[PATCH 00/17] Improved overflow checking for memory allocations
Alan Coopersmith
alan.coopersmith at oracle.com
Tue Mar 31 20:46:46 PDT 2015
On 03/31/15 08:23 PM, Matt Turner wrote:
> I suspect you did most of this with Coccinelle,
That would have been smart, one of these days I should install Coccinelle
and learn to use it. Fortunately, this wasn't an overwhelming number to
change by hand.
> but I definitely
> noticed an attention to detail that shows that some of this must have
> been manual. E.g., transforming malloc(3 * size * sizeof(CARD16)) into
>
> | xallocarray(length, 3 * sizeof(CARD16))
>
> instead of
>
> | xallocarray(3 * length, sizeof(CARD16))
>
> so that the 3 * sizeof(CARD16) can be evaluated at compile time.
Yes, and because I can guarantee that 3 * sizeof(CARD16) will never overflow,
while I can't say the same for 3 * length.
> Nice of you to get rid of some useless casts as well.
That's just ingrained habit at this point (though I tried to avoid breaking
Xvnc again by changing any in the headers - I should do a build to check that
though).
> It's minorly unfortunate that a lot of these multiplies (that are by
> powers of two) can no longer be turned into shifts, but I guess that's
> the price of some additional safety.
Since this math leads immediately into the memory allocator, I doubt anyone
will ever measure the performance change of one additional multiply in this
code path compared to the far larger number of instructions used in memory
allocation.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list