This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
Re: [C++] init.c/build_new wrongly implements new-expression
Alexandre Oliva <oliva@dcc.unicamp.br> writes:
| On May 25, 1999, Gabriel Dos_Reis <Gabriel.Dos_Reis@sophia.inria.fr> wrote:
|
| > Alexandre Oliva <oliva@dcc.unicamp.br> writes:
| > | On May 25, 1999, Gabriel Dos_Reis <Gabriel.Dos_Reis@sophia.inria.fr> wrote:
| > |
| > | > Checking whether the new-expression ends up by allocating sufficient
| > | > memory is part of the semantics of new-expression.
| > |
| > | The problem is that determining how much is `sufficient' overflows ==>
| > | undefined behavior, reboot the universe.
|
| > I still fail to see how undefined behaviour follows.
|
| > Is it drawn from the language definition?
|
| Oops, scratch that, it's not undefined behavior, because size_t is
| unsigned, so it doesn't overflow, it just wraps around, and the
| results are well-defined, even if not what one would expect when
| thinking of arbitrary-precision integers.
Ah, glad to see we're speaking the same language :-)
Let's reconsider paragraph 5.3.4/10 of ISO 14882. It doesn't say that
new T[n];
should do
(T*) operator new (sizeof(T) * n);
// ...
It unambigously states that the new-expression requests memory
*no less than the size of the object being created*. It is the
implementation's responsability to ensure that the _correct_ size is
passed to the allocation function. A size-overflow checking is
required. And the implementation has enought information to decide
whether grammar school size calculation will overflow or not. We don't
need arbitrary-precision integers to do that, as I suggested in my
original message.
Here there is no point in invoking the zero-overhead --as an excuse--
since it doesn't apply.
-- Gaby