[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: checked integer arithmetic
From: |
Bruno Haible |
Subject: |
Re: checked integer arithmetic |
Date: |
Thu, 15 Dec 2016 11:09:49 +0100 |
User-agent: |
KMail/4.8.5 (Linux/3.8.0-44-generic; KDE/4.8.5; x86_64; ; ) |
Paul Eggert wrote:
> #include <stdint.h>
> #include <stddef.h>
> #include <stdlib.h>
>
> ptrdiff_t
> diff (short *a, short *b)
> {
> return a - b;
> }
>
> int
> main (void)
> {
> size_t n = PTRDIFF_MAX / sizeof (short) + 1;
> short *x = malloc (n * sizeof (short));
> return 0 < diff (x + n, x);
> }
I can reproduce it, on Ubuntu with "gcc -m32", even with a 2.5 GB allocation:
size_t n = PTRDIFF_MAX / sizeof (short) * 1.25;
'ltrace' shows that malloc succeeds.
The code of the 'diff' function shows a signed shift:
diff:
movl 4(%esp), %eax
subl 8(%esp), %eax
sarl %eax
ret
And indeed, an unsigned shift is not possible here because the compiler
doesn't know whether to expect a >= b or a <= b.
So, the limiting factor is the pointer difference operator
ptr1 - ptr2 where sizeof (*ptr1,*ptr2) > 1.
Consequences:
* We have no problem with code that only works with indices and never does
pointer differences or pointer comparisons.
for (i = 0; i < n; i++)
do_something (&array[i]);
is better than
array_end = &array_end;
for (p = array; p < array_end; p++)
do_something (p);
But does GCC's strength-reduction optimization know this?
* We have no problem with strings, because sizeof (char) == 1.
Bruno
- FYI: dfa: add an assertion to avoid coverity false positive, Jim Meyering, 2016/12/14
- Re: FYI: dfa: add an assertion to avoid coverity false positive, Paul Eggert, 2016/12/14
- Re: checked integer arithmetic, Bruno Haible, 2016/12/14
- Re: checked integer arithmetic, Eric Blake, 2016/12/14
- Re: checked integer arithmetic, Paul Eggert, 2016/12/14
- xalloc-oversized PTRDIFF_MAX fix (was: checked integer arithmetic), Paul Eggert, 2016/12/14
- Re: checked integer arithmetic, Bruno Haible, 2016/12/14
- Re: checked integer arithmetic,
Bruno Haible <=
- Re: checked integer arithmetic, Paul Eggert, 2016/12/15
- Re: checked integer arithmetic, Bruno Haible, 2016/12/15
- Re: checked integer arithmetic, Bruno Haible, 2016/12/15
- Re: checked integer arithmetic, Paul Eggert, 2016/12/16
Re: FYI: dfa: add an assertion to avoid coverity false positive, Paul Eggert, 2016/12/14