From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
To: Sasha Levin <sasha.levin@oracle.com>
Cc: mingo@kernel.org, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code
Date: Mon, 20 Jul 2015 22:13:45 +0200 [thread overview]
Message-ID: <87k2tuoadi.fsf@rasmusvillemoes.dk> (raw)
In-Reply-To: <55AC6F46.80606@oracle.com> (Sasha Levin's message of "Sun, 19 Jul 2015 23:47:18 -0400")
On Mon, Jul 20 2015, Sasha Levin <sasha.levin@oracle.com> wrote:
> On 07/19/2015 07:17 PM, Rasmus Villemoes wrote:
>> Last year, Sasha Levin suggested adding wrappers for the
>> __builtin_*_overflow functions introduced with gcc 5.1 (based on
>> similar, but type-specific, functions in clang). This is another
>> attempt at providing such wrappers and fallback code for older compilers.
>
> What's the difference between this version and the one Linus essentially
> rejected?
Assuming you're referring to
http://thread.gmane.org/gmane.linux.kernel/1838832 (the latest I could
find, and the one Linus "[didn't] like"):
I've tried to ensure that the fallback code has the same semantics as
the gcc builtins [1] (in particular, to handle all kinds of overflow) -
I think it would be rather dangerous if the types of overflow detected
depended on the gcc version.
The fallback code in the version referred to above had a number of
problems:
* relies on UB for signed types
* both false positives and false negatives (because it more or less
implicitly assumed that all values are positive)
* even for unsigned types, plain a+b<a is broken for types narrower than
int
It's also inconvenient for the user to have to pass the appropriate
type_max value to the mul_overflow checker.
Rasmus
[1] though with the extra requirement of all three arguments having the
same type.
next prev parent reply other threads:[~2015-07-20 20:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-19 23:17 [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code Rasmus Villemoes
2015-07-19 23:17 ` [RFC 2/3] lib: add runtime test of check_*_overflow functions Rasmus Villemoes
2015-07-19 23:17 ` [RFC 3/3] slab.h: use check_mul_overflow in kmalloc_array Rasmus Villemoes
2015-07-19 23:17 ` Rasmus Villemoes
2015-07-20 3:47 ` [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code Sasha Levin
2015-07-20 20:13 ` Rasmus Villemoes [this message]
2015-07-21 7:26 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k2tuoadi.fsf@rasmusvillemoes.dk \
--to=linux@rasmusvillemoes.dk \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=sasha.levin@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.