From: Gabriel Paubert <paubert@iram.es>
To: Segher Boessenkool <segher@kernel.crashing.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>,
paulus@samba.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH] powerpc: Avoid panic during boot due to divide by zero in init_cache_info()
Date: Mon, 6 Mar 2017 13:03:19 +0100 [thread overview]
Message-ID: <20170306120319.GA17443@visitor2.iram.es> (raw)
In-Reply-To: <20170305172456.GN31469@gate.crashing.org>
On Sun, Mar 05, 2017 at 11:24:56AM -0600, Segher Boessenkool wrote:
> On Sun, Mar 05, 2017 at 05:58:37PM +0100, Gabriel Paubert wrote:
> > > > Erk sorry. One of the static checkers spotted it, but I hadn't got
> > > > around to fixing it because it seemed to not actually blow up, guess
> > > > not.
> > >
> > > The PowerPC divw etc. instructions do not trap by themselves, but recent
> > > GCC inserts trap instructions on code paths that are always undefined
> > > behaviour (like, dividing by zero).
> >
> > Is it systematic or does it depend from, e.g., optimization levels?
>
> In this case it needs -fisolate-erroneous-paths-dereference which is
> default at -O2 and higher.
Great, another optimization-dependent behaviour. :-(
But this is not the most serious issue: on PPC, when you #include
<limits>, the numeric_limits<any_integer_type>::traps is false on PPC,
and on no other architecture that I know of (in practice this trap
reflects the hardware behaviour on division by zero).
By generating a trap in this case, I believe that the compiler violates
a contract given by <limits>, and the standard.
I'd certainly prefer a compile time warning, easily convertible to an
error.
>
> > Is there anything in the standards about this feature?
>
> The compiler can do whatever it likes with code that has undefined
> behaviour. With this optimisation it a) can compile the conforming
> code to something better; and b) undefined behaviour will trap instead
> of doing something random (which often is exploitable).
It may be undefined, but I believe that the numeric_limits<>::traps
value clearly prohibits generating a trap in this case.
Gabriel
next prev parent reply other threads:[~2017-03-06 12:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-04 23:54 [PATCH] powerpc: Avoid panic during boot due to divide by zero in init_cache_info() Anton Blanchard
2017-03-05 0:25 ` Benjamin Herrenschmidt
2017-03-05 0:27 ` Benjamin Herrenschmidt
2017-03-05 10:26 ` Michael Ellerman
2017-03-05 12:37 ` Segher Boessenkool
2017-03-05 16:58 ` Gabriel Paubert
2017-03-05 17:24 ` Segher Boessenkool
2017-03-05 23:09 ` Benjamin Herrenschmidt
2017-03-06 0:10 ` Segher Boessenkool
2017-03-06 0:20 ` Benjamin Herrenschmidt
2017-03-06 12:03 ` Gabriel Paubert [this message]
2017-03-06 14:17 ` Segher Boessenkool
2017-03-06 15:18 ` David Laight
2017-03-05 10:36 ` Michael Ellerman
2017-03-08 7:25 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170306120319.GA17443@visitor2.iram.es \
--to=paubert@iram.es \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=segher@kernel.crashing.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.