This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Why was the reallocarray function not added to glibc?
On 04/10/2017 03:15 AM, Szabolcs Nagy wrote:
>> http://git.savannah.gnu.org/cgit/gnulib.git/tree/lib/intprops.h
> that is not just ugly
Although the *implementation* of intprops.h is more complicated, its
*use* is cleaner.
> but looks wrong too (it's for signed mul).
No, INT_MULTIPLY_OVERFLOW (a, b) works for both signed and unsigned
multiplication. For 'unsigned long' it generates the same code as "b &&
-1/b < a".
> the idiomatic unsigned mul overflow check is
>
> if (b && -1/b < a)
> return 0;
> c = a*b;
I disagree that this is "idiomatic", as most programmers don't know this
idiom. It would need a comment. Also, the idiom assumes that
INTERNAL_SIZE_T is at least as wide as unsigned int, something nowhere
documented or checked in the code now. So the inline check should be
something like this:
/* Return 1 if a * b overflows, 0 otherwise. This works because
b is unsigned and because we assume it is at least as wide as
int. */
_Static_assert (UINT_MAX <= (INTERNAL_SIZE_T) -1,
"INTERNAL_SIZE_T must be at least as wide as
'unsigned'");
return b && -1 / b < a;
In contrast:
return INT_MULTIPLY_OVERFLOW (a, b);
is easier to maintain and will work no matter how wide INTERNAL_SIZE_T is.