Tim Peters <t...@python.org> added the comment:

I agree there's pointless code now, but don't understand why the patch replaces 
it with mysterious asserts.  For example, what's the point of this?

assert(Py_SIZE(a) <= PY_SSIZE_T_MAX / sizeof(PyObject*));
assert(Py_SIZE(b) <= PY_SSIZE_T_MAX / sizeof(PyObject*));

The invariant that needs to be maintained is that the number of elements is no 
larger than PY_SSIZE_T_MAX, so the _relevant_ thing to assert is:

assert(Py_SIZE(a) + Py_SIZE(b) <= PY_SSIZE_T_MAX);

That in turn cries out for an explanation of why it must be true.  The asserts 
actually in the patch are part of that explanation, but on their own appear to 
be coming from Mars.  They're missing the conclusion, and rely on further 
unstated subtleties.

Suggest adding a comment where the structs are defined, like:

"""
Note:  Python's memory allocators return at most PY_SSIZE_T_MAX bytes.  
Therefore a vector of PyObject* can contain no more than PY_SSIZE_T_MAX / 
sizeof(PyObject*) elements.  In particular, a PyObject* consumes at least 2 
bytes, so a vector can contain no more than PY_SSIZE_T_MAX / 2 elements.  Code 
freely relies on that.

#if SIZEOF_VOID_P < 2
#   error "size of pointer less than 2 bytes?!"
#endif
"""

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue34397>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to