[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] inttostr.h: add compile-time buffer overrun checks
From: |
Bruno Haible |
Subject: |
Re: [PATCH] inttostr.h: add compile-time buffer overrun checks |
Date: |
Tue, 19 Oct 2010 00:25:13 +0200 |
User-agent: |
KMail/1.9.9 |
Hi Paul,
> My kneejerk reaction is that this is way overkill for inttostr.
Part of the macros should then be refactored into a separate file,
so that we can use them also for u16_sprintf and other functions.
> Also, I've had problems with __builtin_object_size not behaving
> as documented for GCC: it is sometimes not allowed in a constant
> expression, even though it always returns a constant.
Yes. And sizeof (variable-length-array) is also not a constant expression.
Therefore one needs to use primitives which don't require a constant
expression. That's one of the reasons for the _chk function at runtime.
The other reason is that in order to get a compile-time warning using
__attribute__ __warning__ you need a non-inline function.
> I suspect Jim's original proposal is a better way to go.
This and the other proposals violate a simple principle from compiler
design: Optimization and warnings must not result in a compile-time error
on valid input. It is OK to miss an optimization or a warning location,
but it is not OK to reject valid code. And variable-length arrays are
valid C and C++ syntax.
> I'll look into one or two possible improvements that don't involve so
> many changes to the code.
Cool. I'd like to see it. You find a test file with 6 use-cases,
test-inttostr2.c,
in <http://lists.gnu.org/archive/html/bug-gnulib/2010-10/msg00371.html>.
Bruno
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, (continued)
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Ben Pfaff, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Pádraig Brady, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Pádraig Brady, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Jim Meyering, 2010/10/18
- Re: git format-patch, Bruno Haible, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks,
Bruno Haible <=
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/19
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Jim Meyering, 2010/10/19
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/24
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Jim Meyering, 2010/10/25
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Bruno Haible, 2010/10/25
- Re: GCC and __builtin_object_size, Bruno Haible, 2010/10/25
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paolo Bonzini, 2010/10/25
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/25
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paolo Bonzini, 2010/10/25
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/25