On 06/04/2012 09:07 PM, Marc Glisse wrote:
On Mon, 4 Jun 2012, Florian Weimer wrote:
void
write(std::vector<float>& blob, unsigned n, float v1, float v2, float
v3, float v4)
{
blob[n] = v1;
blob[n + 1] = v2;
blob[n + 2] = v3;
blob[n + 3] = v4;
}
Would be great if it ended up testing only n and n+3.
True.
__attribute__((__noreturn__)) is not quite strong enough to allow this
optimization, it would require something like
__attribute__((__crashing__)) to let the compiler know that if the
function is called, you don't care what happens to blob. And possibly
the use of a signed n.
Interesting point, I had not realized that before. Ada has a special
rule for failures of language-defined checks, and they might give enough
wiggle room to leave behind a partially updated vector in such situations.
But even without that, you could clone the if sequence, that is,
if (blob.size() - n >= 4)
{
blob[n] = v1;
blob[n + 1] = v2;
blob[n + 2] = v3;
blob[n + 3] = v4;
}
else
{
... // individual checks
}
Obviously, this has quite a bit of an impact on code size.
--
Florian Weimer / Red Hat Product Security Team
