bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: malloca, freea are not thread-safe


From: Bruno Haible
Subject: Re: malloca, freea are not thread-safe
Date: Sat, 03 Feb 2018 00:41:47 +0100
User-agent: KMail/5.1.3 (Linux/4.4.0-104-generic; KDE/5.18.0; x86_64; ; )

Paul Eggert wrote:
> > !   size_t nplus = n + sizeof (small_t) + 2 * sa_alignment_max - 1;
> For expressions like these, it's a bit better to parenthesize the value 
> added to N, mostly because it makes it clearer to the reader that we're 
> just adding a constant. Also, on (admittedly-weird) platforms where 
> SIZE_MAX <= INT_MAX, it avoids undefined behavior in some 
> (admittedly-unusual) cases.

Regarding the parentheses, I disagree: If we put parentheses they should
be like this:
    size_t nplus = (n + sizeof (small_t)) + (2 * sa_alignment_max - 1);
because we want n + sizeof (small_t) consecutive bytes in memory, and the
other summand is for the alignment. Parenthesizing it in the way you suggest
would make the expression _more_ confusing.

I don't see any potential for undefined behaviour: we are taking a size_t
expression and adding a small constant (> 0, < 100). Undefined behaviour
in addition occurs only when signed integers overflow. If SIZE_MAX <= INT_MAX
we know that INT_MAX >= 2*SIZE_MAX-1 > SIZE_MAX + 100, therefore no 'int'
overflow is possible here.

Bruno




reply via email to

[Prev in Thread] Current Thread [Next in Thread]