From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 59486 invoked by alias); 21 Jun 2018 17:32:24 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 59435 invoked by uid 89); 21 Jun 2018 17:32:23 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-12.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.2 spammy=Fair X-HELO: sesbmg23.ericsson.net Received: from sesbmg23.ericsson.net (HELO sesbmg23.ericsson.net) (193.180.251.37) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 21 Jun 2018 17:32:21 +0000 Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 83.BC.31551.321EB2B5; Thu, 21 Jun 2018 19:32:19 +0200 (CEST) Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 21 Jun 2018 19:32:19 +0200 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 21 Jun 2018 19:32:18 +0200 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=simon.marchi@ericsson.com; Received: from [142.133.60.192] (192.75.88.130) by BYAPR15MB2392.namprd15.prod.outlook.com (2603:10b6:a02:8d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.863.19; Thu, 21 Jun 2018 17:32:15 +0000 Subject: Re: [PATCH v2 1/3] Use unsigned ints in regcache_map_entry From: Simon Marchi To: Alan Hayward CC: "gdb-patches@sourceware.org" , nd References: <20180621093802.79342-1-alan.hayward@arm.com> <20180621093802.79342-2-alan.hayward@arm.com> <4e636367-f19b-3aa8-6491-42d4ea5b024b@ericsson.com> <3c8db027-f24e-91cb-b7cc-25fb8cae0067@ericsson.com> <3e13b55d-5283-eb61-c018-880ff0e92ab1@ericsson.com> Message-ID: <068f1831-32ff-e5ab-e43d-32e1e634d98d@ericsson.com> Date: Thu, 21 Jun 2018 17:32:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <3e13b55d-5283-eb61-c018-880ff0e92ab1@ericsson.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-ClientProxiedBy: SN4PR0201CA0058.namprd02.prod.outlook.com (2603:10b6:803:20::20) To BYAPR15MB2392.namprd15.prod.outlook.com (2603:10b6:a02:8d::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 60540289-7631-4259-bad6-08d5d79cee51 X-MS-TrafficTypeDiagnostic: BYAPR15MB2392: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Forefront-PRVS: 07106EF9B9 Received-SPF: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2018 17:32:15.0302 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 60540289-7631-4259-bad6-08d5d79cee51 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2392 X-OriginatorOrg: ericsson.com X-IsSubscribed: yes X-SW-Source: 2018-06/txt/msg00525.txt.bz2 On 2018-06-21 11:34 AM, Simon Marchi wrote: > On 2018-06-21 11:19 AM, Alan Hayward wrote: >> I originally wrote this for just the _part functions and then I rejected >> it. The problem as I see it with this is that, mostly all the code calling >> these functions today are using ints. >> >> So, to keep it safe we should really update all the callers too. For example, >> one picked at random: >> >> --- a/gdb/m32c-tdep.c >> +++ b/gdb/m32c-tdep.c >> @@ -443,9 +443,9 @@ m32c_find_part (struct m32c_reg *reg, int *offset_p, int *len_p) >> bits, read the value of the REG->n'th element. */ >> static enum register_status >> m32c_part_read (struct m32c_reg *reg, readable_regcache *cache, gdb_byte *buf) >> { >> - int offset, len; >> + unsigned int offset, len; >> >> memset (buf, 0, TYPE_LENGTH (reg->type)); >> m32c_find_part (reg, &offset, &len); >> return cache->cooked_read_part (reg->rx->num, offset, len, buf); >> >> And without checking, I’m not sure m32c_find_part can guarantee unsigned. >> >> Without those changes all we are doing is losing some assert protection. > > Fair enough, I'm fine with keeping the ints and the >= 0 asserts. It was just > a tiny itch :). > > Simon > I thought about it a bit more, and we indeed probably need as many assertions with unsigned types as we do with signed types, I was wrong thinking it would simplify things. Let's say a caller miscalculate "offset" and it ends up being -2 (0xfffffffe as an unsigned int) and length is 4. The assertion gdb_assert (offset + len <= reg_size) will not catch it, since (offset + len) will still be 2 (after the overflow). So we would need to check that offset and len are within reg_size individually, as well as their sum: gdb_assert (offset <= reg_size); gdb_assert (len <= reg_size); gdb_assert (offset + len <= reg_size); And that is equivalent to what we would need with signed types: gdb_assert (offset >= 0); gdb_assert (len >= 0); gdb_assert (offset + len <= reg_size); So in the end, I think you can forget changing things to unsigned, since it doesn't really add value... sorry for the noise. Simon