From ef5a4088d9236a55283d1eb576f560aa39c09e6f Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 9 Aug 2022 23:20:49 -0700 Subject: [PATCH 5/6] stdckdint: prefer to intprops when easy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit stdckdint.h is part of draft C23 and therefore is more likely to be familiar to programmers in the future, so prefer it to intprops.h in files that don’t need non-_WRAPV intprops.h macros. * lib/alignalloc.c, lib/backupfile.c, lib/fnmatch.c, lib/fnmatch_loop.c: * lib/group-member.c, lib/malloca.c, lib/posixtm.c, lib/reallocarray.c: * lib/xmalloc.c: For files that can use stdckdint.h just as easily as intprops.h, include the former instead of the latter, and use the former’s ckd_* macros instead of the latter’s *_WRAPV macros. * modules/alignalloc, modules/backup-rename, modules/backupfile: * modules/fnmatch, modules/group-member, modules/malloca: * modules/posixtm, modules/reallocarray: * modules/relocatable-prog-wrapper, modules/xalloc: Depend on stdckdint instead of intprops. --- ChangeLog | 16 ++++++++++++++++ lib/alignalloc.c | 4 ++-- lib/backupfile.c | 4 ++-- lib/fnmatch.c | 2 +- lib/fnmatch_loop.c | 4 ++-- lib/group-member.c | 5 ++--- lib/malloca.c | 10 +++++----- lib/posixtm.c | 4 ++-- lib/reallocarray.c | 5 ++--- lib/xmalloc.c | 12 ++++++------ modules/alignalloc | 2 +- modules/backup-rename | 2 +- modules/backupfile | 2 +- modules/fnmatch | 2 +- modules/group-member | 2 +- modules/malloca | 2 +- modules/posixtm | 2 +- modules/reallocarray | 2 +- modules/relocatable-prog-wrapper | 1 + modules/xalloc | 2 +- 20 files changed, 50 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20c25c902a..5293fc104f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,21 @@ 2022-08-09 Paul Eggert + stdckdint: prefer to intprops when easy + stdckdint.h is part of draft C23 and therefore is more likely + to be familiar to programmers in the future, so prefer it to + intprops.h in files that don’t need non-_WRAPV intprops.h macros. + * lib/alignalloc.c, lib/backupfile.c, lib/fnmatch.c, lib/fnmatch_loop.c: + * lib/group-member.c, lib/malloca.c, lib/posixtm.c, lib/reallocarray.c: + * lib/xmalloc.c: + For files that can use stdckdint.h just as easily as intprops.h, + include the former instead of the latter, and use the former’s + ckd_* macros instead of the latter’s *_WRAPV macros. + * modules/alignalloc, modules/backup-rename, modules/backupfile: + * modules/fnmatch, modules/group-member, modules/malloca: + * modules/posixtm, modules/reallocarray: + * modules/relocatable-prog-wrapper, modules/xalloc: + Depend on stdckdint instead of intprops. + stdckdint: new module This supports draft C23 . * doc/posix-headers/stdckdint.texi: diff --git a/lib/alignalloc.c b/lib/alignalloc.c index 03988f11a4..1884394e3c 100644 --- a/lib/alignalloc.c +++ b/lib/alignalloc.c @@ -24,8 +24,8 @@ #include #include +#include #include -#include "intprops.h" #include "verify.h" #if !ALIGNALLOC_VIA_ALIGNED_ALLOC @@ -82,7 +82,7 @@ alignalloc (idx_t alignment, idx_t size) size_t malloc_size; unsigned char *q; - if (INT_ADD_WRAPV (size, alignment, &malloc_size) + if (ckd_add (&malloc_size, size, alignment) || ! (q = malloc (malloc_size))) { errno = ENOMEM; diff --git a/lib/backupfile.c b/lib/backupfile.c index d9f465a3e0..b2ab67847a 100644 --- a/lib/backupfile.c +++ b/lib/backupfile.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -34,7 +35,6 @@ #include "attribute.h" #include "basename-lgpl.h" #include "ialloc.h" -#include "intprops.h" #include "opendirat.h" #include "renameatu.h" @@ -272,7 +272,7 @@ numbered_backup (int dir_fd, char **buffer, idx_t buffer_size, idx_t filelen, if (buffer_size < new_buffer_size) { idx_t grown; - if (! INT_ADD_WRAPV (new_buffer_size, new_buffer_size >> 1, &grown)) + if (! ckd_add (&grown, new_buffer_size, new_buffer_size >> 1)) new_buffer_size = grown; char *new_buf = irealloc (buf, new_buffer_size); if (!new_buf) diff --git a/lib/fnmatch.c b/lib/fnmatch.c index b33a127d98..45e326902d 100644 --- a/lib/fnmatch.c +++ b/lib/fnmatch.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #if defined _LIBC || HAVE_ALLOCA # include @@ -73,7 +74,6 @@ extern int fnmatch (const char *pattern, const char *string, int flags); # include "attribute.h" #endif -#include #include #ifdef _LIBC diff --git a/lib/fnmatch_loop.c b/lib/fnmatch_loop.c index e635953758..1b16de99b6 100644 --- a/lib/fnmatch_loop.c +++ b/lib/fnmatch_loop.c @@ -1039,8 +1039,8 @@ EXT (INT opt, const CHAR *pattern, const CHAR *string, const CHAR *string_end, idx_t slen = FLEXSIZEOF (struct patternlist, str, 0); \ idx_t new_used = alloca_used + slen; \ idx_t plensize; \ - if (INT_MULTIPLY_WRAPV (plen, sizeof (CHAR), &plensize) \ - || INT_ADD_WRAPV (new_used, plensize, &new_used)) \ + if (ckd_mul (&plensize, plen, sizeof (CHAR), &plensize) \ + || ckd_add (&new_used, new_used, plensize)) \ { \ retval = -2; \ goto out; \ diff --git a/lib/group-member.c b/lib/group-member.c index 480a12616a..cd43f36f4e 100644 --- a/lib/group-member.c +++ b/lib/group-member.c @@ -21,12 +21,11 @@ /* Specification. */ #include +#include #include #include #include -#include "intprops.h" - /* Most processes have no more than this many groups, and for these processes we can avoid using malloc. */ enum { GROUPBUF_SIZE = 100 }; @@ -54,7 +53,7 @@ get_group_info (struct group_info *gi) { int n_group_slots = getgroups (0, NULL); size_t nbytes; - if (! INT_MULTIPLY_WRAPV (n_group_slots, sizeof *gi->group, &nbytes)) + if (! ckd_mul (&nbytes, n_group_slots, sizeof *gi->group)) { gi->group = malloc (nbytes); if (gi->group) diff --git a/lib/malloca.c b/lib/malloca.c index e7beaaf066..183783a710 100644 --- a/lib/malloca.c +++ b/lib/malloca.c @@ -21,8 +21,9 @@ /* Specification. */ #include "malloca.h" +#include + #include "idx.h" -#include "intprops.h" #include "verify.h" /* The speed critical point in this file is freea() applied to an alloca() @@ -50,17 +51,16 @@ mmalloca (size_t n) uintptr_t alignment2_mask = 2 * sa_alignment_max - 1; int plus = sizeof (small_t) + alignment2_mask; idx_t nplus; - if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1)) + if (!ckd_add (&nplus, n, plus) && !xalloc_oversized (nplus, 1)) { char *mem = (char *) malloc (nplus); if (mem != NULL) { uintptr_t umem = (uintptr_t)mem, umemplus; - /* The INT_ADD_WRAPV avoids signed integer overflow on + /* The ckd_add avoids signed integer overflow on theoretical platforms where UINTPTR_MAX <= INT_MAX. */ - INT_ADD_WRAPV (umem, sizeof (small_t) + sa_alignment_max - 1, - &umemplus); + ckd_add (&umemplus, umem, sizeof (small_t) + sa_alignment_max - 1); idx_t offset = ((umemplus & ~alignment2_mask) + sa_alignment_max - umem); void *vp = mem + offset; diff --git a/lib/posixtm.c b/lib/posixtm.c index b00cef42fd..3c323782fa 100644 --- a/lib/posixtm.c +++ b/lib/posixtm.c @@ -24,9 +24,9 @@ #include "c-ctype.h" #include "idx.h" -#include "intprops.h" #include "verify.h" +#include #include /* @@ -191,7 +191,7 @@ posixtime (time_t *p, const char *s, unsigned int syntax_bits) | (tm0.tm_min ^ tm1.tm_min) | (tm0.tm_sec ^ tm1.tm_sec))) { - if (INT_ADD_WRAPV (t, leapsec, &t)) + if (ckd_add (&t, t, leapsec)) return false; *p = t; return true; diff --git a/lib/reallocarray.c b/lib/reallocarray.c index bc4cba4b61..70c1b47872 100644 --- a/lib/reallocarray.c +++ b/lib/reallocarray.c @@ -19,16 +19,15 @@ #include +#include #include #include -#include "intprops.h" - void * reallocarray (void *ptr, size_t nmemb, size_t size) { size_t nbytes; - if (INT_MULTIPLY_WRAPV (nmemb, size, &nbytes)) + if (ckd_mul (&nbytes, nmemb, size)) { errno = ENOMEM; return NULL; diff --git a/lib/xmalloc.c b/lib/xmalloc.c index 993c1eeb75..3c3cb20799 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -22,9 +22,9 @@ #include "xalloc.h" #include "ialloc.h" -#include "intprops.h" #include "minmax.h" +#include #include #include @@ -195,7 +195,7 @@ x2nrealloc (void *p, size_t *pn, size_t s) else { /* Set N = floor (1.5 * N) + 1 to make progress even if N == 0. */ - if (INT_ADD_WRAPV (n, (n >> 1) + 1, &n)) + if (ckd_add (&n, n, (n >> 1) + 1)) xalloc_die (); } @@ -236,7 +236,7 @@ xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) N_MAX, and what the C language can represent safely. */ idx_t n; - if (INT_ADD_WRAPV (n0, n0 >> 1, &n)) + if (ckd_add (&n, n0, n0 >> 1)) n = IDX_MAX; if (0 <= n_max && n_max < n) n = n_max; @@ -251,7 +251,7 @@ xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) size_t nbytes; #endif idx_t adjusted_nbytes - = (INT_MULTIPLY_WRAPV (n, s, &nbytes) + = (ckd_mul (&nbytes, n, s) ? MIN (IDX_MAX, SIZE_MAX) : nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0); if (adjusted_nbytes) @@ -263,9 +263,9 @@ xpalloc (void *pa, idx_t *pn, idx_t n_incr_min, ptrdiff_t n_max, idx_t s) if (! pa) *pn = 0; if (n - n0 < n_incr_min - && (INT_ADD_WRAPV (n0, n_incr_min, &n) + && (ckd_add (&n, n0, n_incr_min) || (0 <= n_max && n_max < n) - || INT_MULTIPLY_WRAPV (n, s, &nbytes))) + || ckd_mul (&nbytes, n, s))) xalloc_die (); pa = xrealloc (pa, nbytes); *pn = n; diff --git a/modules/alignalloc b/modules/alignalloc index 68c1b14cd4..42ca672bc2 100644 --- a/modules/alignalloc +++ b/modules/alignalloc @@ -10,9 +10,9 @@ Depends-on: extensions extern-inline idx -intprops posix_memalign stdalign +stdckdint stdint verify diff --git a/modules/backup-rename b/modules/backup-rename index 245350a4df..54a8270a90 100644 --- a/modules/backup-rename +++ b/modules/backup-rename @@ -17,12 +17,12 @@ closedir d-ino fcntl-h ialloc -intprops memcmp opendirat readdir renameatu stdbool +stdckdint stdint xalloc-oversized diff --git a/modules/backupfile b/modules/backupfile index 3d06da9ed4..804e62d48c 100644 --- a/modules/backupfile +++ b/modules/backupfile @@ -17,13 +17,13 @@ closedir d-ino fcntl-h ialloc -intprops memcmp opendirat readdir realloc-gnu renameatu stdbool +stdckdint stdint xalloc-die diff --git a/modules/fnmatch b/modules/fnmatch index 37ebfe2250..7de95c565a 100644 --- a/modules/fnmatch +++ b/modules/fnmatch @@ -15,11 +15,11 @@ btowc [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] builtin-expect [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] flexmember [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] idx [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] -intprops [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] isblank [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] iswctype [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] libc-config [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] stdbool [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] +stdckdint [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] strnlen [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] wchar [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] wctype-h [test $HAVE_FNMATCH = 0 || test $REPLACE_FNMATCH = 1] diff --git a/modules/group-member b/modules/group-member index c08e786e0a..d84b751c0c 100644 --- a/modules/group-member +++ b/modules/group-member @@ -9,8 +9,8 @@ Depends-on: unistd extensions getgroups [test $HAVE_GROUP_MEMBER = 0] -intprops [test $HAVE_GROUP_MEMBER = 0] realloc-gnu [test $HAVE_GROUP_MEMBER = 0] +stdckdint [test $HAVE_GROUP_MEMBER = 0] configure.ac: gl_FUNC_GROUP_MEMBER diff --git a/modules/malloca b/modules/malloca index 346d33251a..9c279c45f1 100644 --- a/modules/malloca +++ b/modules/malloca @@ -10,7 +10,7 @@ m4/eealloc.m4 Depends-on: alloca-opt idx -intprops +stdckdint stdint verify xalloc-oversized diff --git a/modules/posixtm b/modules/posixtm index 5ecc016ae9..f302efac63 100644 --- a/modules/posixtm +++ b/modules/posixtm @@ -9,9 +9,9 @@ m4/posixtm.m4 Depends-on: c-ctype idx -intprops mktime stdbool +stdckdint verify configure.ac: diff --git a/modules/reallocarray b/modules/reallocarray index 9d2db6b888..380434870e 100644 --- a/modules/reallocarray +++ b/modules/reallocarray @@ -8,8 +8,8 @@ m4/reallocarray.m4 Depends-on: extensions -intprops [test $HAVE_REALLOCARRAY = 0 || test $REPLACE_REALLOCARRAY = 1] realloc-gnu [test $HAVE_REALLOCARRAY = 0 || test $REPLACE_REALLOCARRAY = 1] +stdckdint [test $HAVE_REALLOCARRAY = 0 || test $REPLACE_REALLOCARRAY = 1] stdlib configure.ac: diff --git a/modules/relocatable-prog-wrapper b/modules/relocatable-prog-wrapper index fa56916217..9b9d9c3abe 100644 --- a/modules/relocatable-prog-wrapper +++ b/modules/relocatable-prog-wrapper @@ -67,6 +67,7 @@ ssize_t stdalign stdbool stddef +stdckdint stdint stdlib string diff --git a/modules/xalloc b/modules/xalloc index 0fc3836c2c..15059bf47f 100644 --- a/modules/xalloc +++ b/modules/xalloc @@ -12,11 +12,11 @@ calloc-gnu extern-inline ialloc idx -intprops malloc-gnu minmax realloc-gnu reallocarray +stdckdint stdint xalloc-die -- 2.34.1