On Mon, Jul 09, 2018 at 06:02:09PM +0000, Bart Van Assche wrote: > On Sun, 2018-07-08 at 12:42 -0600, Jason Gunthorpe wrote: > > On Sun, Jul 08, 2018 at 03:31:45PM +0000, Bart Van Assche wrote: > > > On Sun, 2018-07-08 at 13:38 +0300, Leon Romanovsky wrote: > > > > +/* > > > > + * Compute *d = (a << s) > > > > + * > > > > + * Returns true if '*d' cannot hold the result or 'a << s' doesn't make sense. > > > > + * - 'a << s' causes bits to be lost when stored in d > > > > + * - 's' is garbage (eg negative) or so large that a << s is guaranteed to be 0 > > > > > > If s >= sizeof(a) * 8 then a << s triggers undefined behavior. There is no guarantee > > > that the result will be 0. See also > > > http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_21.html. > > > > This is already prevented with this: > > [ ... ] > > Yes, I am aware that the code prevents overflow. What I wanted to make clear is > that the comment "guaranteed to be 0" is wrong. It is only wrong if you read 'a << s' as C code, and not as a mathematical function :) How would you clarify it? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
