On 23/03/2021 14.58, Andrew Jones wrote:
Checking for overflow can difficult, but doing so may be a good
idea to avoid difficult to debug problems. Compilers that provide
builtins for overflow checking allow the checks to be simple
enough that we can use them more liberally. The idea for this
flag is to wrap a calculation that should have overflow checking,
allowing compilers that support it to give us some extra robustness.
For example,
#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW
bool overflow = __builtin_mul_overflow(x, y, &z);
assert(!overflow);
#else
/* Older compiler, hopefully we don't overflow... */
z = x * y;
#endif
Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>
---
lib/linux/compiler.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lib/linux/compiler.h b/lib/linux/compiler.h
index 2d72f18c36e5..311da9807932 100644
--- a/lib/linux/compiler.h
+++ b/lib/linux/compiler.h
@@ -8,6 +8,20 @@
#ifndef __ASSEMBLY__
+#define GCC_VERSION (__GNUC__ * 10000 \
+ + __GNUC_MINOR__ * 100 \
+ + __GNUC_PATCHLEVEL__)
+
+#ifdef __clang__
+#if __has_builtin(__builtin_mul_overflow) && \
+ __has_builtin(__builtin_add_overflow) && \
+ __has_builtin(__builtin_sub_overflow)
+#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
+#endif
+#elif GCC_VERSION >= 50100
+#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
+#endif
+
#include <stdint.h>
#define barrier() asm volatile("" : : : "memory")
Acked-by: Thomas Huth <thuth@xxxxxxxxxx>
... but I wonder:
1) Whether we still want to support those old compilers that do not have
this built-in functions yet ... maybe it's time to declare the older systems
as unsupported now?
2) Whether it would make more sense to provide static-inline functions for
these arithmetic operations that take care of the overflow handling, so that
we do not have #ifdefs in the .c code later all over the place?
Thomas
