| Bill Allombert on Wed, 14 Oct 2009 17:22:40 +0200 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: Static analyzer run |
On Thu, Sep 17, 2009 at 12:00:36PM +0200, Karim Belabas wrote:
> A note on this one: the old code was actually "not completely incorrect"
> since a,b are non-recursive objects of bounded size, a priori less
> than 100 times the stack space used up in a the 2 loop iterations during
> which they must survive. A simple avma = av would have been fine (and
> better).
>
> This technique of using for a very limited time an object that has just
> been reclaimed by the garbage collector is not infrequent in our code,
> and mandatorily flagged with a /* HACK */ comment. It saves a little
> time by avoiding an actual gerepile.
But it is actually unsafe: for example Fp_mul()
INLINE GEN
Fp_mul(GEN a, GEN b, GEN m)
{
pari_sp av=avma;
GEN p; /*HACK: assume modii use <=lg(p)+(lg(m)<<1) space*/
(void)new_chunk(lg(a)+lg(b)+(lg(m)<<1));
p = mulii(a,b);
avma = av; <^C> return modii(p,m);
}
Assume the user press ^C just after 'avma = av;' and before 'return
modii(p,m);'and do some computation in the breakloop before continuing. The
computation will destroy the part of the stack below avma and modii() will
fail.
Cheers,
Bill.