Re: [PATCH v3] overflow: Allow mixed type arguments

From: Kees Cook
Date: Wed Aug 31 2022 - 13:49:18 EST

Next message: Maxim Levitsky: "Re: [PATCH 10/19] KVM: SVM: Document that vCPU ID == APIC ID in AVIC kick fastpatch"
Previous message: Farber, Eliav: "Re: [PATCH v3 08/19] dt-bindings: hwmon: (mr75203) add "moortec, vm-active-channels" property"
In reply to: Rasmus Villemoes: "Re: [PATCH v3] overflow: Allow mixed type arguments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 30, 2022 at 09:52:32PM +0200, Rasmus Villemoes wrote:
> On 30/08/2022 21.21, Kees Cook wrote:
> > [...]
> > + * *@d holds the results of the attempted addition, but is not considered
> > + * "safe for use" on a non-zero return value, which indicates that the
> > + * sum has overflowed or been truncated.
>
> I don't like that wording. It makes it sound like there's some ambiguity
> or (implementation|un)-definedness involved in what the destination
> holds on overflow. The gcc documentation is perfectly clear that the
> result is the infinite-precision result truncated to N bits, with N
> being the bitwidth of d.

Hm, well, I think use of *d should be strongly discouraged on overflow.
How about just adding the specifics to the end?

* *@d holds the result of the attempted addition, but is not considered
* "safe for use" on a non-zero return value, which indicates that the
* sum has overflowed or been truncated. (*@d will contain the
* infinite-precision result truncated to the bitwidth of *@d.)

--
Kees Cook

Next message: Maxim Levitsky: "Re: [PATCH 10/19] KVM: SVM: Document that vCPU ID == APIC ID in AVIC kick fastpatch"
Previous message: Farber, Eliav: "Re: [PATCH v3 08/19] dt-bindings: hwmon: (mr75203) add "moortec, vm-active-channels" property"
In reply to: Rasmus Villemoes: "Re: [PATCH v3] overflow: Allow mixed type arguments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]