diff mbox series

[v3] Avoid undefined behaviour in ibm128 implementation of llroundl (BZ #29488)

Message ID 20221010060050.3741173-1-aurelien@aurel32.net
State Committed
Commit 2b5478569e72ee4820a6e163d306690c9c0eaf5e
Delegated to: Tulio Magno Quites Machado Filho
Headers
Series [v3] Avoid undefined behaviour in ibm128 implementation of llroundl (BZ #29488) |

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent
dj/TryBot-32bit success Build for i686

Commit Message

Aurelien Jarno Oct. 10, 2022, 6 a.m. UTC 
  Detecting an overflow edge case depended on signed overflow of a long
long. Replace the additions and the overflow checks by
__builtin_add_overflow().
---
 sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

This patch is based on the original patch from Michael Hudson-Doyle,
using __builtin_add_overflow() as suggested by Florian Weimer

It passes all tests on ppc64el with gcc 12 with both -O2 and -O3.

Comments

Michael Hudson-Doyle Oct. 10, 2022, 9:48 p.m. UTC | #1 
On Mon, 10 Oct 2022 at 19:01, Aurelien Jarno <aurelien@aurel32.net> wrote:

> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the additions and the overflow checks by
> __builtin_add_overflow().
>

This certainly looks better than my fix, thanks!

Cheers,
mwh


>  sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 21 +++++++++------------
>  1 file changed, 9 insertions(+), 12 deletions(-)
>
> This patch is based on the original patch from Michael Hudson-Doyle,
> using __builtin_add_overflow() as suggested by Florian Weimer
>
> It passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
>
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..d8c0de1faf 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -66,38 +66,35 @@ __llroundl (long double x)
>        /* Peg at max/min values, assuming that the above conversions do so.
>           Strictly speaking, we can return anything for values that
> overflow,
>           but this is more useful.  */
> -      res = hi + lo;
> -
> -      /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
> -      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> +      if (__glibc_unlikely (__builtin_add_overflow (hi, lo, &res)))
>         goto overflow;
>
>        xh -= lo;
>        ldbl_canonicalize (&xh, &xl);
>
> -      hi = res;
>        if (xh > 0.5)
>         {
> -         res += 1;
> +         if (__glibc_unlikely (__builtin_add_overflow (res, 1, &res)))
> +           goto overflow;
>         }
>        else if (xh == 0.5)
>         {
>           if (xl > 0.0 || (xl == 0.0 && res >= 0))
> -           res += 1;
> +           if (__glibc_unlikely (__builtin_add_overflow (res, 1, &res)))
> +             goto overflow;
>         }
>        else if (-xh > 0.5)
>         {
> -         res -= 1;
> +         if (__glibc_unlikely (__builtin_add_overflow (res, -1, &res)))
> +           goto overflow;
>         }
>        else if (-xh == 0.5)
>         {
>           if (xl < 0.0 || (xl == 0.0 && res <= 0))
> -           res -= 1;
> +           if (__glibc_unlikely (__builtin_add_overflow (res, -1, &res)))
> +             goto overflow;
>         }
>
> -      if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
> -       goto overflow;
> -
>        return res;
>      }
>    else
> --
> 2.35.1
>
>
Aurelien Jarno Oct. 22, 2022, 10:14 a.m. UTC | #2 
Ping. Tulio (as powerpc machine maintainer) or Joseph (as math component
maintainer), could you please have a look at this patch?

On 2022-10-10 08:00, Aurelien Jarno wrote:
> Detecting an overflow edge case depended on signed overflow of a long
> long. Replace the additions and the overflow checks by
> __builtin_add_overflow().
> ---
>  sysdeps/ieee754/ldbl-128ibm/s_llroundl.c | 21 +++++++++------------
>  1 file changed, 9 insertions(+), 12 deletions(-)
> 
> This patch is based on the original patch from Michael Hudson-Doyle,
> using __builtin_add_overflow() as suggested by Florian Weimer
> 
> It passes all tests on ppc64el with gcc 12 with both -O2 and -O3.
> 
> diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> index d85154e73a..d8c0de1faf 100644
> --- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> +++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
> @@ -66,38 +66,35 @@ __llroundl (long double x)
>        /* Peg at max/min values, assuming that the above conversions do so.
>           Strictly speaking, we can return anything for values that overflow,
>           but this is more useful.  */
> -      res = hi + lo;
> -
> -      /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
> -      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
> +      if (__glibc_unlikely (__builtin_add_overflow (hi, lo, &res)))
>  	goto overflow;
>  
>        xh -= lo;
>        ldbl_canonicalize (&xh, &xl);
>  
> -      hi = res;
>        if (xh > 0.5)
>  	{
> -	  res += 1;
> +	  if (__glibc_unlikely (__builtin_add_overflow (res, 1, &res)))
> +	    goto overflow;
>  	}
>        else if (xh == 0.5)
>  	{
>  	  if (xl > 0.0 || (xl == 0.0 && res >= 0))
> -	    res += 1;
> +	    if (__glibc_unlikely (__builtin_add_overflow (res, 1, &res)))
> +	      goto overflow;
>  	}
>        else if (-xh > 0.5)
>  	{
> -	  res -= 1;
> +	  if (__glibc_unlikely (__builtin_add_overflow (res, -1, &res)))
> +	    goto overflow;
>  	}
>        else if (-xh == 0.5)
>  	{
>  	  if (xl < 0.0 || (xl == 0.0 && res <= 0))
> -	    res -= 1;
> +	    if (__glibc_unlikely (__builtin_add_overflow (res, -1, &res)))
> +	      goto overflow;
>  	}
>  
> -      if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
> -	goto overflow;
> -
>        return res;
>      }
>    else
> -- 
> 2.35.1
> 
>
Tulio Magno Quites Machado Filho Oct. 24, 2022, 1:55 p.m. UTC | #3 
Aurelien Jarno <aurelien@aurel32.net> writes:

> Ping. Tulio (as powerpc machine maintainer) or Joseph (as math component
> maintainer), could you please have a look at this patch?

I apologize for taking so long to review this.
LGTM.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
diff mbox series

Patch

diff --git a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
index d85154e73a..d8c0de1faf 100644
--- a/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
+++ b/sysdeps/ieee754/ldbl-128ibm/s_llroundl.c
@@ -66,38 +66,35 @@  __llroundl (long double x)
       /* Peg at max/min values, assuming that the above conversions do so.
          Strictly speaking, we can return anything for values that overflow,
          but this is more useful.  */
-      res = hi + lo;
-
-      /* This is just sign(hi) == sign(lo) && sign(res) != sign(hi).  */
-      if (__glibc_unlikely (((~(hi ^ lo) & (res ^ hi)) < 0)))
+      if (__glibc_unlikely (__builtin_add_overflow (hi, lo, &res)))
 	goto overflow;
 
       xh -= lo;
       ldbl_canonicalize (&xh, &xl);
 
-      hi = res;
       if (xh > 0.5)
 	{
-	  res += 1;
+	  if (__glibc_unlikely (__builtin_add_overflow (res, 1, &res)))
+	    goto overflow;
 	}
       else if (xh == 0.5)
 	{
 	  if (xl > 0.0 || (xl == 0.0 && res >= 0))
-	    res += 1;
+	    if (__glibc_unlikely (__builtin_add_overflow (res, 1, &res)))
+	      goto overflow;
 	}
       else if (-xh > 0.5)
 	{
-	  res -= 1;
+	  if (__glibc_unlikely (__builtin_add_overflow (res, -1, &res)))
+	    goto overflow;
 	}
       else if (-xh == 0.5)
 	{
 	  if (xl < 0.0 || (xl == 0.0 && res <= 0))
-	    res -= 1;
+	    if (__glibc_unlikely (__builtin_add_overflow (res, -1, &res)))
+	      goto overflow;
 	}
 
-      if (__glibc_unlikely (((~(hi ^ (res - hi)) & (res ^ hi)) < 0)))
-	goto overflow;
-
       return res;
     }
   else