This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX


On Sat, 22 Dec 2018, Paul Eggert wrote:

> Joseph Myers wrote:
> > We can assume that
> > PTRDIFF_MAX == SIZE_MAX / 2 (and that ptrdiff_t, size_t and pointers have
> > the same power-of-2 width, which is at least 32).
> 
> OK, then we needn't bother with the static assertion. Is there a good place to
> document assumptions like this one, in the glibc manual I suppose?

I don't know of such a list of assumptions on the environment glibc 
supports.  I listed various other such requirements in 
<https://sourceware.org/ml/libc-alpha/2015-07/msg00761.html>.  (Of course, 
glibc code should still prefer to use logically appropriate interfaces to 
make the code clearer to the reader; for example, all glibc systems have 
size_t, ptrdiff_t, pointers and long the same width, but size_t, 
ptrdiff_t, intptr_t or uintptr_t should be used as appropriate instead of 
long if the intent is some kind of pointer-sized integer.)

> Although the point is now moot for this patch, I prefer the readability of
> 'verify'. Compare this:
> 
> verify (PTRDIFF_MAX <= SIZE_MAX / 2);
> 
> to this:
> 
> _Static_assert (PTRDIFF_MAX <= SIZE_MAX / 2,
>                 "PTRDIFF_MAX is not more than half of SIZE_MAX");
> 
> With just one static assertion it's no big deal, but Gnulib has files with
> dozens and the readability savings add up.

In about three years' time we'll be able to require GCC 9 or later to 
build glibc and thus use single-argument _Static_assert (which C2x has 
added from C++ and which I've added support for to GCC 9).

-- 
Joseph S. Myers
joseph@codesourcery.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]