bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: obstack_free(obs, addr) not portable when addr != NULL

From: Paul Eggert
Subject: Re: obstack_free(obs, addr) not portable when addr != NULL
Date: Thu, 12 Apr 2012 18:59:39 -0700
User-agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 
On 04/12/2012 05:48 PM, Jeffrey Kegler wrote:
> 1)  Document that the behavior is unportable, and under what conditions it 
> can be expected to work.
> At a minimum, describe the behavior required of the memory allocator.  2.) 
> Remove/replace the feature.

(1) is probably safer, given how much the feature is used.
For now, I pushed this:

>From f8fea966d67a6ba06231689e63f668bd55ee5797 Mon Sep 17 00:00:00 2001
From: Paul Eggert <address@hidden>
Date: Thu, 12 Apr 2012 18:56:54 -0700
Subject: [PATCH] README: document pointer comparison assumption

* README (Portability guidelines): Document assumption about
pointer comparisons, in response to a recent bug-gnulib comment by
Jeffrey Kegler.
---
 ChangeLog |    7 +++++++
 README    |   22 +++++++++++++---------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ed9b98c..ce6d19a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-04-12  Paul Eggert  <address@hidden>
+
+       README: document pointer comparison assumption
+       * README (Portability guidelines): Document assumption about
+       pointer comparisons, in response to a recent bug-gnulib comment by
+       Jeffrey Kegler.
+
 2012-04-12  Bruno Haible  <address@hidden>
 
        Tests for module 'getrusage'.
diff --git a/README b/README
index 672964f..4bf10dd 100644
--- a/README
+++ b/README
@@ -258,15 +258,19 @@ as well.  Gnulib code makes the following additional 
assumptions:
  * There are no "holes" in integer values: all the bits of an integer
    contribute to its value in the usual way.
 
- * If two nonoverlapping objects have sizes S and T represented as
-   size_t values, then S + T cannot overflow.  This assumption is true
-   for all practical hosts with flat address spaces, but it is not
-   always true for hosts with segmented address spaces.
-
- * If an existing object has size S, and if T is sufficiently small
-   (e.g., 8 KiB), then S + T cannot overflow.  Overflow in this case
-   would mean that the rest of your program fits into T bytes, which
-   can't happen in realistic flat-address-space hosts.
+ * Addresses and sizes behave as if objects reside in a flat address space.
+   In particular:
+
+   - If two nonoverlapping objects have sizes S and T represented as
+     size_t values, then S + T cannot overflow.
+
+   - A pointer P points within an object O if and only if
+     (char *) &O <= (char *) P && (char *) P < (char *) (&O + 1).
+
+   - If an existing object has size S, and if T is sufficiently small
+     (e.g., 8 KiB), then S + T cannot overflow.  Overflow in this case
+     would mean that the rest of your program fits into T bytes, which
+     can't happen in realistic flat-address-space hosts.
 
  * Objects with all bits zero are treated as 0 or NULL.  For example,
    memset (A, 0, sizeof A) initializes an array A of pointers to NULL.
-- 
1.7.6.5
reply via email to
[Prev in Thread] Current Thread [Next in Thread]