safe-alloc: make obsolete and remove REALLOC_N

Problem reported by Vivien Kraus in:
https://lists.gnu.org/r/bug-gnulib/2025-07/msg00073.html
This module never caught on.
* lib/safe-alloc.h (REALLOC_N): Remove.
* modules/safe-alloc: Now obsolete.
* tests/test-safe-alloc.c (main): Remove REALLOC_N test.

ChangeLog

@@ -1,3 +1,13 @@
+2025-07-13  Paul Eggert  <eggert@cs.ucla.edu>
+
+	safe-alloc: make obsolete and remove REALLOC_N
+	Problem reported by Vivien Kraus in:
+	https://lists.gnu.org/r/bug-gnulib/2025-07/msg00073.html
+	This module never caught on.
+	* lib/safe-alloc.h (REALLOC_N): Remove.
+	* modules/safe-alloc: Now obsolete.
+	* tests/test-safe-alloc.c (main): Remove REALLOC_N test.
+
 2025-07-12  Bruno Haible  <bruno@clisp.org>
 
 	next-prime: Revert to original behaviour in GNU gettext.

NEWS

@@ -74,6 +74,9 @@ User visible incompatible changes
 
 Date        Modules         Changes
 
+2025-07-13  safe-alloc      This module is now obsolete.  Also, it no longer
+                            defines the REALLOC_N macro.
+
 2025-05-09  string-desc     These modules now distinguish between read-only
             xstring-desc    string descriptors (type string_desc_t) and
                             writable string descriptors (type rw_string_desc_t).

doc/safe-alloc.texi

@@ -7,6 +7,10 @@ number of common coding errors.  The @code{safe-alloc} module provides
 macros that make it easier to avoid many of them.  It still uses the
 standard C allocation functions behind the scenes.
 
+This module is obsolete, as it does not seem to have caught on in
+practice and some of its features could not be ported to unusual
+platforms.
+
 Some of the memory allocation mistakes that are commonly made are
 
 @itemize @bullet
@@ -71,18 +75,6 @@ bytes long, and store the address of allocated memory in
 Returns @minus{}1 on failure, 0 on success.
 @end defmac
 
-@defmac {int} REALLOC_N (ptr, count)
-@findex REALLOC_N
-Reallocate the memory pointed to by @code{ptr} to be big enough to hold
-at least @code{count} elements, each @code{sizeof *ptr} bytes long,
-and store the address of allocated memory in @code{ptr}.  If
-reallocation fails, the @code{ptr} variable is not modified.
-If the new array is smaller than the old one, discard excess contents;
-if larger, the newly added storage is not initialized.
-
-Returns @minus{}1 on failure, 0 on success.
-@end defmac
-
 @defmac {void} FREE (ptr)
 @findex FREE
 Free the memory stored in @code{ptr} and set @code{ptr} to

lib/safe-alloc.h

@@ -86,20 +86,6 @@ safe_alloc_check (void *ptr)
 #define ALLOC_N_UNINITIALIZED(ptr, count) \
   safe_alloc_check ((ptr) = reallocarray (NULL, count, sizeof *(ptr)))
 
-/**
- * REALLOC_N:
- * @ptr: pointer to allocated memory
- * @count: number of elements to allocate
- *
- * Re-allocate an array of 'count' elements, each sizeof *ptr
- * bytes long and store the address of allocated memory in
- * 'ptr'.  Fill the newly allocated memory with zeros.
- *
- * Return -1 on failure to reallocate, zero on success.
- */
-#define REALLOC_N(ptr, count) \
-  safe_alloc_check ((ptr) = reallocarray (ptr, count, sizeof *(ptr)))
-
 /**
  * FREE:
  * @ptr: pointer holding address to be freed

modules/safe-alloc

@@ -1,6 +1,12 @@
 Description:
 A set of macros to make calls to alloc/calloc/realloc safer.
 
+Status:
+obsolete
+
+Notice:
+This module is obsolete.
+
 Files:
 lib/safe-alloc.h
 lib/safe-alloc.c

tests/test-safe-alloc.c

@@ -42,11 +42,6 @@ main ()
 
   ASSERT (p->a == 0 && p->b == 0);
 
-  p->a = p->b = 42;
-  r = REALLOC_N (p, 5);
-
-  ASSERT (p[0].a == 42 && p[0].b == 42);
-
   FREE (p);
   ASSERT (p == NULL);