* [PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl
@ 2022-08-21 10:44 Michael Hudson-Doyle
2022-08-21 19:24 ` Michael Hudson-Doyle
2022-08-22 2:04 ` [PATCH v2] " Michael Hudson-Doyle
0 siblings, 2 replies; 6+ messages in thread
From: Michael Hudson-Doyle @ 2022-08-21 10:44 UTC (permalink / raw)
To: libc-alpha
Detecting an overflow edge case depended on signed overflow of a long
long. Replace the signed long long with unsigned and cast it back to
unsigned before comparisons (which is implementation defined behaviour,
but I guess glibc does not support any one's complement
architectures...).
BZ #29488
---
sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
index d85154e73a..e8117bfc2b 100644
--- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
+++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
@@ -28,7 +28,8 @@ long long
__llroundl (long double x)
{
double xh, xl;
- long long res, hi, lo;
+ unsigned long long res;
+ long long hi, lo;
ldbl_unpack (x, &xh, &xl);
@@ -69,7 +70,7 @@ __llroundl (long double x)
res = hi + lo;
/* This is just sign(hi) == sign(lo) && sign(res) != sign(hi). */
- if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
+ if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
goto overflow;
xh -= lo;
@@ -95,7 +96,7 @@ __llroundl (long double x)
res -= 1;
}
- if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
+ if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long long)res) ^ hi)) < 0)))
goto overflow;
return res;
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl
2022-08-21 10:44 [PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl Michael Hudson-Doyle
@ 2022-08-21 19:24 ` Michael Hudson-Doyle
2022-08-22 2:04 ` [PATCH v2] " Michael Hudson-Doyle
1 sibling, 0 replies; 6+ messages in thread
From: Michael Hudson-Doyle @ 2022-08-21 19:24 UTC (permalink / raw)
To: libc-alpha
Disregard this, I hadn't run all the tests I thought I had, sorry about
that.
On Sun, 21 Aug 2022 at 22:45, Michael Hudson-Doyle <
michael.hudson@canonical.com> wrote:
> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the signed long long with unsigned and cast it back to
> unsigned before comparisons (which is implementation defined behaviour,
> but I guess glibc does not support any one's complement
> architectures...).
>
> BZ #29488
> ---
> sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..e8117bfc2b 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -28,7 +28,8 @@ long long
> __llroundl (long double x)
> {
> double xh, xl;
> - long long res, hi, lo;
> + unsigned long long res;
> + long long hi, lo;
>
> ldbl_unpack (x, &xh, &xl);
>
> @@ -69,7 +70,7 @@ __llroundl (long double x)
> res = hi + lo;
>
> /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi). */
> - if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> + if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
> goto overflow;
>
> xh -= lo;
> @@ -95,7 +96,7 @@ __llroundl (long double x)
> res -= 1;
> }
>
> - if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
> + if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long
> long)res) ^ hi)) < 0)))
> goto overflow;
>
> return res;
> --
> 2.34.1
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl
2022-08-21 10:44 [PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl Michael Hudson-Doyle
2022-08-21 19:24 ` Michael Hudson-Doyle
@ 2022-08-22 2:04 ` Michael Hudson-Doyle
2022-08-22 7:54 ` Florian Weimer
2022-08-22 8:34 ` Andreas Schwab
1 sibling, 2 replies; 6+ messages in thread
From: Michael Hudson-Doyle @ 2022-08-22 2:04 UTC (permalink / raw)
To: libc-alpha
Detecting an overflow edge case depended on signed overflow of a long
long. Replace the signed long long with unsigned and cast it back to
unsigned before comparisons (which is implementation defined behaviour,
but I guess glibc does not support any one's complement
architectures...).
BZ #29488
---
v2: added casts to some references to 'res' I missed in v1. This
version passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
---
sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
index d85154e73a..5f54f92767 100644
--- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
+++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
@@ -28,7 +28,8 @@ long long
__llroundl (long double x)
{
double xh, xl;
- long long res, hi, lo;
+ unsigned long long res;
+ long long hi, lo;
ldbl_unpack (x, &xh, &xl);
@@ -69,7 +70,7 @@ __llroundl (long double x)
res = hi + lo;
/* This is just sign(hi) == sign(lo) && sign(res) != sign(hi). */
- if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
+ if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
goto overflow;
xh -= lo;
@@ -82,7 +83,7 @@ __llroundl (long double x)
}
else if (xh == 0.5)
{
- if (xl > 0.0 || (xl == 0.0 && res >= 0))
+ if (xl > 0.0 || (xl == 0.0 && ((long long)res) >= 0))
res += 1;
}
else if (-xh > 0.5)
@@ -91,11 +92,11 @@ __llroundl (long double x)
}
else if (-xh == 0.5)
{
- if (xl < 0.0 || (xl == 0.0 && res <= 0))
+ if (xl < 0.0 || (xl == 0.0 && ((long long)res) <= 0))
res -= 1;
}
- if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
+ if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long long)res) ^ hi)) < 0)))
goto overflow;
return res;
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl
2022-08-22 2:04 ` [PATCH v2] " Michael Hudson-Doyle
@ 2022-08-22 7:54 ` Florian Weimer
2022-08-22 8:34 ` Andreas Schwab
1 sibling, 0 replies; 6+ messages in thread
From: Florian Weimer @ 2022-08-22 7:54 UTC (permalink / raw)
To: Michael Hudson-Doyle via Libc-alpha
* Michael Hudson-Doyle via Libc-alpha:
> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the signed long long with unsigned and cast it back to
> unsigned before comparisons (which is implementation defined behaviour,
> but I guess glibc does not support any one's complement
> architectures...).
>
> BZ #29488
> ---
> v2: added casts to some references to 'res' I missed in v1. This
> version passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
> ---
> sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..5f54f92767 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -28,7 +28,8 @@ long long
> __llroundl (long double x)
> {
> double xh, xl;
> - long long res, hi, lo;
> + unsigned long long res;
> + long long hi, lo;
>
> ldbl_unpack (x, &xh, &xl);
>
> @@ -69,7 +70,7 @@ __llroundl (long double x)
> res = hi + lo;
>
> /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi). */
> - if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> + if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
> goto overflow;
Maybe it's clearer to use __builtin_add_overflow (or INT_ADD_WRAPV from
<intprops.h>)?
Thanks,
Florian
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl
2022-08-22 2:04 ` [PATCH v2] " Michael Hudson-Doyle
2022-08-22 7:54 ` Florian Weimer
@ 2022-08-22 8:34 ` Andreas Schwab
2022-08-22 8:52 ` Michael Hudson-Doyle
1 sibling, 1 reply; 6+ messages in thread
From: Andreas Schwab @ 2022-08-22 8:34 UTC (permalink / raw)
To: Michael Hudson-Doyle via Libc-alpha
On Aug 22 2022, Michael Hudson-Doyle via Libc-alpha wrote:
> @@ -69,7 +70,7 @@ __llroundl (long double x)
> res = hi + lo;
The overflow happens here. Changing the type of the LHS does not change
that.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] Avoid undefined behaviour in ibm128 implementation of llroundl
2022-08-22 8:34 ` Andreas Schwab
@ 2022-08-22 8:52 ` Michael Hudson-Doyle
0 siblings, 0 replies; 6+ messages in thread
From: Michael Hudson-Doyle @ 2022-08-22 8:52 UTC (permalink / raw)
To: Andreas Schwab; +Cc: Michael Hudson-Doyle via Libc-alpha
On Mon, 22 Aug 2022, 20:34 Andreas Schwab, <schwab@suse.de> wrote:
> On Aug 22 2022, Michael Hudson-Doyle via Libc-alpha wrote:
>
> > @@ -69,7 +70,7 @@ __llroundl (long double x)
> > res = hi + lo;
>
> The overflow happens here. Changing the type of the LHS does not change
> that.
>
IIRC it was one of the "res += 1"s lower down in the test case that was
failing for me. But maybe a more thorough rewrite of this function is
called for (if people still care about ibm128 I guess).
Cheers,
mwh
--
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-22 8:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-21 10:44 [PATCH] Avoid undefined behaviour in ibm128 implementation of llroundl Michael Hudson-Doyle
2022-08-21 19:24 ` Michael Hudson-Doyle
2022-08-22 2:04 ` [PATCH v2] " Michael Hudson-Doyle
2022-08-22 7:54 ` Florian Weimer
2022-08-22 8:34 ` Andreas Schwab
2022-08-22 8:52 ` Michael Hudson-Doyle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).