effect of free()

Tim_CDC_Roberts at cup.portal.com Tim_CDC_Roberts at cup.portal.com
Fri Sep 8 02:37:32 AEST 1989 

>From Dolf Grunbauer, Martin Jourdan, Dick Dunn and T. William Wells:
 
>>>> ...For example, the following code fragment is nonportable:
>>>>    char    *ptr;
>>>>    ptr = malloc(1);
>>>>    free(ptr);
>>>>    if (ptr == 0) ...
>>>> The if might cause a trap when the value of ptr is accessed.
>>>Not true.  The "if" only examines the value of the pointer, not what it
>>>points to.
>>You're wrong, Dick.  Someone else already pointed it out, but let me
>>make it clear again.  Imagine a segmented memory architecture with
>>protections, and imagine that the call to "free" above frees the last
>>used block in the segment and that "free" is clever enough to
>>determine it and decides to release the segment to the OS, thus making
>>the whole segment invalid [...]
>> [...].  Then merely loading the value of "ptr" in a register to test it
>>against 0 will cause a invalid-address trap.
>
> I agree with Dick, as the original statement is:
>    if (ptr == 0) ...
> I think Martin explained why the statement:
>    if (*ptr == 0) ...
> is unacceptable and how the OS could trigger this illegal use.
> Is this true or am I missing Martin's point ?
 
I know I'm going to be sorry for entering into this.
 
Isn't this a quality of implementation issue?  In any architecture where
simply placing a value into an address register causes a hardware
validation of that address (CDC Cyber 170, for example), there MUST be an
alternative method of manipulating arbitrary bit patterns without
restriction.  That is, it MUST be possible to load the value of an
invalid address (which some of the "arbitrary bit patterns" would be)
into a general-purpose register.  Thus, in the case above, I would
insist that the compiler writer move the address to a general-purpose
register and do the comparison there.  Any other behaviour I would document
as a bug.
 
In the CDC Cyber 180s, which use a segmented memory architecture very
similar to the one described in the test case, any bit pattern may be
loaded and manipulated in an address register; address, segment and
ring validation is not done until an attempt is made to deference the
value.

Tim_CDC_Roberts at cup.portal.com                | Control Data...
...!sun!portal!cup.portal.com!tim_cdc_roberts |   ...or it will control you.

More information about the Comp.lang.c mailing list