Recent Features
| |||||||||||||
Signed overflow optimization hazards in the kernelSigned overflow optimization hazards in the kernelPosted Aug 16, 2012 22:46 UTC (Thu) by PaulMcKenney (subscriber, #9624)In reply to: Signed overflow optimization hazards in the kernel by baldrick Parent article: Signed overflow optimization hazards in the kernel Hmmm... If I compile the following with gcc 4.6.1 with -O2:
unsigned long long signed_cast(unsigned long long a, unsigned long long b)
{
return (signed)((unsigned)a - (unsigned)b);
}
The following x86 object code is generated: 120: 8b 54 24 04 mov 0x4(%esp),%edx 124: 2b 54 24 0c sub 0xc(%esp),%edx 128: 89 d0 mov %edx,%eax 12a: c1 fa 1f sar $0x1f,%edx 12d: c3 ret This is a 32-bit subtraction on 64-bit quantities. And when I plugged 2^32=4294967296 for So unless I misunderstood what you are suggesting, I will be sticking with the baroque comparisons for RCU.
(Log in to post comments)
Signed overflow optimization hazards in the kernel Posted Aug 17, 2012 2:20 UTC (Fri) by PaulMcKenney (subscriber, #9624) [Link]
Though I could make the macros type-generic by (ab)using sizeof(). Not sure it is worth it, though.
Signed overflow optimization hazards in the kernel Posted Aug 17, 2012 5:05 UTC (Fri) by jimparis (subscriber, #38647) [Link] Hmmm... If I compile the following with gcc 4.6.1 with -O2:Well, yeah, that's because "(signed)" is casting 32-bit when compiled with -m32. I might be misunderstanding your issue here but it seems you wanted:
unsigned long long signed_cast(unsigned long long a, unsigned long long b)
{
return (signed long long)((unsigned long long)a - (unsigned long long)b);
}
Signed overflow optimization hazards in the kernel Posted Aug 18, 2012 18:07 UTC (Sat) by ppisa (subscriber, #67307) [Link]
I hope that behavior of unsigned to signed conversion stays defined (at least for GCC and GCC replacement compilers - LLVM, Intel atc.). GCC defines behavior in current manual version
http://gcc.gnu.org/onlinedocs/gcc/Integers-implementation...
I use ((signed type)((unsigned type)a - (unsigned type)b) > 0) often in our embedded code and in the fact I am probably author/coauthor of that MX1 example - if that line was not not rewritten by somebody.
Paul's example behavior is correct according to my knowledge (unsigned) is equivalent to (unsigned int) ie on 32 bit target 32 bit subtraction is evaluated and then sign is extended to 64 bits when conversion to (signed it) and then 64 bit signed type is required.
What is common trap is that plain
(unsigned type) a - (unsigned type) b
is not considered (type) nor (signed type). It is signed but interpreted as so big signed to hold additional bit if it is compared with zero. So additional cast to signed type same or smaller than both inputs (a and b) has to be used.
I use next mechanism to allow cyclic comparison between different
http://ulan.git.sourceforge.net/git/gitweb.cgi?p=ulan/ulut;...
Library is licensed GPL, LGPL, MPL, but code fragment can be taken as public domain, if it helps somebody.
#ifndef ul_cyclic_gt
#ifndef ul_cyclic_ge
Please, if you know about some target, compiler or intention to break assumption (at least hopefully current GCC version guarantee) that unsigned to signed conversion reinterprets MSB as a sign. As for correctness of the code, there could be problem if target specifies some basic arithmetic type with some bits unused. It short 16 bit but stored in 32 bit entity. But none of our targets has that problem.
Code is used in many targets, some of safety grade class applications so notice of possible (even future) breakage is critical for me and users.
Signed overflow optimization hazards in the kernel Posted Aug 18, 2012 19:02 UTC (Sat) by PaulMcKenney (subscriber, #9624) [Link]
Cool, that was the sort of thing I was thinking of with my "sizeof()" earlier, though I still do feel more comfortable with using the constants than relying on casting.
But why the casts to unsigned integral types? I would instead have expected a requirement that the caller's cyclic arithmetic be carried out in unsigned integers, so that the casts were unnecessary.
Signed overflow optimization hazards in the kernel Posted Aug 18, 2012 22:34 UTC (Sat) by ppisa (subscriber, #67307) [Link]
Hmm, cast to unsigned used to work even for signed types and in practice works still. a+=20 is translated into single add instruction on all targets I know. The other reason for casting is, that sometimes you can strore in object only shorter part of time stamp or generation counter, if you know, that live period is small enough or if you only check for change. Casting both to smaller of the two makes subtraction possibly cheaper, the result has to be casted to smaller one anyway.
But main reason for casting to ensure thing works on existing code
Best wishes,
Pavel
Signed overflow optimization hazards in the kernel Posted Aug 19, 2012 17:00 UTC (Sun) by baldrick (subscriber, #4123) [Link]
By "signed" I meant "signed integer type of the same size" and by "unsigned" I meant "unsigned integer type of the same size". The "same size" means: the same number of bits as the original integer type, so in the case of example 2 this means "signed long long" and "unsigned long long". Sorry for not being clear.
Signed overflow optimization hazards in the kernel Posted Aug 20, 2012 0:44 UTC (Mon) by PaulMcKenney (subscriber, #9624) [Link]
No problem!
I must admit that it would be nice if "(signed typeof(a))" and (unsigned typeof(b))" flipped the signedness of "a" and "b", but my version of gcc really doesn't like either variant. ;-)
|
|||||||||||||