Date: Wed, 24 Jan 2018 09:37:59 -0800 From: Conrad Meyer <cem@freebsd.org> To: Pedro Giffuni <pfg@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328218 - in head/sys: amd64/amd64 arm/xscale/ixp425 arm64/arm64 cam cam/ctl compat/ndis dev/aacraid dev/advansys dev/ath dev/beri/virtio dev/bnxt dev/bwn dev/ciss dev/cxgbe/crypto dev/... Message-ID: <CAG6CVpVaKvc6w81UjGNV-t_vpkzuLMkZCe-SR10HAWEmBD21AA@mail.gmail.com> In-Reply-To: <51ff8aef-5660-7857-e4d5-12cdc77bc071@FreeBSD.org> References: <201801211542.w0LFgbsp005980@repo.freebsd.org> <CAG6CVpXxuFyHS11rF=NF6bSSkC2=xnDh=WnbK-aWp4sOomrZ7w@mail.gmail.com> <51ff8aef-5660-7857-e4d5-12cdc77bc071@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2018 at 11:40 AM, Pedro Giffuni <pfg@freebsd.org> wrote: > On 23/01/2018 14:08, Conrad Meyer wrote: >> On Sun, Jan 21, 2018 at 7:42 AM, Pedro F. Giffuni <pfg@freebsd.org> wrote: >>> >>> Author: pfg >>> Date: Sun Jan 21 15:42:36 2018 >>> New Revision: 328218 >> >> I'm confused about this change. Wouldn't it be better to remove the >> annotation/attributes from mallocarray() than to remove the protection >> against overflow? > > > Not in my opinion: it would be better to detect such overflows at compile > time (or through a static analyzer) than to have late notification though > panics. Sure, it would be better, but some situations are only detected at runtime -- hence mallocarray. And occasional use of the annotations on systems with plenty of RAM would keep the source tree free of compiler-detectable overflows, which I suspect are incredibly uncommon. > The blind use of mallocarray(9) is probably a mistake also: we > shouldn't use it unless there is some real risk of overflow. I'm not sure I follow that. >> (If the compiler is fixed in the future to not use >> excessive memory with these attributes, they can be conditionalized on >> compiler version, of course.) > > All in all, the compiler is not provably wrong: it's just using more swap > space, which is rather inconvenient for small platforms but not necessarily > wrong. Seems wrong if it's a noticeable amount. Maybe we could flip the annotations on or off with a low-ram build knob or something like that. Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpVaKvc6w81UjGNV-t_vpkzuLMkZCe-SR10HAWEmBD21AA>