Re: better patch for linux/bitops.h

[H. Peter Anvin]

On 05/04/16 21:03, Jeffrey Walton wrote:
> On Wed, May 4, 2016 at 11:50 PM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> > ...
> > But instead of arguing over what works and doesn't, let's just create
> > the the test set and just try it on a wide range of compilers and
> > architectures, hmmm?
>
> What are the requirements? Here's a short list:
>
>    * No undefined behavior
>      - important because the compiler writers use the C standard
>    * Compiles to native "rotate IMMEDIATE" if the rotate amount is a
> "constant expression" and the machine provides it
>      - translates to a native rotate instruction if available
>      - "rotate IMM" can be 3 times faster than "rotate REG"
>      - do any architectures *not* provide a rotate?
>    * Compiles to native "rotate REGISTER" if the rotate is variable and
> the machine provides it
>      - do any architectures *not* provide a rotate?
>    * Constant time
>      - important to high-integrity code
>      - Non-security code paths probably don't care
>
> Maybe the first thing to do is provide a different rotates for the
> constant-time requirement when its in effect?

The disagreement here is the priority between these points.  In my very 
strong opinion, "no undefined behavior" per the C standard is way less 
important than the others; what matters is what gcc and the other 
compilers we care about do.  The kernel relies on various versions of 
C-standard-undefined behavior *all over the place*; for one thing 
sizeof(void *) == sizeof(size_t) == sizeof(unsigned long)!! but they are 
well-defined in the subcontext we care about.

(And no, not all architectures provide a rotate instruction.)

	-hpa