This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Joseph Myers <joseph at codesourcery dot com>
Cc: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, libc-alpha at sourceware dot org
Date: Sat, 22 Dec 2018 18:17:21 -0800
Subject: Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
References: <20181221183813.16245-1-adhemerval.zanella@linaro.org> <20181221183813.16245-2-adhemerval.zanella@linaro.org> <alpine.DEB.2.21.1812211841010.10148@digraph.polyomino.org.uk> <683a19d2-8a4d-9932-ac92-cd2df2afe193@linaro.org> <alpine.DEB.2.21.1812211932250.27070@digraph.polyomino.org.uk> <ea2acca5-2d32-9bad-b68a-bd92dddb397e@linaro.org> <bd7385c4-3909-0e82-195c-6355df2b8481@cs.ucla.edu> <alpine.DEB.2.21.1812212235110.27070@digraph.polyomino.org.uk>

Joseph Myers wrote:

We can assume that
PTRDIFF_MAX == SIZE_MAX / 2 (and that ptrdiff_t, size_t and pointers have
the same power-of-2 width, which is at least 32).

OK, then we needn't bother with the static assertion. Is there a good place todocument assumptions like this one, in the glibc manual I suppose?

Using verify.h in any glibc code not coming from gnulib would be odd; just
use _Static_assert.

Although the point is now moot for this patch, I prefer the readability of'verify'. Compare this:


verify (PTRDIFF_MAX <= SIZE_MAX / 2);

to this:

_Static_assert (PTRDIFF_MAX <= SIZE_MAX / 2,
                "PTRDIFF_MAX is not more than half of SIZE_MAX");

With just one static assertion it's no big deal, but Gnulib has files withdozens and the readability savings add up.

Follow-Ups:
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Joseph Myers

References:
- [PATCH 1/2] Replace check_mul_overflow_size_t with INT_MULTIPLY_WRAPV
  - From: Adhemerval Zanella
- [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Adhemerval Zanella
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Joseph Myers
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Adhemerval Zanella
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Joseph Myers
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Adhemerval Zanella
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Paul Eggert
- Re: [PATCH 2/2] malloc: make malloc fail with requests larger than PTRDIFF_MAX
  - From: Joseph Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]