[RFC PATCH 0/2] misc: fix Clang10 warnings

All of lore.kernel.org
 help / color / mirror / Atom feed

* [RFC PATCH 0/2] misc: fix Clang10 warnings
@ 2020-05-03 11:32 Philippe Mathieu-Daudé
  2020-05-03 11:32 ` [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning Philippe Mathieu-Daudé
  2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
  0 siblings, 2 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-05-03 11:32 UTC (permalink / raw)
  To: qemu-devel
  Cc: qemu-trivial, Philippe Mathieu-Daudé,
	Riku Voipio, Laurent Vivier, Gerd Hoffmann

Fix 2 warnings when building with Clang on Fedora32.

Philippe Mathieu-Daudé (2):
  audio/mixeng: Fix Clang 'int-conversion' warning
  linux-user/mmap: Fix Clang 'type-limit-compare' warning

 audio/mixeng.c    | 2 +-
 linux-user/mmap.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

-- 
2.21.3



^ permalink raw reply	[flat|nested] 14+ messages in thread

* [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning
  2020-05-03 11:32 [RFC PATCH 0/2] misc: fix Clang10 warnings Philippe Mathieu-Daudé
@ 2020-05-03 11:32 ` Philippe Mathieu-Daudé
  2020-05-03 12:52   ` BALATON Zoltan
                     ` (2 more replies)
  2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
  1 sibling, 3 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-05-03 11:32 UTC (permalink / raw)
  To: qemu-devel
  Cc: qemu-trivial, Philippe Mathieu-Daudé,
	Riku Voipio, Laurent Vivier, Gerd Hoffmann

When building with Clang 10 on Fedora 32, we get:

    CC      audio/mixeng.o
  audio/mixeng.c:274:34: error: implicit conversion from 'unsigned int' to 'float' changes value from 4294967295 to 4294967296 [-Werror,-Wimplicit-int-float-conversion]
  static const float float_scale = UINT_MAX / 2.f;
                                   ^~~~~~~~ ~
  /usr/lib64/clang/10.0.0/include/limits.h:56:37: note: expanded from macro 'UINT_MAX'
  #define UINT_MAX  (__INT_MAX__  *2U +1U)
                     ~~~~~~~~~~~~~~~~~^~~

Fix by using a 64-bit float for the conversion, before casting
back to 32-bit float.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 audio/mixeng.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/audio/mixeng.c b/audio/mixeng.c
index 739a500449..9946bfeaec 100644
--- a/audio/mixeng.c
+++ b/audio/mixeng.c
@@ -271,7 +271,7 @@ f_sample *mixeng_clip[2][2][2][3] = {
 #define CONV_NATURAL_FLOAT(x) (x)
 #define CLIP_NATURAL_FLOAT(x) (x)
 #else
-static const float float_scale = UINT_MAX / 2.f;
+static const float float_scale = UINT_MAX / 2.;
 #define CONV_NATURAL_FLOAT(x) ((x) * float_scale)
 
 #ifdef RECIPROCAL
-- 
2.21.3



^ permalink raw reply related	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning
  2020-05-03 11:32 ` [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning Philippe Mathieu-Daudé
@ 2020-05-03 12:52   ` BALATON Zoltan
  2020-05-03 17:12   ` Richard Henderson
  2020-05-04  5:49   ` Volker Rümelin
  2 siblings, 0 replies; 14+ messages in thread
From: BALATON Zoltan @ 2020-05-03 12:52 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, qemu-devel, Laurent Vivier

[-- Attachment #1: Type: text/plain, Size: 1267 bytes --]

On Sun, 3 May 2020, Philippe Mathieu-Daudé wrote:
> When building with Clang 10 on Fedora 32, we get:
>
>    CC      audio/mixeng.o
>  audio/mixeng.c:274:34: error: implicit conversion from 'unsigned int' to 'float' changes value from 4294967295 to 4294967296 [-Werror,-Wimplicit-int-float-conversion]
>  static const float float_scale = UINT_MAX / 2.f;
>                                   ^~~~~~~~ ~
>  /usr/lib64/clang/10.0.0/include/limits.h:56:37: note: expanded from macro 'UINT_MAX'
>  #define UINT_MAX  (__INT_MAX__  *2U +1U)
>                     ~~~~~~~~~~~~~~~~~^~~
>
> Fix by using a 64-bit float for the conversion, before casting
> back to 32-bit float.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> audio/mixeng.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/audio/mixeng.c b/audio/mixeng.c
> index 739a500449..9946bfeaec 100644
> --- a/audio/mixeng.c
> +++ b/audio/mixeng.c
> @@ -271,7 +271,7 @@ f_sample *mixeng_clip[2][2][2][3] = {
> #define CONV_NATURAL_FLOAT(x) (x)
> #define CLIP_NATURAL_FLOAT(x) (x)
> #else
> -static const float float_scale = UINT_MAX / 2.f;
> +static const float float_scale = UINT_MAX / 2.;

Maybe writing it as 2.0 is easier to read and looks nicer.

Regards,
BALATON Zoltan

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning
  2020-05-03 11:32 ` [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning Philippe Mathieu-Daudé
  2020-05-03 12:52   ` BALATON Zoltan
@ 2020-05-03 17:12   ` Richard Henderson
  2020-05-04  5:49   ` Volker Rümelin
  2 siblings, 0 replies; 14+ messages in thread
From: Richard Henderson @ 2020-05-03 17:12 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann

On 5/3/20 4:32 AM, Philippe Mathieu-Daudé wrote:
> When building with Clang 10 on Fedora 32, we get:
> 
>     CC      audio/mixeng.o
>   audio/mixeng.c:274:34: error: implicit conversion from 'unsigned int' to 'float' changes value from 4294967295 to 4294967296 [-Werror,-Wimplicit-int-float-conversion]
>   static const float float_scale = UINT_MAX / 2.f;
>                                    ^~~~~~~~ ~
>   /usr/lib64/clang/10.0.0/include/limits.h:56:37: note: expanded from macro 'UINT_MAX'
>   #define UINT_MAX  (__INT_MAX__  *2U +1U)
>                      ~~~~~~~~~~~~~~~~~^~~
> 
> Fix by using a 64-bit float for the conversion, before casting
> back to 32-bit float.
> 
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>  audio/mixeng.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

No, this should be fixed properly.

First, the warning is in the !FLOAT_MIXENG branch.  IMO that means we should
not be using floating point at all, and this should be a simple integral
multiply/shift.

I had a brief look at this before the 5.0 release.  The arithmetic all through
audio looks confused to me.  There's a combination of shifting and masking
(implying a scale by 1<<32), and multiplication and division by UINT32_MAX.

I'm reasonably certain that every appearance of UINT32_MAX in this code is an
off-by-one bug, or a misuse of the constant.


r~


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning
  2020-05-03 11:32 ` [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning Philippe Mathieu-Daudé
  2020-05-03 12:52   ` BALATON Zoltan
  2020-05-03 17:12   ` Richard Henderson
@ 2020-05-04  5:49   ` Volker Rümelin
  2020-05-04  6:50     ` Philippe Mathieu-Daudé
  2 siblings, 1 reply; 14+ messages in thread
From: Volker Rümelin @ 2020-05-04  5:49 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann


> Fix by using a 64-bit float for the conversion, before casting
> back to 32-bit float.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>  audio/mixeng.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/audio/mixeng.c b/audio/mixeng.c
> index 739a500449..9946bfeaec 100644
> --- a/audio/mixeng.c
> +++ b/audio/mixeng.c
> @@ -271,7 +271,7 @@ f_sample *mixeng_clip[2][2][2][3] = {
>  #define CONV_NATURAL_FLOAT(x) (x)
>  #define CLIP_NATURAL_FLOAT(x) (x)
>  #else
> -static const float float_scale = UINT_MAX / 2.f;
> +static const float float_scale = UINT_MAX / 2.;

I would prefer an explicit cast of UINT_MAX to float. This is what we already have in audio/mixeng_template.h in the conf_* and clip_* functions with FLOAT_MIXENG defined. I think similar functions should look similar.

>  #define CONV_NATURAL_FLOAT(x) ((x) * float_scale)
>  
>  #ifdef RECIPROCAL

Please don't forget to fix the RECIPROCAL case.


Btw. the problem was reported here:
https://lists.nongnu.org/archive/html/qemu-devel/2020-03/msg02270.html

With best regards,
Volker



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning
  2020-05-04  5:49   ` Volker Rümelin
@ 2020-05-04  6:50     ` Philippe Mathieu-Daudé
  0 siblings, 0 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-05-04  6:50 UTC (permalink / raw)
  To: Volker Rümelin, qemu-devel
  Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Alexander Bulekov,
	Gerd Hoffmann, Kővágó,
	Zoltán

On 5/4/20 7:49 AM, Volker Rümelin wrote:
> 
>> Fix by using a 64-bit float for the conversion, before casting
>> back to 32-bit float.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>>   audio/mixeng.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/audio/mixeng.c b/audio/mixeng.c
>> index 739a500449..9946bfeaec 100644
>> --- a/audio/mixeng.c
>> +++ b/audio/mixeng.c
>> @@ -271,7 +271,7 @@ f_sample *mixeng_clip[2][2][2][3] = {
>>   #define CONV_NATURAL_FLOAT(x) (x)
>>   #define CLIP_NATURAL_FLOAT(x) (x)
>>   #else
>> -static const float float_scale = UINT_MAX / 2.f;
>> +static const float float_scale = UINT_MAX / 2.;
> 
> I would prefer an explicit cast of UINT_MAX to float. This is what we already have in audio/mixeng_template.h in the conf_* and clip_* functions with FLOAT_MIXENG defined. I think similar functions should look similar.
> 
>>   #define CONV_NATURAL_FLOAT(x) ((x) * float_scale)
>>   
>>   #ifdef RECIPROCAL
> 
> Please don't forget to fix the RECIPROCAL case.
> 
> 
> Btw. the problem was reported here:
> https://lists.nongnu.org/archive/html/qemu-devel/2020-03/msg02270.html

Ah I missed that, I now feel safer knowing developers who understand 
this code are already trying to fix it, thanks Volker!

> 
> With best regards,
> Volker
> 
> 


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-05-03 11:32 [RFC PATCH 0/2] misc: fix Clang10 warnings Philippe Mathieu-Daudé
  2020-05-03 11:32 ` [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning Philippe Mathieu-Daudé
@ 2020-05-03 11:32 ` Philippe Mathieu-Daudé
  2020-05-03 12:49   ` Aleksandar Markovic
                     ` (2 more replies)
  1 sibling, 3 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-05-03 11:32 UTC (permalink / raw)
  To: qemu-devel
  Cc: qemu-trivial, Philippe Mathieu-Daudé,
	Riku Voipio, Laurent Vivier, Gerd Hoffmann

When building with Clang 10 on Fedora 32, we get:

    CC      linux-user/mmap.o
  linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
          if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~

Fix by restricting the check for when target sizeof(abi_ulong) is
smaller than target sizeof(unsigned long).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 linux-user/mmap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index e378033797..b14652d894 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
             errno = ENOMEM;
             host_addr = MAP_FAILED;
         }
+#if TARGET_ABI_BITS < TARGET_LONG_BITS
         /* Check if address fits target address space */
         if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
             /* Revert mremap() changes */
@@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
             errno = ENOMEM;
             host_addr = MAP_FAILED;
         }
+#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
     }
 
     if (host_addr == MAP_FAILED) {
-- 
2.21.3



^ permalink raw reply related	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
@ 2020-05-03 12:49   ` Aleksandar Markovic
  2020-05-03 12:55     ` Aleksandar Markovic
  2020-05-03 17:18     ` Richard Henderson
  2020-05-03 19:04   ` Aleksandar Markovic
  2020-06-03 16:06   ` Eric Blake
  2 siblings, 2 replies; 14+ messages in thread
From: Aleksandar Markovic @ 2020-05-03 12:49 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, QEMU Developers,
	Laurent Vivier

нед, 3. мај 2020. у 13:33 Philippe Mathieu-Daudé <f4bug@amsat.org> је
написао/ла:
>
> When building with Clang 10 on Fedora 32, we get:
>
>     CC      linux-user/mmap.o
>   linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
>           if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
>
> Fix by restricting the check for when target sizeof(abi_ulong) is
> smaller than target sizeof(unsigned long).
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>  linux-user/mmap.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index e378033797..b14652d894 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>              errno = ENOMEM;
>              host_addr = MAP_FAILED;
>          }
> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
>          /* Check if address fits target address space */
>          if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>              /* Revert mremap() changes */
> @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>              errno = ENOMEM;
>              host_addr = MAP_FAILED;
>          }
> +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */

Hm, Philippe, this will silence the clang error, but is this the right
thing to do?

Why do you think the case:

TARGET_ABI_BITS < TARGET_LONG_BITS

doesn't need this check? In any case, for clarity, the reason should
be mentioned in the commit message.

Regards,
Aleksandar


>      }
>
>      if (host_addr == MAP_FAILED) {
> --
> 2.21.3
>
>


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-05-03 12:49   ` Aleksandar Markovic
@ 2020-05-03 12:55     ` Aleksandar Markovic
  2020-05-03 17:18     ` Richard Henderson
  1 sibling, 0 replies; 14+ messages in thread
From: Aleksandar Markovic @ 2020-05-03 12:55 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, QEMU Developers,
	Laurent Vivier

нед, 3. мај 2020. у 14:49 Aleksandar Markovic
<aleksandar.qemu.devel@gmail.com> је написао/ла:
>
> нед, 3. мај 2020. у 13:33 Philippe Mathieu-Daudé <f4bug@amsat.org> је
> написао/ла:
> >
> > When building with Clang 10 on Fedora 32, we get:
> >
> >     CC      linux-user/mmap.o
> >   linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
> >           if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> >               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
> >
> > Fix by restricting the check for when target sizeof(abi_ulong) is
> > smaller than target sizeof(unsigned long).
> >
> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > ---
> >  linux-user/mmap.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> > index e378033797..b14652d894 100644
> > --- a/linux-user/mmap.c
> > +++ b/linux-user/mmap.c
> > @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> >              errno = ENOMEM;
> >              host_addr = MAP_FAILED;
> >          }
> > +#if TARGET_ABI_BITS < TARGET_LONG_BITS

Or, for that matter, a comment should be inserted before this
line with explanation why the check is not needed for this case.

I think QEMU is too full with unexplained "ifdefs", which, of
course, doesn't help readibility.

> >          /* Check if address fits target address space */
> >          if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> >              /* Revert mremap() changes */
> > @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> >              errno = ENOMEM;
> >              host_addr = MAP_FAILED;
> >          }
> > +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
>
> Hm, Philippe, this will silence the clang error, but is this the right
> thing to do?
>
> Why do you think the case:
>
> TARGET_ABI_BITS < TARGET_LONG_BITS
>
> doesn't need this check? In any case, for clarity, the reason should
> be mentioned in the commit message.
>
> Regards,
> Aleksandar
>
>
> >      }
> >
> >      if (host_addr == MAP_FAILED) {
> > --
> > 2.21.3
> >
> >


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-05-03 12:49   ` Aleksandar Markovic
  2020-05-03 12:55     ` Aleksandar Markovic
@ 2020-05-03 17:18     ` Richard Henderson
  1 sibling, 0 replies; 14+ messages in thread
From: Richard Henderson @ 2020-05-03 17:18 UTC (permalink / raw)
  To: Aleksandar Markovic, Philippe Mathieu-Daudé
  Cc: qemu-trivial, Laurent Vivier, Riku Voipio, Gerd Hoffmann,
	QEMU Developers

On 5/3/20 5:49 AM, Aleksandar Markovic wrote:
> нед, 3. мај 2020. у 13:33 Philippe Mathieu-Daudé <f4bug@amsat.org> је
> написао/ла:
>>
>> When building with Clang 10 on Fedora 32, we get:
>>
>>     CC      linux-user/mmap.o
>>   linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
>>           if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>>               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
>>
>> Fix by restricting the check for when target sizeof(abi_ulong) is
>> smaller than target sizeof(unsigned long).
>>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>>  linux-user/mmap.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
>> index e378033797..b14652d894 100644
>> --- a/linux-user/mmap.c
>> +++ b/linux-user/mmap.c
>> @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>>              errno = ENOMEM;
>>              host_addr = MAP_FAILED;
>>          }
>> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
>>          /* Check if address fits target address space */
>>          if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>>              /* Revert mremap() changes */
>> @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>>              errno = ENOMEM;
>>              host_addr = MAP_FAILED;
>>          }
>> +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
> 
> Hm, Philippe, this will silence the clang error, but is this the right
> thing to do?
> 
> Why do you think the case:
> 
> TARGET_ABI_BITS < TARGET_LONG_BITS
> 
> doesn't need this check?

I think that's quite obvious from the clang warning -- the test is always false
due to type limits.

That said, this is at minimum the second occurrence of having to add ifdefs to
work around this particular new warning, because there does not seem to be any
other way to suppress the warning, and I'm not keen on that.

I would prefer that we disable the warning on the compiler command line in
configure.


r~


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
  2020-05-03 12:49   ` Aleksandar Markovic
@ 2020-05-03 19:04   ` Aleksandar Markovic
  2020-06-03 16:06   ` Eric Blake
  2 siblings, 0 replies; 14+ messages in thread
From: Aleksandar Markovic @ 2020-05-03 19:04 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, QEMU Developers,
	Laurent Vivier

> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
>          /* Check if address fits target address space */
>          if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {

It would be clearer if "#if  TARGET_LONG_BITS > TARGET_ABI_BITS"
is used, to match the comparison in if() statement.

>              /* Revert mremap() changes */
> @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>              errno = ENOMEM;
>              host_addr = MAP_FAILED;
>          }
> +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
>      }
>
>      if (host_addr == MAP_FAILED) {
> --
> 2.21.3
>
>


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
  2020-05-03 12:49   ` Aleksandar Markovic
  2020-05-03 19:04   ` Aleksandar Markovic
@ 2020-06-03 16:06   ` Eric Blake
  2020-06-03 18:01     ` Richard Henderson
  2 siblings, 1 reply; 14+ messages in thread
From: Eric Blake @ 2020-06-03 16:06 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann

On 5/3/20 6:32 AM, Philippe Mathieu-Daudé wrote:
> When building with Clang 10 on Fedora 32, we get:
> 
>      CC      linux-user/mmap.o
>    linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
>            if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
> 
> Fix by restricting the check for when target sizeof(abi_ulong) is
> smaller than target sizeof(unsigned long).
> 
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>   linux-user/mmap.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index e378033797..b14652d894 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>               errno = ENOMEM;
>               host_addr = MAP_FAILED;
>           }
> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
>           /* Check if address fits target address space */
>           if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {

Instead of using #if, the following suffices to shut up clang:

diff --git c/linux-user/mmap.c w/linux-user/mmap.c
index e37803379747..8d9ba201625d 100644
--- c/linux-user/mmap.c
+++ w/linux-user/mmap.c
@@ -715,7 +715,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
              host_addr = MAP_FAILED;
          }
          /* Check if address fits target address space */
-        if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
+        if ((unsigned long)host_addr > (abi_ulong)-1 - new_size) {
              /* Revert mremap() changes */
              host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
              errno = ENOMEM;


That is, it is no longer a tautological type compare if you commute the 
operations so that neither side is a compile-time constant.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



^ permalink raw reply related	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-06-03 16:06   ` Eric Blake
@ 2020-06-03 18:01     ` Richard Henderson
  2020-06-03 18:09       ` Thomas Huth
  0 siblings, 1 reply; 14+ messages in thread
From: Richard Henderson @ 2020-06-03 18:01 UTC (permalink / raw)
  To: Eric Blake, Philippe Mathieu-Daudé, qemu-devel
  Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann

On 6/3/20 9:06 AM, Eric Blake wrote:
> Instead of using #if, the following suffices to shut up clang:
> 
> diff --git c/linux-user/mmap.c w/linux-user/mmap.c
> index e37803379747..8d9ba201625d 100644
> --- c/linux-user/mmap.c
> +++ w/linux-user/mmap.c
> @@ -715,7 +715,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>              host_addr = MAP_FAILED;
>          }
>          /* Check if address fits target address space */
> -        if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> +        if ((unsigned long)host_addr > (abi_ulong)-1 - new_size) {
>              /* Revert mremap() changes */
>              host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
>              errno = ENOMEM;
> 
> 
> That is, it is no longer a tautological type compare if you commute the
> operations so that neither side is a compile-time constant.

To some extent the tautological compare is a hint to the compiler that the
comparison may be optimized away.  If sizeof(abi_ulong) >= sizeof(unsigned
long), then the host *cannot* produce an out-of-range target address.

We could add the sizeof test to the if, to preserve the optimization, but that
by itself doesn't prevent the clang warning.

Which is why I have repeatedly suggested that we disable this warning globally.
 Because every single instance so far has been of this form: where we are
expecting the compiler to fold away the block of code protected by the
tautological comparison.

I will also note that there is an existing off-by-one problem wrt the final
page: with a 12-bit page,

  0xfffff000 + 0x1000 > 0xffffffff

The proper test I think is

  (uintptr_t)host_addr + new_size - 1 > (abi_ulong)-1

If we're going to use your suggestion above, this becomes

  (uintptr_t)host_addr > (abi_ulong)-new_size


r~


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
  2020-06-03 18:01     ` Richard Henderson
@ 2020-06-03 18:09       ` Thomas Huth
  0 siblings, 0 replies; 14+ messages in thread
From: Thomas Huth @ 2020-06-03 18:09 UTC (permalink / raw)
  To: Richard Henderson, Eric Blake, Philippe Mathieu-Daudé, qemu-devel
  Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann

On 03/06/2020 20.01, Richard Henderson wrote:
> On 6/3/20 9:06 AM, Eric Blake wrote:
>> Instead of using #if, the following suffices to shut up clang:
>>
>> diff --git c/linux-user/mmap.c w/linux-user/mmap.c
>> index e37803379747..8d9ba201625d 100644
>> --- c/linux-user/mmap.c
>> +++ w/linux-user/mmap.c
>> @@ -715,7 +715,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>>              host_addr = MAP_FAILED;
>>          }
>>          /* Check if address fits target address space */
>> -        if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>> +        if ((unsigned long)host_addr > (abi_ulong)-1 - new_size) {
>>              /* Revert mremap() changes */
>>              host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
>>              errno = ENOMEM;
>>
>>
>> That is, it is no longer a tautological type compare if you commute the
>> operations so that neither side is a compile-time constant.
> 
> To some extent the tautological compare is a hint to the compiler that the
> comparison may be optimized away.  If sizeof(abi_ulong) >= sizeof(unsigned
> long), then the host *cannot* produce an out-of-range target address.
> 
> We could add the sizeof test to the if, to preserve the optimization, but that
> by itself doesn't prevent the clang warning.
> 
> Which is why I have repeatedly suggested that we disable this warning globally.

I guess most people (like me) don't have a strong opinion about this. So
maybe simply suggest a patch to disable the warning? I don't think that
anybody will object.

 Thomas



^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2020-06-03 18:10 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-03 11:32 [RFC PATCH 0/2] misc: fix Clang10 warnings Philippe Mathieu-Daudé
2020-05-03 11:32 ` [RFC PATCH 1/2] audio/mixeng: Fix Clang 'int-conversion' warning Philippe Mathieu-Daudé
2020-05-03 12:52   ` BALATON Zoltan
2020-05-03 17:12   ` Richard Henderson
2020-05-04  5:49   ` Volker Rümelin
2020-05-04  6:50     ` Philippe Mathieu-Daudé
2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
2020-05-03 12:49   ` Aleksandar Markovic
2020-05-03 12:55     ` Aleksandar Markovic
2020-05-03 17:18     ` Richard Henderson
2020-05-03 19:04   ` Aleksandar Markovic
2020-06-03 16:06   ` Eric Blake
2020-06-03 18:01     ` Richard Henderson
2020-06-03 18:09       ` Thomas Huth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.