From: Ingo Molnar <mingo@kernel.org>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Sasha Levin <sasha.levin@oracle.com>,
akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code
Date: Tue, 21 Jul 2015 09:26:09 +0200 [thread overview]
Message-ID: <20150721072608.GA16176@gmail.com> (raw)
In-Reply-To: <87k2tuoadi.fsf@rasmusvillemoes.dk>
Linus Cc:-ed so he can chime in if he wants to.
Thanks,
Ingo
* Rasmus Villemoes <linux@rasmusvillemoes.dk> wrote:
> On Mon, Jul 20 2015, Sasha Levin <sasha.levin@oracle.com> wrote:
>
> > On 07/19/2015 07:17 PM, Rasmus Villemoes wrote:
> >> Last year, Sasha Levin suggested adding wrappers for the
> >> __builtin_*_overflow functions introduced with gcc 5.1 (based on
> >> similar, but type-specific, functions in clang). This is another
> >> attempt at providing such wrappers and fallback code for older compilers.
> >
> > What's the difference between this version and the one Linus essentially
> > rejected?
>
> Assuming you're referring to
> http://thread.gmane.org/gmane.linux.kernel/1838832 (the latest I could
> find, and the one Linus "[didn't] like"):
>
> I've tried to ensure that the fallback code has the same semantics as
> the gcc builtins [1] (in particular, to handle all kinds of overflow) -
> I think it would be rather dangerous if the types of overflow detected
> depended on the gcc version.
>
> The fallback code in the version referred to above had a number of
> problems:
>
> * relies on UB for signed types
>
> * both false positives and false negatives (because it more or less
> implicitly assumed that all values are positive)
>
> * even for unsigned types, plain a+b<a is broken for types narrower than
> int
>
> It's also inconvenient for the user to have to pass the appropriate
> type_max value to the mul_overflow checker.
>
> Rasmus
>
> [1] though with the extra requirement of all three arguments having the
> same type.
prev parent reply other threads:[~2015-07-21 7:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-19 23:17 [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code Rasmus Villemoes
2015-07-19 23:17 ` [RFC 2/3] lib: add runtime test of check_*_overflow functions Rasmus Villemoes
2015-07-19 23:17 ` [RFC 3/3] slab.h: use check_mul_overflow in kmalloc_array Rasmus Villemoes
2015-07-19 23:17 ` Rasmus Villemoes
2015-07-20 3:47 ` [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code Sasha Levin
2015-07-20 20:13 ` Rasmus Villemoes
2015-07-21 7:26 ` Ingo Molnar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150721072608.GA16176@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=sasha.levin@oracle.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.