[cxx-abi-dev] Run-time array checking
Mike Herrick
mjh at edg.com
Thu Sep 6 13:23:58 UTC 2012
On Sep 6, 2012, at 9:13 AM, Florian Weimer wrote:
> On 09/06/2012 02:46 PM, Mike Herrick wrote:
>
>> 3) A new routine, say __cxa_vec_new_check, that takes a signed element_count, element_size, and number of initialized elements and does all necessary checks, throwing std::bad_array_new_length if required, otherwise returning. Compilers would insert a call to the new routine before any call to __cxa_vec_new* (when the number of elements isn't known at compile time).
>
> You need two separate element counts which are multiplied by __cxa_vec_new_check with an overflow check, to cover cases like new T[n][5][3]. (The inner array lengths are constant and can be folded into a single factor by the compiler.) The cookie size could be subtracted unconditionally, so it doesn't need to be passed as an argument.
Yes, the inner array lengths also need to be taken into account (thanks for pointing that out), but those can be folded into the element_size argument (so that argument would be 5*3*sizeof(T) in this case -- and would need to be renamed since it's not really the element_size any longer).
> This approach does not work if the compiler supports heap allocation of C VLAs.
>
> Does anybody actually use the __cxa_vec_new* interfaces? I hope we'll patch libsupc++ to include checks in any case, but it would be interesting to know if it actually makes a difference.
EDG uses all of the __cxa_vec_new* interfaces.
Mike Herrick
Edison Design Group
More information about the cxx-abi-dev
mailing list