[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: obstack_free(obs, addr) not portable when addr != NULL
From: |
Paul Eggert |
Subject: |
Re: obstack_free(obs, addr) not portable when addr != NULL |
Date: |
Thu, 12 Apr 2012 18:59:39 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 |
On 04/12/2012 05:48 PM, Jeffrey Kegler wrote:
> 1) Document that the behavior is unportable, and under what conditions it
> can be expected to work.
> At a minimum, describe the behavior required of the memory allocator. 2.)
> Remove/replace the feature.
(1) is probably safer, given how much the feature is used.
For now, I pushed this:
>From f8fea966d67a6ba06231689e63f668bd55ee5797 Mon Sep 17 00:00:00 2001
From: Paul Eggert <address@hidden>
Date: Thu, 12 Apr 2012 18:56:54 -0700
Subject: [PATCH] README: document pointer comparison assumption
* README (Portability guidelines): Document assumption about
pointer comparisons, in response to a recent bug-gnulib comment by
Jeffrey Kegler.
---
ChangeLog | 7 +++++++
README | 22 +++++++++++++---------
2 files changed, 20 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ed9b98c..ce6d19a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-04-12 Paul Eggert <address@hidden>
+
+ README: document pointer comparison assumption
+ * README (Portability guidelines): Document assumption about
+ pointer comparisons, in response to a recent bug-gnulib comment by
+ Jeffrey Kegler.
+
2012-04-12 Bruno Haible <address@hidden>
Tests for module 'getrusage'.
diff --git a/README b/README
index 672964f..4bf10dd 100644
--- a/README
+++ b/README
@@ -258,15 +258,19 @@ as well. Gnulib code makes the following additional
assumptions:
* There are no "holes" in integer values: all the bits of an integer
contribute to its value in the usual way.
- * If two nonoverlapping objects have sizes S and T represented as
- size_t values, then S + T cannot overflow. This assumption is true
- for all practical hosts with flat address spaces, but it is not
- always true for hosts with segmented address spaces.
-
- * If an existing object has size S, and if T is sufficiently small
- (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case
- would mean that the rest of your program fits into T bytes, which
- can't happen in realistic flat-address-space hosts.
+ * Addresses and sizes behave as if objects reside in a flat address space.
+ In particular:
+
+ - If two nonoverlapping objects have sizes S and T represented as
+ size_t values, then S + T cannot overflow.
+
+ - A pointer P points within an object O if and only if
+ (char *) &O <= (char *) P && (char *) P < (char *) (&O + 1).
+
+ - If an existing object has size S, and if T is sufficiently small
+ (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case
+ would mean that the rest of your program fits into T bytes, which
+ can't happen in realistic flat-address-space hosts.
* Objects with all bits zero are treated as 0 or NULL. For example,
memset (A, 0, sizeof A) initializes an array A of pointers to NULL.
--
1.7.6.5