Re: [PATCH rdma-next v1 1/3] overflow.h: Add arithmetic shift helper

Bart Van Assche <Bart.VanAssche@xxxxxxx> · Mon, 9 Jul 2018 18:37:10 +0000

On Mon, 2018-07-09 at 12:22 -0600, Jason Gunthorpe wrote:
> On Mon, Jul 09, 2018 at 06:02:09PM +0000, Bart Van Assche wrote:
> > On Sun, 2018-07-08 at 12:42 -0600, Jason Gunthorpe wrote:
> > > On Sun, Jul 08, 2018 at 03:31:45PM +0000, Bart Van Assche wrote:
> > > > On Sun, 2018-07-08 at 13:38 +0300, Leon Romanovsky wrote:
> > > > > +/*
> > > > > + * Compute *d = (a << s)
> > > > > + *
> > > > > + * Returns true if '*d' cannot hold the result or 'a << s' doesn't make sense.
> > > > > + * - 'a << s' causes bits to be lost when stored in d
> > > > > + * - 's' is garbage (eg negative) or so large that a << s is guaranteed to be 0
> > > > 
> > > > If s >= sizeof(a) * 8 then a << s triggers undefined behavior. There is no guarantee
> > > > that the result will be 0. See also
> > > > http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_21.html.
> > > 
> > > This is already prevented with this:
> > > [ ... ]
> > 
> > Yes, I am aware that the code prevents overflow. What I wanted to make clear is
> > that the comment "guaranteed to be 0" is wrong.
> 
> It is only wrong if you read 'a << s' as C code, and not as a
> mathematical function :)
> 
> How would you clarify it?

Hello Jason,

If the expression is intended as a mathematical function, how about mentioning
that a << s is larger than any value that can be stored into *d?

Thanks,

Bart.��.n��������+%������w��{.n�����{���fk��ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f