[PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl

[PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl

[Michael Hudson-Doyle]

Detecting an overflow edge case depended on signed overflow of a long
long. Replace the signed long long with unsigned and cast it back to
unsigned before comparisons (which is implementation defined behaviour,
but I guess glibc does not support any one's complement
architectures...).

BZ #29488
---
 sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
index d85154e73a..e8117bfc2b 100644
--- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
+++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
@@ -28,7 +28,8 @@ long long
 __llroundl (long double x)
 {
   double xh, xl;
-  long long res, hi, lo;
+  unsigned long long res;
+  long long hi, lo;
 
   ldbl_unpack (x, &xh, &xl);
 
@@ -69,7 +70,7 @@ __llroundl (long double x)
       res = hi + lo;
 
       /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
-      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
+      if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
 	goto overflow;
 
       xh -= lo;
@@ -95,7 +96,7 @@ __llroundl (long double x)
 	    res -= 1;
 	}
 
-      if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
+      if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long long)res) ^ hi)) < 0)))
 	goto overflow;
 
       return res;
-- 
2.34.1

Re: [PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl

[Michael Hudson-Doyle]

Disregard this, I hadn't run all the tests I thought I had, sorry about
that.

On Sun, 21 Aug 2022 at 22:45, Michael Hudson-Doyle <
michael.hudson@canonical.com> wrote:

> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the signed long long with unsigned and cast it back to
> unsigned before comparisons (which is implementation defined behaviour,
> but I guess glibc does not support any one's complement
> architectures...).
>
> BZ #29488
> ---
>  sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..e8117bfc2b 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -28,7 +28,8 @@ long long
>  __llroundl (long double x)
>  {
>    double xh, xl;
> -  long long res, hi, lo;
> +  unsigned long long res;
> +  long long hi, lo;
>
>    ldbl_unpack (x, &xh, &xl);
>
> @@ -69,7 +70,7 @@ __llroundl (long double x)
>        res = hi + lo;
>
>        /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
> -      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> +      if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
>         goto overflow;
>
>        xh -= lo;
> @@ -95,7 +96,7 @@ __llroundl (long double x)
>             res -= 1;
>         }
>
> -      if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
> +      if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long
> long)res) ^ hi)) < 0)))
>         goto overflow;
>
>        return res;
> --
> 2.34.1
>
>

[PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl

[Michael Hudson-Doyle]

Detecting an overflow edge case depended on signed overflow of a long
long. Replace the signed long long with unsigned and cast it back to
unsigned before comparisons (which is implementation defined behaviour,
but I guess glibc does not support any one's complement
architectures...).

BZ #29488
---
 v2: added casts to some references to 'res' I missed in v1. This
 version passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
---
 sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
index d85154e73a..5f54f92767 100644
--- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
+++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
@@ -28,7 +28,8 @@ long long
 __llroundl (long double x)
 {
   double xh, xl;
-  long long res, hi, lo;
+  unsigned long long res;
+  long long hi, lo;
 
   ldbl_unpack (x, &xh, &xl);
 
@@ -69,7 +70,7 @@ __llroundl (long double x)
       res = hi + lo;
 
       /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
-      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
+      if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
 	goto overflow;
 
       xh -= lo;
@@ -82,7 +83,7 @@ __llroundl (long double x)
 	}
       else if (xh == 0.5)
 	{
-	  if (xl > 0.0 || (xl == 0.0 && res >= 0))
+	  if (xl > 0.0 || (xl == 0.0 && ((long long)res) >= 0))
 	    res += 1;
 	}
       else if (-xh > 0.5)
@@ -91,11 +92,11 @@ __llroundl (long double x)
 	}
       else if (-xh == 0.5)
 	{
-	  if (xl < 0.0 || (xl == 0.0 && res <= 0))
+	  if (xl < 0.0 || (xl == 0.0 && ((long long)res) <= 0))
 	    res -= 1;
 	}
 
-      if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
+      if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long long)res) ^ hi)) < 0)))
 	goto overflow;
 
       return res;
-- 
2.34.1

Re: [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl

[Florian Weimer]

* Michael Hudson-Doyle via Libc-alpha:

> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the signed long long with unsigned and cast it back to
> unsigned before comparisons (which is implementation defined behaviour,
> but I guess glibc does not support any one's complement
> architectures...).
>
> BZ #29488
> ---
>  v2: added casts to some references to 'res' I missed in v1. This
>  version passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
> ---
>  sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..5f54f92767 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -28,7 +28,8 @@ long long
>  __llroundl (long double x)
>  {
>    double xh, xl;
> -  long long res, hi, lo;
> +  unsigned long long res;
> +  long long hi, lo;
>  
>    ldbl_unpack (x, &xh, &xl);
>  
> @@ -69,7 +70,7 @@ __llroundl (long double x)
>        res = hi + lo;
>  
>        /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
> -      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> +      if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
>  	goto overflow;

Maybe it's clearer to use __builtin_add_overflow (or INT_ADD_WRAPV from
<intprops.h>)?

Thanks,
Florian

Re: [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl

[Andreas Schwab]

On Aug 22 2022, Michael Hudson-Doyle via Libc-alpha wrote:

> @@ -69,7 +70,7 @@ __llroundl (long double x)
>        res = hi + lo;

The overflow happens here.  Changing the type of the LHS does not change
that.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Re: [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl

[Michael Hudson-Doyle]

On Mon, 22 Aug 2022, 20:34 Andreas Schwab, <schwab@suse.de> wrote:

> On Aug 22 2022, Michael Hudson-Doyle via Libc-alpha wrote:
>
> > @@ -69,7 +70,7 @@ __llroundl (long double x)
> >        res = hi + lo;
>
> The overflow happens here.  Changing the type of the LHS does not change
> that.
>

IIRC it was one of the "res += 1"s lower down in the test case that was
failing for me. But maybe a more thorough rewrite of this function is
called for (if people still care about ibm128 I guess).

Cheers,
mwh

-- 
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."
>