From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756611AbbGTUNw (ORCPT <rfc822;w@1wt.eu>);
	Mon, 20 Jul 2015 16:13:52 -0400
Received: from mail-lb0-f179.google.com ([209.85.217.179]:33552 "EHLO
	mail-lb0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756549AbbGTUNu (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 20 Jul 2015 16:13:50 -0400
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
To: Sasha Levin <sasha.levin@oracle.com>
Cc: mingo@kernel.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code
Organization: D03
References: <1437347852-24921-1-git-send-email-linux@rasmusvillemoes.dk>
	<55AC6F46.80606@oracle.com>
X-Hashcash: 1:20:150720:mingo@kernel.org::7x7HClNovIPGJAKz:00eri
X-Hashcash: 1:20:150720:linux-kernel@vger.kernel.org::23UtOp0uNuBFUf69:0000000000000000000000000000000003DzP
X-Hashcash: 1:20:150720:akpm@linux-foundation.org::f9cXN8hmV5Q0WWTw:0000000000000000000000000000000000008Xb5
X-Hashcash: 1:20:150720:sasha.levin@oracle.com::ztvgeILGckXm2xOq:000000000000000000000000000000000000000ID9Q
Date: Mon, 20 Jul 2015 22:13:45 +0200
In-Reply-To: <55AC6F46.80606@oracle.com> (Sasha Levin's message of "Sun, 19
	Jul 2015 23:47:18 -0400")
Message-ID: <87k2tuoadi.fsf@rasmusvillemoes.dk>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 20 2015, Sasha Levin <sasha.levin@oracle.com> wrote:

> On 07/19/2015 07:17 PM, Rasmus Villemoes wrote:
>> Last year, Sasha Levin suggested adding wrappers for the
>> __builtin_*_overflow functions introduced with gcc 5.1 (based on
>> similar, but type-specific, functions in clang). This is another
>> attempt at providing such wrappers and fallback code for older compilers.
>
> What's the difference between this version and the one Linus essentially
> rejected?

Assuming you're referring to
http://thread.gmane.org/gmane.linux.kernel/1838832 (the latest I could
find, and the one Linus "[didn't] like"):

I've tried to ensure that the fallback code has the same semantics as
the gcc builtins [1] (in particular, to handle all kinds of overflow) -
I think it would be rather dangerous if the types of overflow detected
depended on the gcc version.

The fallback code in the version referred to above had a number of
problems:

* relies on UB for signed types

* both false positives and false negatives (because it more or less
  implicitly assumed that all values are positive)

* even for unsigned types, plain a+b<a is broken for types narrower than
  int

It's also inconvenient for the user to have to pass the appropriate
type_max value to the mul_overflow checker. 

Rasmus

[1] though with the extra requirement of all three arguments having the
same type.