Re: [PATCH] Fix incorrect int->float conversions caught by clang -Wimplicit-int-float-conversion

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: Fangrui Song <i@maskray.me>
Cc: Juan Quintela <quintela@redhat.com>,
	qemu-devel@nongnu.org,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PATCH] Fix incorrect int->float conversions caught by clang -Wimplicit-int-float-conversion
Date: Tue, 19 Nov 2019 16:14:11 +0100	[thread overview]
Message-ID: <87tv6z7vb0.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20191116010731.3jdxozzfpsqsrcc4@google.com> (Fangrui Song's message of "Fri, 15 Nov 2019 17:07:31 -0800")

Fangrui Song <i@maskray.me> writes:

> The warning will be enabled by default in clang 10. It is not available for clang <= 9.
>
> qemu/migration/migration.c:2038:24: error: implicit conversion from 'long' to 'double' changes value from 9223372036854775807 to 9223372036854775808 [-Werror,-Wimplicit-int-float-conversion]
> ...
> qemu/util/cutils.c:245:23: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709550592 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
>
> Signed-off-by: Fangrui Song <i@maskray.me>
> ---
>   migration/migration.c | 4 ++--
>   util/cutils.c         | 4 ++--
>   2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/migration/migration.c b/migration/migration.c
> index 354ad072fa..ac3ea2934a 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -53,6 +53,7 @@
>   #include "monitor/monitor.h"
>   #include "net/announce.h"
>   #include "qemu/queue.h"
> +#include <math.h>
>   
>   #define MAX_THROTTLE  (32 << 20)      /* Migration transfer speed throttling */
>   
> @@ -2035,11 +2036,10 @@ void qmp_migrate_set_downtime(double value, Error **errp)
        if (value < 0 || value > MAX_MIGRATE_DOWNTIME_SECONDS) {
            error_setg(errp, "Parameter 'downtime_limit' expects an integer in "
                             "the range of 0 to %d seconds",
                             MAX_MIGRATE_DOWNTIME_SECONDS);
            return;
>       }

@value is now in [0,2000].

>   
>       value *= 1000; /* Convert to milliseconds */

@value is in [0,2000000]

> -    value = MAX(0, MIN(INT64_MAX, value));

This does nothing.

>   
>       MigrateSetParameters p = {
>           .has_downtime_limit = true,
> -        .downtime_limit = value,
> +        .downtime_limit = (int64_t)fmin(value, nextafter(0x1p63, 0)),

This does nothing and is hard to read :)

Can we simply drop the offending line statement instead?

>       };
>   
>       qmp_migrate_set_parameters(&p, errp);
> diff --git a/util/cutils.c b/util/cutils.c
> index fd591cadf0..2b4484c015 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
> @@ -239,10 +239,10 @@ static int do_strtosz(const char *nptr, const char **end,
>           goto out;
>       }
>       /*
> -     * Values >= 0xfffffffffffffc00 overflow uint64_t after their trip
> +     * Values > nextafter(0x1p64, 0) overflow uint64_t after their trip
>        * through double (53 bits of precision).
>        */
> -    if ((val * mul >= 0xfffffffffffffc00) || val < 0) {
> +    if ((val * mul > nextafter(0x1p64, 0)) || val < 0) {
>           retval = -ERANGE;
>           goto out;
>       }
        *result = val * mul;

I figure this one is correct and hard to read.

0xfffffffffffffc00 is not representable exactly as double.  It's
half-way between the representable values 0xfffffffffffff800 and
0x10000000000000000.  Which one we get is implementation-defined.  Bad.

nextafter(0x1p64, 0) is a clever way to write 0xfffffffffffff800, the
largest uint64_t exactly representable as double.

With your patch, val * mul in [0,0xfffffffffffff800] will be accepted.

The first val * mul above this range is 0x1p64.  Rejecting it is
correct, because it overflows yint64_t.

next prev parent reply	other threads:[~2019-11-19 15:15 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-16  1:07 [PATCH] Fix incorrect int->float conversions caught by clang -Wimplicit-int-float-conversion Fangrui Song
2019-11-19 15:14 ` Markus Armbruster [this message]
2019-11-20 11:15   ` Juan Quintela
2019-11-20 17:30     ` Fangrui Song
2019-11-21 12:18       ` Richard Henderson
2019-11-21 14:51         ` Markus Armbruster
2019-11-21 17:11           ` Fangrui Song
2019-11-19 20:49 ` Fangrui Song
2019-11-21 17:38   ` Eric Blake
2019-11-22  0:00     ` [PATCH v2] Fix incorrect integer->float " Fangrui Song
2019-11-22  8:06       ` Markus Armbruster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87tv6z7vb0.fsf@dusky.pond.sub.org \
    --to=armbru@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=i@maskray.me \
    --cc=qemu-devel@nongnu.org \
    --cc=quintela@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.