[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
INT_ADD_WRAPV and friends considered harmful
From: |
Eli Zaretskii |
Subject: |
INT_ADD_WRAPV and friends considered harmful |
Date: |
Mon, 12 Aug 2019 17:47:17 +0300 |
Please take a look at the problem described in this bug report:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37006
The upshot is that an innocent use of INT_ADD_WRAPV, even by
experienced programmers, can quite unexpectedly produce spectacular
failures. Frankly, I was astonished to discover this failure mode,
especially as it isn't clearly documented in the comments in
intprops.h.
AFAIU, INT_ADD_WRAPV and its ilk are safety devices: they prevent code
from failing in subtle and rare situations. And safety devices cannot
themselves be unsafe, because that would contradict the raison d'ĂȘtre
of their very existence.
So I urge the Gnulib developers to please fix this deficiency, and
make these macros safe in such simple use cases.
TIA
- INT_ADD_WRAPV and friends considered harmful,
Eli Zaretskii <=