From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 07497385840F for ; Thu, 17 Mar 2022 09:49:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 07497385840F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647510551; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=AsytVPV67lms+mexD7CF2GrDz3Gt+UtLPYlKdmTD2Yk=; b=aQaDXa39GzhJyvArcc8KufiKX9ZFLNyHeZ20H1u3CmAFt8sUGlyUBhygpPU6wxXLh9cei5 y6DmZzooxSmTXv4UGZs33/TJaLRi2ZiOpeVbNhRIkxAJmAwEvgKDNKxL40A3BRkX57uFbD 6Xv2W6zYs/+Mn37i54iFrzsOqVhIvHs= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-381-yQkz_iuyOsywPyV6BJzo6A-1; Thu, 17 Mar 2022 05:49:10 -0400 X-MC-Unique: yQkz_iuyOsywPyV6BJzo6A-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EB8ED1C06900 for ; Thu, 17 Mar 2022 09:49:09 +0000 (UTC) Received: from calimero.vinschen.de (unknown [10.36.112.5]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C9F5E53CF for ; Thu, 17 Mar 2022 09:49:09 +0000 (UTC) Received: by calimero.vinschen.de (Postfix, from userid 500) id 63867A8096F; Thu, 17 Mar 2022 10:49:08 +0100 (CET) Date: Thu, 17 Mar 2022 10:49:08 +0100 From: Corinna Vinschen To: newlib@sourceware.org Subject: Re: [PATCH v2] newlib: fix build with Reply-To: newlib@sourceware.org Mail-Followup-To: newlib@sourceware.org References: <20220314032559.24535-1-vapier@gentoo.org> <20220315032550.16502-1-vapier@gentoo.org> <2c68b0f8-03ad-d93d-dd35-002a66576ff8@foss.arm.com> <16551142-64aa-fdda-8f9e-7656c6b9390f@yahoo.de> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=vinschen@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 09:49:13 -0000 On Mar 16 22:41, Mike Frysinger wrote: > On 16 Mar 2022 10:17, R. Diez wrote: > > >> Therefore, compiling your code with GCC < 5 will silently break your application. > > >> After all, the only reason to use __builtin_mul_overflow() is > > >> that you need to check for overflow, is it? > > > > > > practically speaking, i don't think this is a big deal. newlib gained these > > > checks only "recently" (<2 years ago). newlib has been around for much much > > > longer, and the world didn't notice. > > > > Such general justifications wouldn't pass quality assurance (if we had one). > > in your opinion. software is not perfect, it's trade-offs. > > > > yes, if an app starts trying to allocate > > > huge amounts of memory such that it triggers 32-bit overflows when calculating, > > > the new size, it will probably internally allocate fewer bytes than requested, > > > and things will get corrupted. but like, don't do that :p. such applications > > > probably will have other problems already. > > > > You are suggesting that this only affects memory allocation, but the patch is for libc/include/sys/cdefs.h , so those mine traps will be available for everybody. > > > > People will tend to assume that anything in Newlib is correct, and code has a way to get copied around and re-used. > > > > There are many ways to mitigate the risk: > > > > - Require GCC 5. > > - Provide a proper implementation of __builtin_mul_overflow(). > > - Patch all users of __builtin_mul_overflow() within Newlib, so that they do not use it if the compiler does not provide it. > > - Issue a compilation warning for GCC < 5 that the "stub" __builtin_mul_overflow() is broken. > > Note that this is not actually a "stub" implementation in the common sense. > > - Add an "assert( false ) // fix me" inside the implementation. > > - Add a comment stating that the "stub" implementation is not actually correct. > > any option that prevents correct execution with gcc-4 is not an improvement. > if you care this much, feel free to contribute a patch. or use gcc-5+ and > not worry about it. > -mike Does anybody actually care for building with gcc < 5? If not, we should just make gcc 5 a prerequisite. Corinna