[v2] Avoid undefined behaviour in ibm128 implementation of llroundl
Checks
Context |
Check |
Description |
dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
dj/TryBot-32bit |
success
|
Build for i686
|
Commit Message
Detecting an overflow edge case depended on signed overflow of a long
long. Replace the signed long long with unsigned and cast it back to
unsigned before comparisons (which is implementation defined behaviour,
but I guess glibc does not support any one's complement
architectures...).
BZ #29488
---
v2: added casts to some references to 'res' I missed in v1. This
version passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
---
sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
Comments
* Michael Hudson-Doyle via Libc-alpha:
> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the signed long long with unsigned and cast it back to
> unsigned before comparisons (which is implementation defined behaviour,
> but I guess glibc does not support any one's complement
> architectures...).
>
> BZ #29488
> ---
> v2: added casts to some references to 'res' I missed in v1. This
> version passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
> ---
> sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..5f54f92767 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -28,7 +28,8 @@ long long
> __llroundl (long double x)
> {
> double xh, xl;
> - long long res, hi, lo;
> + unsigned long long res;
> + long long hi, lo;
>
> ldbl_unpack (x, &xh, &xl);
>
> @@ -69,7 +70,7 @@ __llroundl (long double x)
> res = hi + lo;
>
> /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi). */
> - if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> + if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
> goto overflow;
Maybe it's clearer to use __builtin_add_overflow (or INT_ADD_WRAPV from
<intprops.h>)?
Thanks,
Florian
On Aug 22 2022, Michael Hudson-Doyle via Libc-alpha wrote:
> @@ -69,7 +70,7 @@ __llroundl (long double x)
> res = hi + lo;
The overflow happens here. Changing the type of the LHS does not change
that.
On Mon, 22 Aug 2022, 20:34 Andreas Schwab, <schwab@suse.de> wrote:
> On Aug 22 2022, Michael Hudson-Doyle via Libc-alpha wrote:
>
> > @@ -69,7 +70,7 @@ __llroundl (long double x)
> > res = hi + lo;
>
> The overflow happens here. Changing the type of the LHS does not change
> that.
>
IIRC it was one of the "res += 1"s lower down in the test case that was
failing for me. But maybe a more thorough rewrite of this function is
called for (if people still care about ibm128 I guess).
Cheers,
mwh
@@ -28,7 +28,8 @@ long long
__llroundl (long double x)
{
double xh, xl;
- long long res, hi, lo;
+ unsigned long long res;
+ long long hi, lo;
ldbl_unpack (x, &xh, &xl);
@@ -69,7 +70,7 @@ __llroundl (long double x)
res = hi + lo;
/* This is just sign(hi) == sign(lo) && sign(res) != sign(hi). */
- if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
+ if (__glibc_unlikely (((~(hi ^ lo) & (((long long)res) ^ hi)) < 0)))
goto overflow;
xh -= lo;
@@ -82,7 +83,7 @@ __llroundl (long double x)
}
else if (xh == 0.5)
{
- if (xl > 0.0 || (xl == 0.0 && res >= 0))
+ if (xl > 0.0 || (xl == 0.0 && ((long long)res) >= 0))
res += 1;
}
else if (-xh > 0.5)
@@ -91,11 +92,11 @@ __llroundl (long double x)
}
else if (-xh == 0.5)
{
- if (xl < 0.0 || (xl == 0.0 && res <= 0))
+ if (xl < 0.0 || (xl == 0.0 && ((long long)res) <= 0))
res -= 1;
}
- if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
+ if (__glibc_unlikely (((~(hi ^ (((long long)res) - hi)) & (((long long)res) ^ hi)) < 0)))
goto overflow;
return res;