@@ -471,14 +471,16 @@ fn ensure_struct_fits_in_address_space(ccx: &CrateContext,
471471 scapegoat : ty:: t ) {
472472 let mut offset = 0 ;
473473 for & llty in fields. iter ( ) {
474+ // Invariant: offset < ccx.max_obj_size() <= 1<<61
474475 if !packed {
475476 let type_align = machine:: llalign_of_min ( ccx, llty) ;
476477 offset = roundup ( offset, type_align) ;
477478 }
479+ // type_align is a power-of-2, so still offset < ccx.max_obj_size()
480+ // llsize_of_alloc(ccx, llty) is also less than ccx.max_obj_size()
481+ // so the sum is less than 1<<62 (and therefore can't overflow).
478482 offset += machine:: llsize_of_alloc ( ccx, llty) ;
479483
480- // We can get away with checking for overflow once per iteration,
481- // because field sizes are less than 1<<61.
482484 if offset >= ccx. max_obj_size ( ) {
483485 ccx. report_overbig_object ( scapegoat) ;
484486 }
@@ -498,7 +500,8 @@ fn ensure_enum_fits_in_address_space(ccx: &CrateContext,
498500 let discr_size = machine:: llsize_of_alloc ( ccx, ll_inttype ( ccx, discr) ) ;
499501 let ( field_size, field_align) = union_size_and_align ( fields) ;
500502
501- // This can't overflow because field_size, discr_size, field_align < 1<<61
503+ // field_align < 1<<32, discr_size <= 8, field_size < MAX_OBJ_SIZE <= 1<<61
504+ // so the sum is less than 1<<62 (and can't overflow).
502505 let total_size = roundup ( discr_size, field_align) + field_size;
503506
504507 if total_size >= ccx. max_obj_size ( ) {
0 commit comments