From: Andre Przywara <andre.przywara@arm.com>
To: Andrew Jones <drjones@redhat.com>
Cc: Nikos Nikoleris <nikos.nikoleris@arm.com>,
kvm@vger.kernel.org, pbonzini@redhat.com,
alexandru.elisei@arm.com, thuth@redhat.com
Subject: Re: [kvm-unit-tests PATCH v2 1/4] lib/string: Add strnlen, strrchr and strtoul
Date: Tue, 23 Mar 2021 16:11:13 +0000 [thread overview]
Message-ID: <20210323161113.3f4efe7b@slackpad.fritz.box> (raw)
In-Reply-To: <20210323134121.h4pybwqqwruhomrr@kamzik.brq.redhat.com>
On Tue, 23 Mar 2021 14:41:21 +0100
Andrew Jones <drjones@redhat.com> wrote:
Hi,
> On Tue, Mar 23, 2021 at 01:00:01PM +0000, Andre Przywara wrote:
> > On Tue, 23 Mar 2021 13:14:15 +0100
> > Andrew Jones <drjones@redhat.com> wrote:
> >
> > Hi,
> >
> > > On Mon, Mar 22, 2021 at 09:35:23AM +0100, Andrew Jones wrote:
> > > > @@ -208,23 +209,46 @@ unsigned long int strtoul(const char *nptr, char **endptr, int base)
> > > > c = *s - 'A' + 10;
> > > > else
> > > > break;
> > > > - acc = acc * base + c;
> > > > +
> > > > + if (is_signed) {
> > > > + long __acc = (long)acc;
> > > > + overflow = __builtin_smull_overflow(__acc, base, &__acc);
> > > > + assert(!overflow);
> > > > + overflow = __builtin_saddl_overflow(__acc, c, &__acc);
> > > > + assert(!overflow);
> > > > + acc = (unsigned long)__acc;
> > > > + } else {
> > > > + overflow = __builtin_umull_overflow(acc, base, &acc);
> > > > + assert(!overflow);
> > > > + overflow = __builtin_uaddl_overflow(acc, c, &acc);
> > > > + assert(!overflow);
> > > > + }
> > > > +
> > >
> > > Unfortunately my use of these builtins isn't loved by older compilers,
> > > like the one used by the build-centos7 pipeline in our gitlab CI. I
> > > could wrap them in an #if GCC_VERSION >= 50100 and just have the old
> > > 'acc = acc * base + c' as the fallback, but that's not pretty and
> > > would also mean that clang would use the fallback too. Maybe we can
> > > try and make our compiler.h more fancy in order to provide a
> > > COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW define like linux does for
> > > both gcc and clang. Or, we could just forgot the overflow checking.
> >
> > In line with my email from yesterday:
> > Before we go down the path of all evil (premature optimisation!), can't
> > we just copy
> > https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/klibc/strntoumax.c
> > and have a tested version that works everywhere? This is BSD/GPL dual
> > licensed, IIUC.
> > I don't really see the reason to performance optimise strtol in the
> > context of kvm-unit-tests.
> >
>
> Using the builtin isn't to optimize, it's to simplify. Checking for
> overflow on multiplication is ugly business. As I said yesterday,
> klibc doesn't do any error checking.
Argh, sorry, I missed your reply yesterday in a bunch of other emails!
> We could choose to go that
> way too, but I'd prefer we give a best effort to making the test
> framework robust.
I agree, klibc was just some example, I didn't look too closely into
it. If it lacks, we should indeed not use it.
I just felt we are going through all the special cases of those
functions again, when people elsewhere checked all of them already. I
had some unpleasant experience with implementing a seemingly simple
memcpy() last year, with some surprising corner cases, so grew a bit
wary about re-implementing standard stuff and hoping it's all good.
Cheers,
Andre
> I quick pulled together the diff below. This gives us the overflow
> checking when not using old compilers, but just falls back to the
> simple math otherwise. Unless people have strong opinions about
> that, then I'm inclined to go with it.
>
> Thanks,
> drew
>
>
> diff --git a/lib/linux/compiler.h b/lib/linux/compiler.h
> index 2d72f18c36e5..311da9807932 100644
> --- a/lib/linux/compiler.h
> +++ b/lib/linux/compiler.h
> @@ -8,6 +8,20 @@
>
> #ifndef __ASSEMBLY__
>
> +#define GCC_VERSION (__GNUC__ * 10000 \
> + + __GNUC_MINOR__ * 100 \
> + + __GNUC_PATCHLEVEL__)
> +
> +#ifdef __clang__
> +#if __has_builtin(__builtin_mul_overflow) && \
> + __has_builtin(__builtin_add_overflow) && \
> + __has_builtin(__builtin_sub_overflow)
> +#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
> +#endif
> +#elif GCC_VERSION >= 50100
> +#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
> +#endif
> +
> #include <stdint.h>
>
> #define barrier() asm volatile("" : : : "memory")
> diff --git a/lib/string.c b/lib/string.c
> index b684271bb18f..e323908fe24e 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -7,6 +7,7 @@
>
> #include "libcflat.h"
> #include "stdlib.h"
> +#include "linux/compiler.h"
>
> size_t strlen(const char *buf)
> {
> @@ -171,7 +172,6 @@ static unsigned long __strtol(const char *nptr, char **endptr,
> int base, bool is_signed) {
> unsigned long acc = 0;
> const char *s = nptr;
> - bool overflow;
> int neg, c;
>
> assert(base == 0 || (base >= 2 && base <= 36));
> @@ -210,19 +210,23 @@ static unsigned long __strtol(const char *nptr, char **endptr,
> else
> break;
>
> +#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW
> if (is_signed) {
> long __acc = (long)acc;
> - overflow = __builtin_smull_overflow(__acc, base, &__acc);
> + bool overflow = __builtin_smull_overflow(__acc, base, &__acc);
> assert(!overflow);
> overflow = __builtin_saddl_overflow(__acc, c, &__acc);
> assert(!overflow);
> acc = (unsigned long)__acc;
> } else {
> - overflow = __builtin_umull_overflow(acc, base, &acc);
> + bool overflow = __builtin_umull_overflow(acc, base, &acc);
> assert(!overflow);
> overflow = __builtin_uaddl_overflow(acc, c, &acc);
> assert(!overflow);
> }
> +#else
> + acc = acc * base + c;
> +#endif
>
> s++;
> }
>
next prev parent reply other threads:[~2021-03-23 16:12 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 18:07 [kvm-unit-tests PATCH v2 0/4] Fix the devicetree parser for stdout-path Nikos Nikoleris
2021-03-18 18:07 ` [kvm-unit-tests PATCH v2 1/4] lib/string: Add strnlen, strrchr and strtoul Nikos Nikoleris
2021-03-22 8:35 ` Andrew Jones
2021-03-22 9:52 ` Nikos Nikoleris
2021-03-22 10:09 ` Andrew Jones
2021-03-23 12:14 ` Andrew Jones
2021-03-23 13:00 ` Andre Przywara
2021-03-23 13:41 ` Andrew Jones
2021-03-23 16:11 ` Andre Przywara [this message]
2021-03-23 13:01 ` Thomas Huth
2021-03-23 13:31 ` Andrew Jones
2021-03-18 18:07 ` [kvm-unit-tests PATCH v2 3/4] Makefile: Remove overriding recipe for libfdt_clean Nikos Nikoleris
2021-03-18 18:07 ` [kvm-unit-tests PATCH v2 4/4] devicetree: Parse correctly the stdout-path Nikos Nikoleris
2021-03-22 8:53 ` [kvm-unit-tests PATCH v2 0/4] Fix the devicetree parser for stdout-path Andrew Jones
2021-03-22 9:55 ` Nikos Nikoleris
2021-03-22 18:04 ` Andre Przywara
2021-03-22 18:56 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210323161113.3f4efe7b@slackpad.fritz.box \
--to=andre.przywara@arm.com \
--cc=alexandru.elisei@arm.com \
--cc=drjones@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=nikos.nikoleris@arm.com \
--cc=pbonzini@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox