From: Paul Eggert <eggert@cs.ucla.edu>
To: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: 8545@debbugs.gnu.org
Subject: bug#8545: issues with recent doprnt-related changes
Date: Tue, 26 Apr 2011 13:25:21 -0700 [thread overview]
Message-ID: <4DB72A31.8040203@cs.ucla.edu> (raw)
In-Reply-To: <jwvhb9m1mmh.fsf-monnier+emacs@gnu.org>
On 04/25/11 06:37, Stefan Monnier wrote:
>> AFAIU, the
>> > preference to use signed is for those values that come from Lisp or go
>> > back to the Lisp level, which is not the case here.
> Mixing the two is what I find problematic, so if it's size_t all the
> way, that's OK.
Sorry, but I don't see the general principle. Earlier, it was
thought that emacs_write should return a signed value, because there's
code like (emacs_write (...) != n) in fileio.c, where 'n' is
signed, and signed-versus-unsigned comparison is problematic.
I can certainly understand this point of view.
With doprnt returning size_t, though, we still have this problem.
In eval.c's verror we see this:
size_t size_max =
min (MOST_POSITIVE_FIXNUM, min (INT_MAX, SIZE_MAX - 1)) + 1;
size_t used = ..., size = ...;
...
while (1)
{
...
if (used < size - 1)
break;
if (size <= size_max / 2)
size *= 2;
else if (size < size_max)
size = size_max;
else
break; /* and leave the message truncated */
...
}
Here, the code is carefully comparing a signed value
MOST_POSITIVE_FIXNUM to a possibly-different-width
unsigned value SIZE_MAX - 1, storing the result into an
unsigned variable, and using that unsigned variable.
This comparison happens to be safe, but one has to stare
at it a bit to make sure that the
unsigned-versus-signed comparison isn't bogus. Why is
this unsigned-versus-signed comparison OK, but the one
with emacs_write problematic?
I'm not saying this to be difficult: I'm just trying to
understand the general principle here.
I thought the point of preferring signed was so that we
didn't have to worry about stuff like the above. Also I assumed
the idea is that one should be able to compile GCC with -ftrapv
and catch overflow errors. But if the above code is OK as-is,
then clearly I'm misunderstanding the overall goal here.
next prev parent reply other threads:[~2011-04-26 20:25 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-25 5:46 bug#8545: issues with recent doprnt-related changes Paul Eggert
2011-04-25 9:00 ` Eli Zaretskii
2011-04-25 13:37 ` Stefan Monnier
2011-04-26 20:25 ` Paul Eggert [this message]
2011-04-27 1:14 ` Stefan Monnier
2011-04-26 6:02 ` Paul Eggert
2011-04-27 19:34 ` Eli Zaretskii
2011-04-27 23:51 ` Paul Eggert
2011-04-28 1:32 ` Juanma Barranquero
2011-04-28 3:11 ` Paul Eggert
2011-04-28 3:42 ` Juanma Barranquero
2011-04-28 5:06 ` Paul Eggert
2011-04-28 5:15 ` Eli Zaretskii
2011-04-28 5:29 ` Paul Eggert
2011-04-28 6:10 ` Eli Zaretskii
2011-04-28 6:42 ` Paul Eggert
2011-04-28 7:26 ` Eli Zaretskii
2011-04-28 7:54 ` Paul Eggert
2011-04-28 11:14 ` Eli Zaretskii
2011-04-29 12:28 ` Richard Stallman
2011-04-29 19:56 ` Eli Zaretskii
2011-04-29 23:49 ` Paul Eggert
2011-04-30 21:03 ` Richard Stallman
2011-05-01 5:41 ` Paul Eggert
2011-05-01 23:59 ` Richard Stallman
2011-05-02 0:23 ` Paul Eggert
[not found] ` <E1QH37h-0001yM-HR@fencepost.gnu.org>
2011-05-03 20:24 ` Paul Eggert
2011-05-01 4:25 ` Jason Rumney
2011-05-01 5:56 ` Paul Eggert
2011-05-01 8:12 ` Jason Rumney
2011-05-01 11:02 ` Andreas Schwab
2011-04-28 5:02 ` Eli Zaretskii
2011-04-28 5:50 ` Eli Zaretskii
[not found] ` <4DB9146D.2040702@cs.ucla.edu>
[not found] ` <E1QFQVO-0004Dq-6o@fencepost.gnu.org>
[not found] ` <4DB9E5FF.9020506@cs.ucla.edu>
2011-04-29 11:16 ` Eli Zaretskii
2011-04-29 14:41 ` Paul Eggert
2011-04-29 19:35 ` Eli Zaretskii
2011-04-29 20:32 ` Paul Eggert
2011-04-30 8:59 ` Eli Zaretskii
2011-05-04 7:28 ` Paul Eggert
2011-05-04 9:52 ` Eli Zaretskii
2011-05-04 14:56 ` Paul Eggert
2011-05-05 20:36 ` Eli Zaretskii
2011-05-06 13:33 ` Stefan Monnier
2011-05-06 14:41 ` bug#8545: " Paul Eggert
2011-05-06 14:41 ` Paul Eggert
2011-05-06 15:03 ` Eli Zaretskii
2011-05-06 17:13 ` bug#8545: " Stefan Monnier
2011-05-06 17:13 ` Stefan Monnier
2011-05-06 19:57 ` bug#8545: " Eli Zaretskii
2011-05-06 19:57 ` Eli Zaretskii
2011-05-07 3:18 ` bug#8545: " Stefan Monnier
2011-05-07 3:18 ` Stefan Monnier
2011-05-07 7:55 ` Eli Zaretskii
2011-05-07 7:55 ` bug#8545: " Eli Zaretskii
2011-05-06 15:03 ` Eli Zaretskii
2011-05-06 13:33 ` Stefan Monnier
2011-05-05 20:36 ` Eli Zaretskii
2011-05-04 14:56 ` Paul Eggert
-- strict thread matches above, loose matches on Subject: below --
2011-05-01 18:19 bug#8601: * 2 -> * 4 typo fix in detect_coding_charset Paul Eggert
2011-05-01 19:06 ` Andreas Schwab
2011-05-01 19:25 ` Paul Eggert
2011-05-06 7:29 ` bug#8601: Merged fixes for 8600, 8601, 8602, and (partially) for 8545 Paul Eggert
2020-09-14 12:37 ` bug#8545: " Lars Ingebrigtsen
2020-09-14 18:41 ` Eli Zaretskii
2020-09-16 2:01 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DB72A31.8040203@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=8545@debbugs.gnu.org \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.