This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
On Sat, 22 Dec 2018, Paul Eggert wrote:
> Joseph Myers wrote:
> > We can assume that
> > PTRDIFF_MAX == SIZE_MAX / 2 (and that ptrdiff_t, size_t and pointers have
> > the same power-of-2 width, which is at least 32).
>
> OK, then we needn't bother with the static assertion. Is there a good place to
> document assumptions like this one, in the glibc manual I suppose?
I don't know of such a list of assumptions on the environment glibc
supports. I listed various other such requirements in
<https://sourceware.org/ml/libc-alpha/2015-07/msg00761.html>. (Of course,
glibc code should still prefer to use logically appropriate interfaces to
make the code clearer to the reader; for example, all glibc systems have
size_t, ptrdiff_t, pointers and long the same width, but size_t,
ptrdiff_t, intptr_t or uintptr_t should be used as appropriate instead of
long if the intent is some kind of pointer-sized integer.)
> Although the point is now moot for this patch, I prefer the readability of
> 'verify'. Compare this:
>
> verify (PTRDIFF_MAX <= SIZE_MAX / 2);
>
> to this:
>
> _Static_assert (PTRDIFF_MAX <= SIZE_MAX / 2,
> "PTRDIFF_MAX is not more than half of SIZE_MAX");
>
> With just one static assertion it's no big deal, but Gnulib has files with
> dozens and the readability savings add up.
In about three years' time we'll be able to require GCC 9 or later to
build glibc and thus use single-argument _Static_assert (which C2x has
added from C++ and which I've added support for to GCC 9).
--
Joseph S. Myers
joseph@codesourcery.com