From: Avi Kivity <avi@cloudius-systems.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Trivial <qemu-trivial@nongnu.org>,
Patch Tracking <patches@linaro.org>,
Michael Tokarev <mjt@tls.msk.ru>,
QEMU Developers <qemu-devel@nongnu.org>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH 2/3] int128.h: Avoid undefined behaviours involving signed arithmetic
Date: Mon, 07 Apr 2014 18:22:38 +0300 [thread overview]
Message-ID: <5342C2BE.4020805@cloudius-systems.com> (raw)
In-Reply-To: <CAFEAcA-dCJ+i+g7F+hxgPr3AZjwOgrWj4X+9dXLvpj56JYQ07A@mail.gmail.com>
On 04/07/2014 06:17 PM, Peter Maydell wrote:
> On 7 April 2014 15:56, Avi Kivity <avi@cloudius-systems.com> wrote:
>> On 04/06/2014 01:18 PM, Peter Maydell wrote:
>>> The alternative would be to say that Int128 should have
>>> undefined behaviour on underflow/overflow and the test
>>> code is wrong, but that doesn't seem very useful to me.
>> Isn't the test broken here? It is trying to add (or shift) -2^127 and
>> something else, and the result truly overflows.
> Well, the test code is assuming "semantics as per 2s
> complement arithmetic" and checking various corner cases.
> As I say, we could define that this is invalid and
> rewrite the test cases.
It is invalid. The test thinks that -2^127 * 2 == 0, but if a guest
could trigger it, it would probably be a security issue.
WARNING: multiple messages have this Message-ID (diff)
From: Avi Kivity <avi@cloudius-systems.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Trivial <qemu-trivial@nongnu.org>,
Patch Tracking <patches@linaro.org>,
Michael Tokarev <mjt@tls.msk.ru>,
QEMU Developers <qemu-devel@nongnu.org>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [Qemu-devel] [Qemu-trivial] [PATCH 2/3] int128.h: Avoid undefined behaviours involving signed arithmetic
Date: Mon, 07 Apr 2014 18:22:38 +0300 [thread overview]
Message-ID: <5342C2BE.4020805@cloudius-systems.com> (raw)
In-Reply-To: <CAFEAcA-dCJ+i+g7F+hxgPr3AZjwOgrWj4X+9dXLvpj56JYQ07A@mail.gmail.com>
On 04/07/2014 06:17 PM, Peter Maydell wrote:
> On 7 April 2014 15:56, Avi Kivity <avi@cloudius-systems.com> wrote:
>> On 04/06/2014 01:18 PM, Peter Maydell wrote:
>>> The alternative would be to say that Int128 should have
>>> undefined behaviour on underflow/overflow and the test
>>> code is wrong, but that doesn't seem very useful to me.
>> Isn't the test broken here? It is trying to add (or shift) -2^127 and
>> something else, and the result truly overflows.
> Well, the test code is assuming "semantics as per 2s
> complement arithmetic" and checking various corner cases.
> As I say, we could define that this is invalid and
> rewrite the test cases.
It is invalid. The test thinks that -2^127 * 2 == 0, but if a guest
could trigger it, it would probably be a security issue.
next prev parent reply other threads:[~2014-04-08 4:03 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-28 15:12 [Qemu-trivial] [PATCH 0/3] More fixes for undefined behaviour Peter Maydell
2014-03-28 15:12 ` [Qemu-devel] " Peter Maydell
2014-03-28 15:12 ` [Qemu-trivial] [PATCH 1/3] hw/ide/ahci.c: Avoid shift left into sign bit Peter Maydell
2014-03-28 15:12 ` [Qemu-devel] " Peter Maydell
2014-04-06 7:10 ` [Qemu-trivial] " Michael Tokarev
2014-04-06 7:10 ` [Qemu-devel] " Michael Tokarev
2014-03-28 15:12 ` [Qemu-trivial] [PATCH 2/3] int128.h: Avoid undefined behaviours involving signed arithmetic Peter Maydell
2014-03-28 15:12 ` [Qemu-devel] " Peter Maydell
2014-04-06 7:09 ` [Qemu-trivial] " Michael Tokarev
2014-04-06 7:09 ` [Qemu-devel] " Michael Tokarev
2014-04-06 10:18 ` Peter Maydell
2014-04-06 10:18 ` [Qemu-devel] " Peter Maydell
2014-04-06 14:13 ` Michael Tokarev
2014-04-06 14:13 ` [Qemu-devel] " Michael Tokarev
2014-04-06 14:58 ` Peter Maydell
2014-04-06 14:58 ` [Qemu-devel] " Peter Maydell
2014-04-06 15:27 ` Peter Maydell
2014-04-06 15:27 ` [Qemu-devel] " Peter Maydell
2014-04-07 14:25 ` Richard Henderson
2014-04-07 14:25 ` [Qemu-devel] " Richard Henderson
2014-04-07 14:47 ` Peter Maydell
2014-04-07 14:47 ` [Qemu-devel] " Peter Maydell
2014-04-07 15:49 ` [Qemu-trivial] [Qemu-devel] " Markus Armbruster
2014-04-07 15:49 ` [Qemu-devel] [Qemu-trivial] " Markus Armbruster
2014-04-07 14:56 ` [Qemu-trivial] [Qemu-devel] " Avi Kivity
2014-04-07 14:56 ` [Qemu-devel] [Qemu-trivial] " Avi Kivity
2014-04-07 15:17 ` [Qemu-trivial] [Qemu-devel] " Peter Maydell
2014-04-07 15:17 ` [Qemu-devel] [Qemu-trivial] " Peter Maydell
2014-04-07 15:22 ` Avi Kivity [this message]
2014-04-07 15:22 ` Avi Kivity
2014-03-28 15:12 ` [Qemu-trivial] [PATCH 3/3] xbzrle.c: Avoid undefined behaviour with " Peter Maydell
2014-03-28 15:12 ` [Qemu-devel] " Peter Maydell
2014-04-06 14:15 ` [Qemu-trivial] " Michael Tokarev
2014-04-06 14:15 ` [Qemu-devel] " Michael Tokarev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5342C2BE.4020805@cloudius-systems.com \
--to=avi@cloudius-systems.com \
--cc=mjt@tls.msk.ru \
--cc=patches@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.