From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Gunthorpe Subject: Re: [PATCH rdma-next 08/12] overflow.h: Add arithmetic shift helper Date: Mon, 25 Jun 2018 11:11:57 -0600 Message-ID: <20180625171157.GE5356@mellanox.com> References: <20180624082353.16138-1-leon@kernel.org> <20180624082353.16138-9-leon@kernel.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Leon Romanovsky , Doug Ledford , Kees Cook , Leon Romanovsky , RDMA mailing list , Hadar Hen Zion , Matan Barak , Michael J Ruhl , Noa Osherovich , Raed Salem , Yishai Hadas , Saeed Mahameed , linux-netdev , linux-kernel@vger.kernel.org To: Rasmus Villemoes Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Mon, Jun 25, 2018 at 11:26:05AM +0200, Rasmus Villemoes wrote: > check_shift_overflow(a, s, d) { > unsigned _nbits = 8*sizeof(a); > typeof(a) _a = (a); > typeof(s) _s = (s); > typeof(d) _d = (d); > > *_d = ((u64)(_a) << (_s & (_nbits-1))); > _s >= _nbits || (_s > 0 && (_a >> (_nbits - _s - > is_signed_type(a))) != 0); > } Those types are not quite right.. What about this? check_shift_overflow(a, s, d) ({ unsigned int _nbits = 8*sizeof(d) - is_signed_type(d); typeof(d) _a = a; // Shift is always performed on type 'd' typeof(s) _s = s; typeof(d) _d = d; *_d = (_a << (_s & (_nbits-1))); (((*_d) >> (_s & (_nbits-1)) != _a); }) And can we use mathamatcial invertability to prove no overlow and bound _a ? As above. Jason