* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
@ 2020-05-03 12:49 ` Aleksandar Markovic
2020-05-03 12:55 ` Aleksandar Markovic
2020-05-03 17:18 ` Richard Henderson
2020-05-03 19:04 ` Aleksandar Markovic
2020-06-03 16:06 ` Eric Blake
2 siblings, 2 replies; 14+ messages in thread
From: Aleksandar Markovic @ 2020-05-03 12:49 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, QEMU Developers,
Laurent Vivier
нед, 3. мај 2020. у 13:33 Philippe Mathieu-Daudé <f4bug@amsat.org> је
написао/ла:
>
> When building with Clang 10 on Fedora 32, we get:
>
> CC linux-user/mmap.o
> linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
>
> Fix by restricting the check for when target sizeof(abi_ulong) is
> smaller than target sizeof(unsigned long).
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> linux-user/mmap.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index e378033797..b14652d894 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> errno = ENOMEM;
> host_addr = MAP_FAILED;
> }
> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
> /* Check if address fits target address space */
> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> /* Revert mremap() changes */
> @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> errno = ENOMEM;
> host_addr = MAP_FAILED;
> }
> +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
Hm, Philippe, this will silence the clang error, but is this the right
thing to do?
Why do you think the case:
TARGET_ABI_BITS < TARGET_LONG_BITS
doesn't need this check? In any case, for clarity, the reason should
be mentioned in the commit message.
Regards,
Aleksandar
> }
>
> if (host_addr == MAP_FAILED) {
> --
> 2.21.3
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-05-03 12:49 ` Aleksandar Markovic
@ 2020-05-03 12:55 ` Aleksandar Markovic
2020-05-03 17:18 ` Richard Henderson
1 sibling, 0 replies; 14+ messages in thread
From: Aleksandar Markovic @ 2020-05-03 12:55 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, QEMU Developers,
Laurent Vivier
нед, 3. мај 2020. у 14:49 Aleksandar Markovic
<aleksandar.qemu.devel@gmail.com> је написао/ла:
>
> нед, 3. мај 2020. у 13:33 Philippe Mathieu-Daudé <f4bug@amsat.org> је
> написао/ла:
> >
> > When building with Clang 10 on Fedora 32, we get:
> >
> > CC linux-user/mmap.o
> > linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
> > if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
> >
> > Fix by restricting the check for when target sizeof(abi_ulong) is
> > smaller than target sizeof(unsigned long).
> >
> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > ---
> > linux-user/mmap.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> > index e378033797..b14652d894 100644
> > --- a/linux-user/mmap.c
> > +++ b/linux-user/mmap.c
> > @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> > errno = ENOMEM;
> > host_addr = MAP_FAILED;
> > }
> > +#if TARGET_ABI_BITS < TARGET_LONG_BITS
Or, for that matter, a comment should be inserted before this
line with explanation why the check is not needed for this case.
I think QEMU is too full with unexplained "ifdefs", which, of
course, doesn't help readibility.
> > /* Check if address fits target address space */
> > if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> > /* Revert mremap() changes */
> > @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> > errno = ENOMEM;
> > host_addr = MAP_FAILED;
> > }
> > +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
>
> Hm, Philippe, this will silence the clang error, but is this the right
> thing to do?
>
> Why do you think the case:
>
> TARGET_ABI_BITS < TARGET_LONG_BITS
>
> doesn't need this check? In any case, for clarity, the reason should
> be mentioned in the commit message.
>
> Regards,
> Aleksandar
>
>
> > }
> >
> > if (host_addr == MAP_FAILED) {
> > --
> > 2.21.3
> >
> >
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-05-03 12:49 ` Aleksandar Markovic
2020-05-03 12:55 ` Aleksandar Markovic
@ 2020-05-03 17:18 ` Richard Henderson
1 sibling, 0 replies; 14+ messages in thread
From: Richard Henderson @ 2020-05-03 17:18 UTC (permalink / raw)
To: Aleksandar Markovic, Philippe Mathieu-Daudé
Cc: qemu-trivial, Laurent Vivier, Riku Voipio, Gerd Hoffmann,
QEMU Developers
On 5/3/20 5:49 AM, Aleksandar Markovic wrote:
> нед, 3. мај 2020. у 13:33 Philippe Mathieu-Daudé <f4bug@amsat.org> је
> написао/ла:
>>
>> When building with Clang 10 on Fedora 32, we get:
>>
>> CC linux-user/mmap.o
>> linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
>> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
>>
>> Fix by restricting the check for when target sizeof(abi_ulong) is
>> smaller than target sizeof(unsigned long).
>>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>> linux-user/mmap.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
>> index e378033797..b14652d894 100644
>> --- a/linux-user/mmap.c
>> +++ b/linux-user/mmap.c
>> @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>> errno = ENOMEM;
>> host_addr = MAP_FAILED;
>> }
>> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
>> /* Check if address fits target address space */
>> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>> /* Revert mremap() changes */
>> @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>> errno = ENOMEM;
>> host_addr = MAP_FAILED;
>> }
>> +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
>
> Hm, Philippe, this will silence the clang error, but is this the right
> thing to do?
>
> Why do you think the case:
>
> TARGET_ABI_BITS < TARGET_LONG_BITS
>
> doesn't need this check?
I think that's quite obvious from the clang warning -- the test is always false
due to type limits.
That said, this is at minimum the second occurrence of having to add ifdefs to
work around this particular new warning, because there does not seem to be any
other way to suppress the warning, and I'm not keen on that.
I would prefer that we disable the warning on the compiler command line in
configure.
r~
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
2020-05-03 12:49 ` Aleksandar Markovic
@ 2020-05-03 19:04 ` Aleksandar Markovic
2020-06-03 16:06 ` Eric Blake
2 siblings, 0 replies; 14+ messages in thread
From: Aleksandar Markovic @ 2020-05-03 19:04 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: qemu-trivial, Riku Voipio, Gerd Hoffmann, QEMU Developers,
Laurent Vivier
> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
> /* Check if address fits target address space */
> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
It would be clearer if "#if TARGET_LONG_BITS > TARGET_ABI_BITS"
is used, to match the comparison in if() statement.
> /* Revert mremap() changes */
> @@ -721,6 +722,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> errno = ENOMEM;
> host_addr = MAP_FAILED;
> }
> +#endif /* TARGET_ABI_BITS < TARGET_LONG_BITS */
> }
>
> if (host_addr == MAP_FAILED) {
> --
> 2.21.3
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-05-03 11:32 ` [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning Philippe Mathieu-Daudé
2020-05-03 12:49 ` Aleksandar Markovic
2020-05-03 19:04 ` Aleksandar Markovic
@ 2020-06-03 16:06 ` Eric Blake
2020-06-03 18:01 ` Richard Henderson
2 siblings, 1 reply; 14+ messages in thread
From: Eric Blake @ 2020-06-03 16:06 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann
On 5/3/20 6:32 AM, Philippe Mathieu-Daudé wrote:
> When building with Clang 10 on Fedora 32, we get:
>
> CC linux-user/mmap.o
> linux-user/mmap.c:720:49: error: result of comparison 'unsigned long' > 18446744073709551615 is always false [-Werror,-Wtautological-type-limit-compare]
> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
>
> Fix by restricting the check for when target sizeof(abi_ulong) is
> smaller than target sizeof(unsigned long).
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> linux-user/mmap.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index e378033797..b14652d894 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -714,6 +714,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> errno = ENOMEM;
> host_addr = MAP_FAILED;
> }
> +#if TARGET_ABI_BITS < TARGET_LONG_BITS
> /* Check if address fits target address space */
> if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
Instead of using #if, the following suffices to shut up clang:
diff --git c/linux-user/mmap.c w/linux-user/mmap.c
index e37803379747..8d9ba201625d 100644
--- c/linux-user/mmap.c
+++ w/linux-user/mmap.c
@@ -715,7 +715,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong
old_size,
host_addr = MAP_FAILED;
}
/* Check if address fits target address space */
- if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
+ if ((unsigned long)host_addr > (abi_ulong)-1 - new_size) {
/* Revert mremap() changes */
host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
errno = ENOMEM;
That is, it is no longer a tautological type compare if you commute the
operations so that neither side is a compile-time constant.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-06-03 16:06 ` Eric Blake
@ 2020-06-03 18:01 ` Richard Henderson
2020-06-03 18:09 ` Thomas Huth
0 siblings, 1 reply; 14+ messages in thread
From: Richard Henderson @ 2020-06-03 18:01 UTC (permalink / raw)
To: Eric Blake, Philippe Mathieu-Daudé, qemu-devel
Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann
On 6/3/20 9:06 AM, Eric Blake wrote:
> Instead of using #if, the following suffices to shut up clang:
>
> diff --git c/linux-user/mmap.c w/linux-user/mmap.c
> index e37803379747..8d9ba201625d 100644
> --- c/linux-user/mmap.c
> +++ w/linux-user/mmap.c
> @@ -715,7 +715,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
> host_addr = MAP_FAILED;
> }
> /* Check if address fits target address space */
> - if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
> + if ((unsigned long)host_addr > (abi_ulong)-1 - new_size) {
> /* Revert mremap() changes */
> host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
> errno = ENOMEM;
>
>
> That is, it is no longer a tautological type compare if you commute the
> operations so that neither side is a compile-time constant.
To some extent the tautological compare is a hint to the compiler that the
comparison may be optimized away. If sizeof(abi_ulong) >= sizeof(unsigned
long), then the host *cannot* produce an out-of-range target address.
We could add the sizeof test to the if, to preserve the optimization, but that
by itself doesn't prevent the clang warning.
Which is why I have repeatedly suggested that we disable this warning globally.
Because every single instance so far has been of this form: where we are
expecting the compiler to fold away the block of code protected by the
tautological comparison.
I will also note that there is an existing off-by-one problem wrt the final
page: with a 12-bit page,
0xfffff000 + 0x1000 > 0xffffffff
The proper test I think is
(uintptr_t)host_addr + new_size - 1 > (abi_ulong)-1
If we're going to use your suggestion above, this becomes
(uintptr_t)host_addr > (abi_ulong)-new_size
r~
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH 2/2] linux-user/mmap: Fix Clang 'type-limit-compare' warning
2020-06-03 18:01 ` Richard Henderson
@ 2020-06-03 18:09 ` Thomas Huth
0 siblings, 0 replies; 14+ messages in thread
From: Thomas Huth @ 2020-06-03 18:09 UTC (permalink / raw)
To: Richard Henderson, Eric Blake, Philippe Mathieu-Daudé, qemu-devel
Cc: qemu-trivial, Riku Voipio, Laurent Vivier, Gerd Hoffmann
On 03/06/2020 20.01, Richard Henderson wrote:
> On 6/3/20 9:06 AM, Eric Blake wrote:
>> Instead of using #if, the following suffices to shut up clang:
>>
>> diff --git c/linux-user/mmap.c w/linux-user/mmap.c
>> index e37803379747..8d9ba201625d 100644
>> --- c/linux-user/mmap.c
>> +++ w/linux-user/mmap.c
>> @@ -715,7 +715,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
>> host_addr = MAP_FAILED;
>> }
>> /* Check if address fits target address space */
>> - if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
>> + if ((unsigned long)host_addr > (abi_ulong)-1 - new_size) {
>> /* Revert mremap() changes */
>> host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
>> errno = ENOMEM;
>>
>>
>> That is, it is no longer a tautological type compare if you commute the
>> operations so that neither side is a compile-time constant.
>
> To some extent the tautological compare is a hint to the compiler that the
> comparison may be optimized away. If sizeof(abi_ulong) >= sizeof(unsigned
> long), then the host *cannot* produce an out-of-range target address.
>
> We could add the sizeof test to the if, to preserve the optimization, but that
> by itself doesn't prevent the clang warning.
>
> Which is why I have repeatedly suggested that we disable this warning globally.
I guess most people (like me) don't have a strong opinion about this. So
maybe simply suggest a patch to disable the warning? I don't think that
anybody will object.
Thomas
^ permalink raw reply [flat|nested] 14+ messages in thread