From: "Rüdiger Sonderfeld" <ruediger@c-plusplus.de>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: libc-alpha@sourceware.org
Subject: Re: [RFC][PATCH v2] Add reallocarray function.
Date: Wed, 21 May 2014 12:39:00 -0000 [thread overview]
Message-ID: <2187944.g1p5OTczzC@descartes> (raw)
In-Reply-To: <537B6155.6070104@cs.ucla.edu>
On Tuesday 20 May 2014 07:06:13 Paul Eggert wrote:
> First, xnrealloc's 2nd arg
> must be nonzero; this avoids a runtime check for zero so it's a bit
> faster (xnrealloc is an inline function so much of the overflow test's
> work can typically be done at compile-time).
An inline version certainly would make sense. But I don't think this could be
done for glibc.
What happens if the 2nd arg is zero in a call to `xnrealloc'? Since
`reallocarray' should primarily be about providing a safer to use API I
wouldn't want to introduce another case for undefined behavior.
And I'd like to stay compatible as much as possible with the OpenBSD
implementation (which will probably spread to other *BSDs as well).
> Second, xnrealloc's result
> is guaranteed to be non-NULL if its first arg is nonzero; this lets the
> calling code be simpler.
How can `xnrealloc' guarantee that the result will be non-NULL?
> We could alter xnrealloc to be a simple wrapper for reallocarray if
> reallocarray is available. With the current reallocarray
> implementation, though, this might not be worth the trouble, because I
> suspect xnrealloc's test for overflow is faster than reallocarray's in
> the typical case where the last argument is a constant. If you could
> fix reallocarray to use the equivalent of __builtin_umul_overflow,
> though, this objection would be removed and it would make sense for
> xnrealloc to be a wrapper for reallocarray if available.
I've changed `reallocarray' (and `calloc') to call `check_mul_overflow' for
the overflow check (v2 of the patch). This function could be replaced by a
call to `__builtin_umul_overflow' once GCC provides such an extension.
(However there would the problem of selecting the right overflow check due to
the existence of `size_t` and `INTERNAL_SIZE_T'. But that can be discussed
once the GCC extension exists.)
Is there active work done on those overflow checks in GCC? Maybe it would
make sense to provide an API like that, which if available uses the builtin.
I'm not sure if glibc would be the right place for it though. But I guess
this might be something gnulib could provide (if it hasn't something like that
already).
Regards,
Rüdiger
next prev parent reply other threads:[~2014-05-21 12:32 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-18 21:05 [RFC][PATCH] " Rüdiger Sonderfeld
2014-05-18 21:43 ` Paul Eggert
2014-05-18 21:50 ` [RFC][PATCH v2] " Rüdiger Sonderfeld
2014-05-19 4:27 ` Rüdiger Sonderfeld
2014-05-19 15:30 ` Joseph S. Myers
2014-05-20 4:35 ` Rich Felker
2014-05-20 8:17 ` Paul Eggert
2014-05-20 8:19 ` Andreas Schwab
2014-05-20 15:45 ` Paul Eggert
2014-05-20 20:47 ` Rich Felker
2014-05-20 20:56 ` Paul Eggert
2014-05-20 12:50 ` Rüdiger Sonderfeld
2014-05-20 14:18 ` Paul Eggert
2014-05-21 12:39 ` Rüdiger Sonderfeld [this message]
2014-05-22 5:45 ` Paul Eggert
2014-09-01 15:48 ` [RFC][PATCH] " Florian Weimer
2014-09-01 17:24 ` Rich Felker
2014-09-02 9:29 ` Florian Weimer
2014-09-02 13:03 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2187944.g1p5OTczzC@descartes \
--to=ruediger@c-plusplus.de \
--cc=eggert@cs.ucla.edu \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).