diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2026-05-22 17:19:33 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2026-05-23 19:18:53 -0700 |
| commit | 4e5103a980765633a72a90b9f616bcc055306aa0 (patch) | |
| tree | 0647822b4eacb1f16a5c4d8bf3f97c22672e9869 | |
| parent | d12e8a94f7042a8490f3e2e40726390d3b735f58 (diff) | |
Document PTRDIFF_MAX <= SIZE_MAX assumption
* src/alloc.c: New static_assert.
| -rw-r--r-- | src/alloc.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/alloc.c b/src/alloc.c index 1f4e5434e74..d6f11d06766 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -638,6 +638,14 @@ static_assert (LISP_ALIGNMENT % GCALIGNMENT == 0); enum { MALLOC_IS_LISP_ALIGNED = alignof (max_align_t) % LISP_ALIGNMENT == 0 }; static_assert (MALLOC_IS_LISP_ALIGNED); +/* Most of Emacs does not assume PTRDIFF_MAX <= SIZE_MAX, and may use + expressions like min (PTRDIFF_MAX, SIZE_MAX) to port even to + theoretical platforms where the assumption does not hold. + However, some parts of Emacs pass nonnegative ptrdiff_t values to + allocator functions like xmalloc that expect size_t. + This is portable in practice; check it here to document the assumption. */ +static_assert (PTRDIFF_MAX <= SIZE_MAX); + #define MALLOC_PROBE(size) \ do { \ if (profiler_memory_running) \ |