summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Eggert <eggert@cs.ucla.edu>2026-05-22 17:19:33 -0700
committerPaul Eggert <eggert@cs.ucla.edu>2026-05-23 19:18:53 -0700
commit4e5103a980765633a72a90b9f616bcc055306aa0 (patch)
tree0647822b4eacb1f16a5c4d8bf3f97c22672e9869
parentd12e8a94f7042a8490f3e2e40726390d3b735f58 (diff)
Document PTRDIFF_MAX <= SIZE_MAX assumption
* src/alloc.c: New static_assert.
-rw-r--r--src/alloc.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/alloc.c b/src/alloc.c
index 1f4e5434e74..d6f11d06766 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -638,6 +638,14 @@ static_assert (LISP_ALIGNMENT % GCALIGNMENT == 0);
enum { MALLOC_IS_LISP_ALIGNED = alignof (max_align_t) % LISP_ALIGNMENT == 0 };
static_assert (MALLOC_IS_LISP_ALIGNED);
+/* Most of Emacs does not assume PTRDIFF_MAX <= SIZE_MAX, and may use
+ expressions like min (PTRDIFF_MAX, SIZE_MAX) to port even to
+ theoretical platforms where the assumption does not hold.
+ However, some parts of Emacs pass nonnegative ptrdiff_t values to
+ allocator functions like xmalloc that expect size_t.
+ This is portable in practice; check it here to document the assumption. */
+static_assert (PTRDIFF_MAX <= SIZE_MAX);
+
#define MALLOC_PROBE(size) \
do { \
if (profiler_memory_running) \