[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] gnulib README patch for size_t addition overflow

From: Bruno Haible
Subject: Re: [Bug-gnulib] gnulib README patch for size_t addition overflow
Date: Wed, 19 Nov 2003 17:08:16 +0100
User-agent: KMail/1.5

Paul Eggert wrote:
> That is, the S + T proviso above is
> probably a portable assumption (with a very high probability :-) but
> is a bit worrisome nonetheless.  So, if it's easy to write and
> maintain code that works even without that assumption, and is no less
> efficient, then I would do so.  However, in practice it's often more
> of a pain to write and maintain the code that way

The experience I've just made with vasnprintf.c is that is more maintainable
to put xsum and xtimes everywhere where a size_t value is constructed
that may be bigger than all previously seen ones, than to think about
optimizing away half of them. It's preferrable to write

     length = xsum (length, 1);



because someday the increment '1' might be replaced by 'precision' or
'width' or some other entity that is bigger than a fixed small amount.

> It depends on whether we're worried about porting to hosts without
> flat address spaces.  I don't know of any such hosts that are of
> current or future interest to the GNU project.

You know that Linux/IA-64 internally uses a segmented architecture?
Each segment is 2^60 bytes.

> However, I vaguely
> recall that you don't like the existing wrapper for some reason
> (perhaps you thought it should have a different name? sorry, I don't
> recall the details)

Yes my main objection is the name: any thing that's called 'malloc'
in the source code should behave like the standard ISO C malloc.
'xmalloc' is already taken, maybe call it 'xsize_malloc'?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]