On Thu, Apr 11, 2019 at 12:43:08PM -0700, Taylor Blau wrote: > > I don't think we can ban malloc, since we have to use it ourselves. :) > > > > With some contortions, we probably could unban it specifically in > > wrapper.c (though note there are a few other calls I've left which would > > need to be handled somehow). > > Right. I think that I should have made this point clearer in my initial > reply. I was thinking that we could #undef the banned macro in > wrapper.c, or some similar hula-hooping. That _probably_ works, but I think technically falls afoul of platforms on which there's a malloc macro in the first place. We need to not just #undef it then, but restore the original macro, which is impossible. So you're better off just not fudging it in the first place. Which would probably be something like: #define SUPPRESS_BAN_MALLOC #include "git-compat-util.h" or something, with the appropriate magic in banned.h. This might be academic, but you wouldn't know until somebody's platform subtly breaks. ;) We did run into it already with strcpy(), I think, hence the defensive #undefs in banned.h. > Yeah... maybe that's the bigger question that I hadn't asked. I made the > suggestion thinking that it would help newcomers avoid writing > 'malloc()' and sending it if they didn't know we use our 'xmalloc()' > instead. > > But I'm not sure if the argument holds up. I think that in general > exactly the sorts of new-comers that I'm thinking of would have more > than one review cycle anyway, so it might not be worth the effort, > anyway... I think it's still a reasonable thought, even if I'm not sure the balance of cost/reward is quite there so far (but might change if it's an error we see people start to make). Compared to coccinelle, the banned-function approach is a little nicer for helping new submitters because it catches the problem during a normal compile (and we know nobody would ever submit a patch without having at least compiled it, right? ;) ). -Peff
