From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752737AbbGUH0S (ORCPT ); Tue, 21 Jul 2015 03:26:18 -0400 Received: from mail-wi0-f182.google.com ([209.85.212.182]:38725 "EHLO mail-wi0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752334AbbGUH0R (ORCPT ); Tue, 21 Jul 2015 03:26:17 -0400 Date: Tue, 21 Jul 2015 09:26:09 +0200 From: Ingo Molnar To: Rasmus Villemoes Cc: Sasha Levin , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, Peter Zijlstra , Thomas Gleixner Subject: Re: [RFC 1/3] compiler.h: enable builtin overflow checkers and add fallback code Message-ID: <20150721072608.GA16176@gmail.com> References: <1437347852-24921-1-git-send-email-linux@rasmusvillemoes.dk> <55AC6F46.80606@oracle.com> <87k2tuoadi.fsf@rasmusvillemoes.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87k2tuoadi.fsf@rasmusvillemoes.dk> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linus Cc:-ed so he can chime in if he wants to. Thanks, Ingo * Rasmus Villemoes wrote: > On Mon, Jul 20 2015, Sasha Levin wrote: > > > On 07/19/2015 07:17 PM, Rasmus Villemoes wrote: > >> Last year, Sasha Levin suggested adding wrappers for the > >> __builtin_*_overflow functions introduced with gcc 5.1 (based on > >> similar, but type-specific, functions in clang). This is another > >> attempt at providing such wrappers and fallback code for older compilers. > > > > What's the difference between this version and the one Linus essentially > > rejected? > > Assuming you're referring to > http://thread.gmane.org/gmane.linux.kernel/1838832 (the latest I could > find, and the one Linus "[didn't] like"): > > I've tried to ensure that the fallback code has the same semantics as > the gcc builtins [1] (in particular, to handle all kinds of overflow) - > I think it would be rather dangerous if the types of overflow detected > depended on the gcc version. > > The fallback code in the version referred to above had a number of > problems: > > * relies on UB for signed types > > * both false positives and false negatives (because it more or less > implicitly assumed that all values are positive) > > * even for unsigned types, plain a+b int > > It's also inconvenient for the user to have to pass the appropriate > type_max value to the mul_overflow checker. > > Rasmus > > [1] though with the extra requirement of all three arguments having the > same type.