Re: [PATCH bpf-next v3 1/4] bpf: representation and basic operations on circular numbers

public inbox for bpf@vger.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Eduard Zingerman" <eddyz87@gmail.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 1/4] bpf: representation and basic operations on circular numbers
Date: Fri, 24 Apr 2026 23:15:33 +0000	[thread overview]
Message-ID: <20260424231534.84394C19425@smtp.kernel.org> (raw)
In-Reply-To: <20260424-cnums-everywhere-rfc-v1-v3-1-ca434b39a486@gmail.com>

Sashiko AI review found 1 potential issue(s):
- [Low] The `FN(normalize)` function incorrectly skips normalizing full circular ranges if their base evaluates to `ST_MAX`.
--

commit addd9a35120cb1e8b327011ef0f97fa736918a87
Author: Eduard Zingerman <eddyz87@gmail.com>

bpf: representation and basic operations on circular numbers

This commit adds basic definitions for cnum32/cnum64, providing a unified
numeric range representation for signed and unsigned domains. The operations
correctness is verified using a cbmc model checker.

Link: https://lore.kernel.org/all/ZTZxoDJJbX9mrQ9w@u94a/
Link: https://jorgenavas.github.io/papers/ACM-TOPLAS-wrapped.pdf
Link: https://github.com/eddyz87/cnum-verif/tree/master

> diff --git a/kernel/bpf/cnum_defs.h b/kernel/bpf/cnum_defs.h
> new file mode 100644
> index 00000000000000..3ebd8f723dbb53
> --- /dev/null
> +++ b/kernel/bpf/cnum_defs.h

[ ... ]

> +static inline struct cnum_t FN(normalize)(struct cnum_t cnum)
> +{
> +	if (cnum.size == UT_MAX && cnum.base != 0 && cnum.base != (ut)ST_MAX)

Should this condition be checking ST_MAX? It appears that this skips
normalizing full circular ranges if their base evaluates to ST_MAX. This
can leave the range denormalized as { ST_MAX, UT_MAX } instead of
canonicalizing it to { 0, UT_MAX } (for example, when adding a constant
ST_MAX to an UNBOUNDED range).

Leaving the range denormalized breaks canonical representation guarantees
and causes fast-path equality checks to fail, leading to unnecessary
fallbacks to slower subset checks.

If the intent was to check UT_MAX to protect the EMPTY representation
({ UT_MAX, UT_MAX }), operations like add(UNBOUNDED, -1) legitimately
produce { UT_MAX, UT_MAX } representing a full circle, which must be
normalized to UNBOUNDED.

Would it make sense to remove the exception entirely so that all full
ranges are normalized safely?

> +		cnum.base = 0;
> +	return cnum;
> +}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260424-cnums-everywhere-rfc-v1-v3-0-ca434b39a486@gmail.com?part=1

next prev parent reply	other threads:[~2026-04-24 23:15 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-24 22:52 [PATCH bpf-next v3 0/4] bpf: replace min/max fields with struct cnum{32,64} Eduard Zingerman
2026-04-24 22:52 ` [PATCH bpf-next v3 1/4] bpf: representation and basic operations on circular numbers Eduard Zingerman
2026-04-24 23:15   ` sashiko-bot [this message]
2026-04-24 22:52 ` [PATCH bpf-next v3 2/4] bpf: use accessor functions for bpf_reg_state min/max fields Eduard Zingerman
2026-04-26  3:36   ` Kaitao Cheng
2026-04-24 22:52 ` [PATCH bpf-next v3 3/4] bpf: replace min/max fields with struct cnum{32,64} Eduard Zingerman
2026-04-24 22:52 ` [PATCH bpf-next v3 4/4] selftests/bpf: new cases handled by 32->64 range refinements Eduard Zingerman
2026-04-25  1:20 ` [PATCH bpf-next v3 0/4] bpf: replace min/max fields with struct cnum{32,64} patchwork-bot+netdevbpf
2026-04-25 10:05 ` Eduard Zingerman
2026-04-25 11:48   ` Eduard Zingerman
2026-04-25 15:20     ` Alexei Starovoitov
2026-04-25 17:21       ` Eduard Zingerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260424231534.84394C19425@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=eddyz87@gmail.com \
    --cc=sashiko@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox