From: Paul Eggert Date: Fri, 13 Apr 2012 01:56:54 +0000 (-0700) Subject: README: document pointer comparison assumption X-Git-Tag: v0.1~747 X-Git-Url: http://erislabs.org.uk/gitweb/?a=commitdiff_plain;h=f8fea966d67a6ba06231689e63f668bd55ee5797;p=gnulib.git README: document pointer comparison assumption * README (Portability guidelines): Document assumption about pointer comparisons, in response to a recent bug-gnulib comment by Jeffrey Kegler. --- diff --git a/ChangeLog b/ChangeLog index ed9b98c7d..ce6d19a5e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2012-04-12 Paul Eggert + + README: document pointer comparison assumption + * README (Portability guidelines): Document assumption about + pointer comparisons, in response to a recent bug-gnulib comment by + Jeffrey Kegler. + 2012-04-12 Bruno Haible Tests for module 'getrusage'. diff --git a/README b/README index 672964fd5..4bf10ddbf 100644 --- a/README +++ b/README @@ -258,15 +258,19 @@ as well. Gnulib code makes the following additional assumptions: * There are no "holes" in integer values: all the bits of an integer contribute to its value in the usual way. - * If two nonoverlapping objects have sizes S and T represented as - size_t values, then S + T cannot overflow. This assumption is true - for all practical hosts with flat address spaces, but it is not - always true for hosts with segmented address spaces. - - * If an existing object has size S, and if T is sufficiently small - (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case - would mean that the rest of your program fits into T bytes, which - can't happen in realistic flat-address-space hosts. + * Addresses and sizes behave as if objects reside in a flat address space. + In particular: + + - If two nonoverlapping objects have sizes S and T represented as + size_t values, then S + T cannot overflow. + + - A pointer P points within an object O if and only if + (char *) &O <= (char *) P && (char *) P < (char *) (&O + 1). + + - If an existing object has size S, and if T is sufficiently small + (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case + would mean that the rest of your program fits into T bytes, which + can't happen in realistic flat-address-space hosts. * Objects with all bits zero are treated as 0 or NULL. For example, memset (A, 0, sizeof A) initializes an array A of pointers to NULL.