From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: Fangrui Song <i@maskray.me>,
Richard Henderson <richard.henderson@linaro.org>,
Juan Quintela <quintela@redhat.com>
Subject: [PULL 1/1] util/cutils: Fix incorrect integer->float conversion caught by clang
Date: Mon, 25 Nov 2019 07:04:34 +0100 [thread overview]
Message-ID: <20191125060434.22997-2-armbru@redhat.com> (raw)
In-Reply-To: <20191125060434.22997-1-armbru@redhat.com>
From: Fangrui Song <i@maskray.me>
Clang does not like do_strtosz()'s code to guard against overflow:
qemu/util/cutils.c:245:23: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709550592 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
The warning will be enabled by default in clang 10. It is not
available for clang <= 9.
val * mul >= 0xfffffffffffffc00 is indeed wrong. 0xfffffffffffffc00
is not representable exactly as double. It's half-way between the
representable values 0xfffffffffffff800 and 0x10000000000000000.
Which one we get is implementation-defined. Bad.
We want val * mul > (the largest uint64_t exactly representable as
double). That's 0xfffffffffffff800. Write it as nextafter(0x1p64, 0)
with a suitable comment.
Signed-off-by: Fangrui Song <i@maskray.me>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Patch split, commit message improved]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20191122080039.12771-3-armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
---
util/cutils.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/util/cutils.c b/util/cutils.c
index fd591cadf0..77acadc70a 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -239,10 +239,12 @@ static int do_strtosz(const char *nptr, const char **end,
goto out;
}
/*
- * Values >= 0xfffffffffffffc00 overflow uint64_t after their trip
- * through double (53 bits of precision).
+ * Values near UINT64_MAX overflow to 2**64 when converting to double
+ * precision. Compare against the maximum representable double precision
+ * value below 2**64, computed as "the next value after 2**64 (0x1p64) in
+ * the direction of 0".
*/
- if ((val * mul >= 0xfffffffffffffc00) || val < 0) {
+ if ((val * mul > nextafter(0x1p64, 0)) || val < 0) {
retval = -ERANGE;
goto out;
}
--
2.21.0
next prev parent reply other threads:[~2019-11-25 6:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-25 6:04 [PULL 0/1] Miscellaneous patches for 2019-11-25 Markus Armbruster
2019-11-25 6:04 ` Markus Armbruster [this message]
2019-11-25 15:47 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191125060434.22997-2-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=i@maskray.me \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).