This is the mail archive of the libstdc++@gcc.gnu.org mailing list for the libstdc++ project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: _FORTIFY_SOURCE for std::vector

On 06/04/2012 09:07 PM, Marc Glisse wrote:
On Mon, 4 Jun 2012, Florian Weimer wrote: 
void
write(std::vector<float>& blob, unsigned n, float v1, float v2, float
v3, float v4)
{
blob[n] = v1;
blob[n + 1] = v2;
blob[n + 2] = v3;
blob[n + 3] = v4;
}

Would be great if it ended up testing only n and n+3.

True.

__attribute__((__noreturn__)) is not quite strong enough to allow this
optimization, it would require something like
__attribute__((__crashing__)) to let the compiler know that if the
function is called, you don't care what happens to blob. And possibly
the use of a signed n.

Interesting point, I had not realized that before. Ada has a special rule for failures of language-defined checks, and they might give enough wiggle room to leave behind a partially updated vector in such situations.

But even without that, you could clone the if sequence, that is,

  if (blob.size() - n >= 4)
    {
      blob[n] = v1;
      blob[n + 1] = v2;
      blob[n + 2] = v3;
      blob[n + 3] = v4;
    }
  else
    {
       ... // individual checks
    }

Obviously, this has quite a bit of an impact on code size.

--
Florian Weimer / Red Hat Product Security Team

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]