[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] addition: xsize.h
From: |
Bruno Haible |
Subject: |
Re: [Bug-gnulib] addition: xsize.h |
Date: |
Mon, 17 Nov 2003 15:39:34 +0100 |
User-agent: |
KMail/1.5 |
While applying xsize.h to vasnprintf.c and printf-parse.c, I found a
maximum function comfortable. I thus did this change.
2003-11-16 Bruno Haible <address@hidden>
* xsize.h (xmax): New function.
(xsum, xsum3, xsum4): Declare as "pure" functions.
diff -r -c3 --exclude='*.po*' --exclude='*.info*' --exclude='*.html'
--exclude=Makefile.in --exclude=aclocal.m4 --exclude=configure
--exclude=po-gram-gen.c --exclude=po-gram-gen.h --exclude=po-hash-gen.c
--exclude=po-hash-gen.h --exclude='*.o' --exclude='*.lo'
gettext-5/gettext-tools/lib/xsize.h gettext-6/gettext-tools/lib/xsize.h
*** gettext-5/gettext-tools/lib/xsize.h Tue Nov 11 12:43:59 2003
--- gettext-6/gettext-tools/lib/xsize.h Mon Nov 17 00:33:20 2003
***************
*** 37,47 ****
To avoid this, the functions and macros in this file check for overflow.
The convention is that SIZE_MAX represents overflow.
malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
! implementation that uses mmap --, it's recommended to use SIZE_OVERFLOW_P
! before invoking malloc().
The example thus becomes:
size_t size = xsum (header_size, xtimes (n, element_size));
! void *p = (!SIZE_OVERFLOW_P (size) ? malloc (size) : NULL);
*/
/* Convert an arbitrary value >= 0 to type size_t. */
--- 37,47 ----
To avoid this, the functions and macros in this file check for overflow.
The convention is that SIZE_MAX represents overflow.
malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
! implementation that uses mmap --, it's recommended to use size_overflow_p()
! or size_in_bounds_p() before invoking malloc().
The example thus becomes:
size_t size = xsum (header_size, xtimes (n, element_size));
! void *p = (size_in_bounds_p (size) ? malloc (size) : NULL);
*/
/* Convert an arbitrary value >= 0 to type size_t. */
***************
*** 50,55 ****
--- 50,58 ----
/* Sum of two sizes, with overflow check. */
static inline size_t
+ #if __GNUC__ >= 3
+ __attribute__ ((__pure__))
+ #endif
xsum (size_t size1, size_t size2)
{
size_t sum = size1 + size2;
***************
*** 58,63 ****
--- 61,69 ----
/* Sum of three sizes, with overflow check. */
static inline size_t
+ #if __GNUC__ >= 3
+ __attribute__ ((__pure__))
+ #endif
xsum3 (size_t size1, size_t size2, size_t size3)
{
return xsum (xsum (size1, size2), size3);
***************
*** 65,75 ****
--- 71,96 ----
/* Sum of four sizes, with overflow check. */
static inline size_t
+ #if __GNUC__ >= 3
+ __attribute__ ((__pure__))
+ #endif
xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
{
return xsum (xsum (xsum (size1, size2), size3), size4);
}
+ /* Maximum of two sizes, with overflow check. */
+ static inline size_t
+ #if __GNUC__ >= 3
+ __attribute__ ((__pure__))
+ #endif
+ xmax (size_t size1, size_t size2)
+ {
+ /* No explicit check is needed here, because for any n:
+ max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */
+ return (size1 >= size2 ? size1 : size2);
+ }
+
/* Multiplication of a count with an element size, with overflow check.
The count must be >= 0 and the element size must be > 0.
This is a macro, not an inline function, so that it works correctly even