From: Paul Eggert <eggert@cs.ucla.edu>
To: "Rüdiger Sonderfeld" <ruediger@c-plusplus.de>
Cc: libc-alpha@sourceware.org
Subject: Re: [RFC][PATCH v2] Add reallocarray function.
Date: Thu, 22 May 2014 05:45:00 -0000 [thread overview]
Message-ID: <537D7633.10906@cs.ucla.edu> (raw)
In-Reply-To: <2187944.g1p5OTczzC@descartes>
Rüdiger Sonderfeld wrote:
> What happens if the 2nd arg is zero in a call to `xnrealloc'?
Undefined behavior. Agreed, this isn't suitable for reallocarray.
> How can `xnrealloc' guarantee that the result will be non-NULL?
It tests realloc's result and calls a _Noreturn function if it's null.
Again, this is fine for Gnulib but not suitable for reallocarray -- we'd
keep this part in the Gnulib wrapper.
> Is there active work done on those overflow checks in GCC?
The last message I know on the topic was last month. Sort of active, I
guess. <https://gcc.gnu.org/ml/gcc/2014-04/msg00194.html> Perhaps
someone should ping the GCC list.
While we're on the subject, there was a proposal last October to add
saturated arithmetic to glibc internals; see, e.g.,
<https://www.sourceware.org/ml/libc-alpha/2013-10/msg00905.html>.
Presumably this arithmetic could use these builtins too.
> this might be something gnulib could provide (if it hasn't something like that already).
gnulib has several things like that already, which could be tuned to use
__builtin_umul_overflow if available:
* intprops.h's INT_MULTIPLY_OVERFLOW (A, B) returns true if multiplying
the integers A and B would overflow. It works for any combination of
integer types, so in this sense it's handier than __builtin_umul_overflow.
* xsize.h's xtimes uses saturated arithmetic to multiply size_t values,
and needs to check for overflow.
* xalloc-oversized.h's xalloc_oversized checks for overflow in size_t
multiplication, with the special case that SIZE_MAX represents a
previously-overflowed computation (e.g., from xtimes).
Perhaps we could add an MUL_OVERFLOW (A, B, PRESULT) macro to intprops.h
(that uses __builtin_umul_overflow/__builtin_ulmul_overflow/etc.) if
available) so that applications could use the builtins more directly if
they prefer. It's not clear how useful that would be, though.
next prev parent reply other threads:[~2014-05-22 4:00 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-18 21:05 [RFC][PATCH] " Rüdiger Sonderfeld
2014-05-18 21:43 ` Paul Eggert
2014-05-18 21:50 ` [RFC][PATCH v2] " Rüdiger Sonderfeld
2014-05-19 4:27 ` Rüdiger Sonderfeld
2014-05-19 15:30 ` Joseph S. Myers
2014-05-20 4:35 ` Rich Felker
2014-05-20 8:17 ` Paul Eggert
2014-05-20 8:19 ` Andreas Schwab
2014-05-20 15:45 ` Paul Eggert
2014-05-20 20:47 ` Rich Felker
2014-05-20 20:56 ` Paul Eggert
2014-05-20 12:50 ` Rüdiger Sonderfeld
2014-05-20 14:18 ` Paul Eggert
2014-05-21 12:39 ` Rüdiger Sonderfeld
2014-05-22 5:45 ` Paul Eggert [this message]
2014-09-01 15:48 ` [RFC][PATCH] " Florian Weimer
2014-09-01 17:24 ` Rich Felker
2014-09-02 9:29 ` Florian Weimer
2014-09-02 13:03 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537D7633.10906@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=libc-alpha@sourceware.org \
--cc=ruediger@c-plusplus.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).