Skip to content

cstring.d: add overflow checks #4718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
WalterBright wants to merge 1 commit into from
Closed

cstring.d: add overflow checks #4718

WalterBright wants to merge 1 commit into from

Conversation

@WalterBright
Copy link
Member

@WalterBright WalterBright commented Aug 5, 2016

No description provided.

@schveiguy
Copy link
Member

schveiguy commented Aug 5, 2016

LGTM. This one is a bit more complex, so I'll let another set of eyes look before merging. The others were trivial.

I'm sure the code is fine, I'm just wondering if there's ways to avoid some of these overflow checks. The +1 check inside the case where it's on the stack, maybe could be done simpler.

@9il 9il added the overflow label Aug 5, 2016
@WalterBright
Copy link
Member Author

WalterBright commented Aug 5, 2016

The trouble with things like "in this case we don't need an overflow check because of obscure XXX" is when the code is changed, XXX may inadvertently no longer hold true, and the overflow risk returns. Most of these allocations are not on the hot path, so an extra check is not a problem. Furthermore, at some point I want to integrate the check functions into the compiler so the code cost for them will become nearly negligible.

@schveiguy
Copy link
Member

schveiguy commented Aug 5, 2016

What I mean is that things like:

bool overflow;
auto nbytes = addu(someval, 1, overflow);
if(overflow) assert(0);

Can be done like:

if(someval == someval.max) assert(0);
auto nbytes = someval + 1; // or leave existing code

I mean, it's fine the way you have it, and I would be fine merging it, but when you are looking at adding or multiplying constants, it seems there can be more efficient ways to check. You are probably right that it's not worth the trouble.

I agree that integrating into the compiler and then having access to hardware flags makes this even less invasive (checking the carry flag may be enough). Complex calculations may prove more difficult since the flags are going to be overwritten.

@MartinNowak MartinNowak mentioned this pull request Aug 8, 2016
Closed
@WalterBright
Copy link
Member Author

WalterBright commented Aug 10, 2016

@schveiguy Implemented your suggestion.

schveiguy
schveiguy reviewed Aug 10, 2016
View reviewed changes
std/internal/cstring.d
if (res_is_onstack)
{
if (newlen <= strLength)
{
Copy link
Member

@schveiguy schveiguy Aug 10, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing closing brace for this

@andralex
Copy link
Member

andralex commented Aug 10, 2016

Sorry to be Debbie Downer on this but this initiative seems a waste to me.

  • On 64 bit, allocated sizes in the overflow range are in the exabytes, which is awfully early to worry about (with the projected transfer speeds, it takes hundreds of years to only fill that memory). So this change helps almost exclusively moribund 32-bit systems.
  • The code becomes more convoluted for the sake of a dubious benefit.
  • assert(0) does not seem like a great strategy.
  • This bit of pedantry is misplaced and out of character for the language.

@andralex andralex closed this Aug 10, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@WalterBright @schveiguy @andralex @9il