Re: [PATCH v2 2/4] utils: Improve qemu_strtosz() to have 64 bits of precision

["Daniel P. Berrangé" <berrange@redhat.com>]

On Thu, Feb 11, 2021 at 02:44:36PM -0600, Eric Blake wrote:
> We have multiple clients of qemu_strtosz (qemu-io, the opts visitor,
> the keyval visitor), and it gets annoying that edge-case testing is
> impacted by implicit rounding to 53 bits of precision due to parsing
> with strtod().  As an example posted by Rich Jones:
>  $ nbdkit memory $(( 2**63 - 2**30 )) --run \
>    'build/qemu-io -f raw "$uri" -c "w -P 3 $(( 2**63 - 2**30 - 512 )) 512" '
>  write failed: Input/output error
> 
> because 9223372035781033472 got rounded to 0x7fffffffc0000000 which is
> out of bounds.
> 
> It is also worth noting that our existing parser, by virtue of using
> strtod(), accepts decimal AND hex numbers, even though test-cutils
> previously lacked any coverage of the latter until the previous patch.
> We do have existing clients that expect a hex parse to work (for
> example, iotest 33 using qemu-io -c "write -P 0xa 0x200 0x400"), but
> strtod() parses "08" as 8 rather than as an invalid octal number, so
> we know there are no clients that depend on octal.  Our use of
> strtod() also means that "0x1.8k" would actually parse as 1536 (the
> fraction is 8/16), rather than 1843 (if the fraction were 8/10); but
> as this was not covered in the testsuite, I have no qualms forbidding
> hex fractions as invalid, so this patch declares that the use of
> fractions is only supported with decimal input, and enhances the
> testsuite to document that.
> 
> Our previous use of strtod() meant that -1 parsed as a negative; now
> that we parse with strtoull(), negative values can wrap around modulo
> 2^64, so we have to explicitly check whether the user passed in a '-';
> and make it consistent to also reject '-0'.  This has the minor effect
> of treating negative values as EINVAL (with no change to endptr)
> rather than ERANGE (with endptr advanced to what was parsed), visible
> in the updated iotest output.
> 
> We also had no testsuite coverage of "1.1e0k", which happened to parse
> under strtod() but is unlikely to occur in practice; as long as we are
> making things more robust, it is easy enough to reject the use of
> exponents in a strtod parse.
> 
> The fix is done by breaking the parse into an integer prefix (no loss
> in precision), rejecting negative values (since we can no longer rely
> on strtod() to do that), determining if a decimal or hexadecimal parse
> was intended (with the new restriction that a fractional hex parse is
> not allowed), and where appropriate, using a floating point fractional
> parse (where we also scan to reject use of exponents in the fraction).
> The bulk of the patch is then updates to the testsuite to match our
> new precision, as well as adding new cases we reject (whether they
> were rejected or inadvertently accepted before).
> 
> Signed-off-by: Eric Blake <eblake@redhat.com>
> 
> ---
> 
> Note that this approach differs from what has been attempted in the
> past; see the thread starting at
> https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg00852.html
> That approach tried to parse both as strtoull and strtod and take
> whichever was longer, but that was harder to document.
> ---
>  tests/test-cutils.c              | 74 ++++++++++----------------
>  tests/test-keyval.c              | 35 +++++++++----
>  tests/test-qemu-opts.c           | 33 ++++++++----
>  util/cutils.c                    | 90 ++++++++++++++++++++++++--------
>  tests/qemu-iotests/049.out       | 14 +++--
>  tests/qemu-iotests/178.out.qcow2 |  3 +-
>  tests/qemu-iotests/178.out.raw   |  3 +-
>  7 files changed, 158 insertions(+), 94 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|