On Tue, Jul 31, 2018 at 04:38:31PM -0700, Kees Cook wrote: > However, should these also be expected to fail, since they've shifted > across their entire non-signed bits, or should it only fail if it > tries the full type width? > > test_overflow: expected (s8)(0 << 7) to overflow > test_overflow: expected (s16)(0 << 15) to overflow > test_overflow: expected (int)(0 << 31) to overflow > test_overflow: expected (s32)(0 << 31) to overflow > test_overflow: expected (s64)(0 << 63) to overflow > > i.e. u8 0 << 8 and s8 with 0 << 8 already fail, but should s8 0 << 7 fail too? I'd say no - and only because I think it would be difficult to arrange? The basic definition of these macros should be to compute the output such that it exactly matches the expression done on infinite precision, or fail if it is not possible. So the 'right' thing to do would be to have 0 = 0 << X for all X with no failures. But there is no sense in wasting CPU cycles on such an obtuse corner, and having 0 << X fail in some cases where 1 << X would fail is fine, I think. Thanks, Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
