bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xsize and flexmember


From: Marc Nieper-Wißkirchen
Subject: Re: xsize and flexmember
Date: Fri, 1 May 2020 11:20:34 +0200

Am Fr., 1. Mai 2020 um 11:09 Uhr schrieb Bruno Haible <address@hidden>:
>
> Paul Eggert wrote:
> > I realize we have dueling conventions here, but would prefer that
> > saturated size_t arithmetic have a longer prefix or suffix than just "x".
>
> I'm open to this. What prefix would you propose instead of 'x'?

Whatever prefix instead, it should be a short as 'x'. As the functions
exported by xsize are to be used in place of the usual arithmetic
operators, their names should be short.

> Generally, 'xsize' has not caught on as I had expected. It is still a
> simple solution to the task of avoiding inadvertent overflow, especially
> in complex expressions, but
>   - many people continued to prefer ad-hoc code, especially for simple
>     expressions,

I'd rather use the xsize code than ad-hoc code because it expresses
the programmer's intent much better.

>   - the 'xsize' module is written for size_t, therefore overflow checking
>     for 'unsigned int' or 'unsigned long' still has to be done the
>     manual way,

I think that size_t calculations are still the most important ones.

Thanks,

Marc

>   - on glibc systems, the problem has been mitigated since malloc()
>     now refuses arguments > SIZE_MAX/2, thus in a loop that grows an
>     array malloc() will typically fail before the size overflows.
>
> Thoughts?
>
> Bruno
>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]