f (unsigned n) {
> return new char [n];
> }
> };
>
> void* foo (B &b, unsigned n)
> {
> return b.f (n);
> }
>
> Based on these definitions alone both functions are candidates
> for attribute malloc.
>
> But suppose foo is called with an object of a type derived from
> B that overrides f() to do something wacky (but strictly not
> invalid) like:
>
> struct D: B {
> char buf[32];
> virtual void* f (unsigned n) {
> if (n < 32)
> return n <= 32 ? buf : B::f (n);
> }
>
> Breaking foo's attribute malloc constraint.
>
> In other words, I think virtual functions need to be excluded
> from the list (unless they're defined in a class marked final,
> or unless we know they're not overridden to break the constraint
> like above).
But we are annotating the actual decl, not the type in the class
struct.
Richard.
