From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:43394) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Rw1DI-0000Qb-Ep for qemu-devel@nongnu.org; Fri, 10 Feb 2012 19:53:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Rw1DH-0007yU-9f for qemu-devel@nongnu.org; Fri, 10 Feb 2012 19:53:16 -0500 Received: from cantor2.suse.de ([195.135.220.15]:42203 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Rw1DH-0007yQ-0b for qemu-devel@nongnu.org; Fri, 10 Feb 2012 19:53:15 -0500 Message-ID: <4F35BBF8.4080400@suse.de> Date: Sat, 11 Feb 2012 01:53:12 +0100 From: =?UTF-8?B?QW5kcmVhcyBGw6RyYmVy?= MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH 1/3] Add support for 128-bit arithmeticRe: [PATCH 1/3] Add support for 128-bit arithmetic List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jay Foad Cc: avi@redhat.com, qemu-devel@nongnu.org Am 10.02.2012 10:51, schrieb Jay Foad: > On 30 Oct 2011, Avi Kivity wrote: >> The memory API supports 64-bit buses (e.g. PCI). A size on such a bus= cannot >> be represented with a 64-bit data type, if both 0 and the entire addre= ss >> space size are to be represented. Futhermore, any address arithemetic= may >> overflow and return unexpected results. >> >> Introduce a 128-bit signed integer type for use in such cases. Additi= on, >> subtraction, and comparison are the only operations supported. >> >> Signed-off-by: Avi Kivity >> --- >> int128.h | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++ >> 1 files changed, 116 insertions(+), 0 deletions(-) >> create mode 100644 int128.h >> >> diff --git a/int128.h b/int128.h >> new file mode 100644 >> index 0000000..b3864b6 >> --- /dev/null >> +++ b/int128.h >> @@ -0,0 +1,116 @@ >> +#ifndef INT128_H >> +#define INT128_H >> + >> +typedef struct Int128 Int128; >> + >> +struct Int128 { >> + uint64_t lo; >> + int64_t hi; >> +}; >=20 >> +static inline Int128 int128_add(Int128 a, Int128 b) >> +{ >> + Int128 r =3D { a.lo + b.lo, a.hi + b.hi }; >> + r.hi +=3D (r.lo < a.lo) || (r.lo < b.lo); >> + return r; >> +} >=20 > This is a bit redundant. You only need either: >=20 > r.hi +=3D r.lo < a.lo; >=20 > or: >=20 > r.hi +=3D r.lo < b.lo; >=20 > because the way that two's complement addition works means that r.lo > will always be less than both a.lo and b.lo, or > greater-than-or-equal-to both of them. >=20 >> +static inline bool int128_ge(Int128 a, Int128 b) >> +{ >> + return int128_nonneg(int128_sub(a, b)); >> +} >=20 > This is wrong if you get signed overflow in int128_sub(a, b). >=20 >> Regardless, the need for careful coding means subtle bugs, >=20 > Indeed :-) Are these just theoretical issues or does anything in particular break for you? These functions were introduced to tackle int64_t overflow issues in the Memory API, not as an arbitrary API AFAIU. If nothing's broken in practice it would be best if you could just send a patch with your proposed fix rather than describing it in words. :) Andreas --=20 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=C3=BCrnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imend=C3=B6rffer; HRB 16746 AG N=C3=BC= rnberg