From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) by sourceware.org (Postfix) with ESMTP id 5733D3858418 for ; Sun, 20 Mar 2022 01:21:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5733D3858418 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gentoo.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gentoo.org Received: by smtp.gentoo.org (Postfix, from userid 559) id E87A134352A; Sun, 20 Mar 2022 01:20:59 +0000 (UTC) Date: Sat, 19 Mar 2022 21:21:10 -0400 From: Mike Frysinger To: newlib@sourceware.org Subject: Re: [PATCH v2] newlib: fix build with Mail-Followup-To: newlib@sourceware.org References: <20220314032559.24535-1-vapier@gentoo.org> <20220315032550.16502-1-vapier@gentoo.org> <2c68b0f8-03ad-d93d-dd35-002a66576ff8@foss.arm.com> <16551142-64aa-fdda-8f9e-7656c6b9390f@yahoo.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6bIg6xfxOcnt9Kpz" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2022 01:21:03 -0000 --6bIg6xfxOcnt9Kpz Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 17 Mar 2022 10:49, Corinna Vinschen wrote: > On Mar 16 22:41, Mike Frysinger wrote: > > On 16 Mar 2022 10:17, R. Diez wrote: > > > >> Therefore, compiling your code with GCC < 5 will silently break yo= ur application. > > > >> After all, the only reason to use __builtin_mul_overflow() is > > > >> that you need to check for overflow, is it? > > > >=20 > > > > practically speaking, i don't think this is a big deal. newlib gai= ned these > > > > checks only "recently" (<2 years ago). newlib has been around for = much much > > > > longer, and the world didn't notice. > > >=20 > > > Such general justifications wouldn't pass quality assurance (if we ha= d one). > >=20 > > in your opinion. software is not perfect, it's trade-offs. > >=20 > > > > yes, if an app starts trying to allocate > > > > huge amounts of memory such that it triggers 32-bit overflows when = calculating, > > > > the new size, it will probably internally allocate fewer bytes than= requested, > > > > and things will get corrupted. but like, don't do that :p. such a= pplications > > > > probably will have other problems already. > > >=20 > > > You are suggesting that this only affects memory allocation, but the = patch is for libc/include/sys/cdefs.h , so those mine traps will be availab= le for everybody. > > >=20 > > > People will tend to assume that anything in Newlib is correct, and co= de has a way to get copied around and re-used. > > >=20 > > > There are many ways to mitigate the risk: > > >=20 > > > - Require GCC 5. > > > - Provide a proper implementation of __builtin_mul_overflow(). > > > - Patch all users of __builtin_mul_overflow() within Newlib, so that = they do not use it if the compiler does not provide it. > > > - Issue a compilation warning for GCC < 5 that the "stub" __builtin_m= ul_overflow() is broken. > > > Note that this is not actually a "stub" implementation in the comm= on sense. > > > - Add an "assert( false ) // fix me" inside the implementation. > > > - Add a comment stating that the "stub" implementation is not actuall= y correct. > >=20 > > any option that prevents correct execution with gcc-4 is not an improve= ment. > > if you care this much, feel free to contribute a patch. or use gcc-5+ = and > > not worry about it. > > -mike >=20 > Does anybody actually care for building with gcc < 5? If not, we > should just make gcc 5 a prerequisite. i'm using gcc 4.9 for one of my targets which is why i noticed :). -mike --6bIg6xfxOcnt9Kpz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEuQK1JxMl+JKsJRrUQWM7n+g39YEFAmI2gYYACgkQQWM7n+g3 9YHPfhAAgPDag9vasTL3SnmDUsBDvkoys3kJVCQgMrqa6sI5u+3Ozy9V1iv5jhPv hGX607T5V2TvjMLkeCl2jp/PS6/RooSxfRPOdzUDxp9z4Xr+3QVuqry0s2JY0fha aqSKOkReNWuEzhC/MJf8xgzSL32eIKxiLXAZFE6Z2d/F/B53uObOpp8GnMKZ6qct lk3xJI/7Jxp/MdgYeNSmbN2zVgtZBT14/wyZgL0cMKTLK6KY2nXcgqP+sSfqneKf wXj1lpGaeKq85uj+H3xykos7FFwFjBr06EUT30ur2hqwyLKLVlFrdPW8SJs0wWR+ +p6hqzQ8pJBvmm2GstR8phqxd4eKKAHU9mh+Tdv+8TypSNt6wcPnTGjUekldPjl9 qZEx6eBhI7ZbkJuxN9AsDvzVDZchOr8eZEZaEXqr+hqwbW36sIcRb5XjgYHg2LlS s1VJFWYCqD9Fkgrdiaijjb/QmXZMBdIQHDczKGjblFTlTkOGItfRMQHOY3LPc6o5 DnwfUCBQcr6c69sRmUlS4bLGzQKI9amP4U7fCjcrjamUhEZi76a3wksJrVzFGIbZ /KpnQ+W9mlmYV295Ectwh66LAsU+3W4/eikSHgWteMANfTTtnL1YHTuPqst7Kh2n cApv/C8i3Z23ALeIgXET6ET8Xvc75ji/c3ttfyB8QCQ26SxuKpk= =n3Hr -----END PGP SIGNATURE----- --6bIg6xfxOcnt9Kpz--