Date: Sat, 30 Nov 2013 10:53:07 -0800 From: Adrian Chadd <adrian@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: "current@freebsd.org" <current@freebsd.org> Subject: Re: RFC: (Unconditionally) enable -fno-strict-overflow for kernel builds Message-ID: <CAJ-VmomC6CMuo__etm7X6W8Hpg8MafL2StePdSz4Jn0XN6MGww@mail.gmail.com> In-Reply-To: <20131130135616.GA59496@kib.kiev.ua> References: <20131130135616.GA59496@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
+1, this caught us out with sendfile testing very recently :( -a On 30 November 2013 05:56, Konstantin Belousov <kostikbel@gmail.com> wrote: > I propose to unconditionally add the switch -fno-strict-overflow to the > kernel compilation. See the patch at the end of message for exact change > proposed. > > What does it do. It disallows useless and counter-intuitive behaviour of > the compiler(s) for the signed overflow. Basically, the issue is that > the C standard left signed overflow as undefined to allow for different > hardware implementation of signess to be used for signed arithmetic. > De-facto, all architectures where FreeBSD works or have a chance to be > ported, use two-complement signed integer representation, and developers > intuition is right about it. > > The compiler authors take the undefined part there as a blanket to perform > optimizations which are assuming that signed overflow cannot happen. The > problem with that approach is that typical checks for bounds are exactly > the place where the overflow can happen. Instead of making some artificial > example, I would just point to my own r258088 and r258397. > > What makes the things much worse is that the behaviour is highly depended > on the optimization level of the exact version of compiler. > > What other projects did in this regard. They turned the same knob > unconditionally. I can point at least to Linux kernel and Postgresql. > Python uses -fwrapv, which is equivalent to the -fno-strict-overflow > on the two-complement machines. Linux used -fwrapv before switched > to -fno-strict-overflow. > > diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk > index 2939a59..6e6ba92 100644 > --- a/sys/conf/kern.mk > +++ b/sys/conf/kern.mk > @@ -148,6 +148,12 @@ INLINE_LIMIT?= 8000 > CFLAGS+= -ffreestanding > > # > +# Do not allow a compiler to optimize out overflow checks for signed > +# types. > +# > +CFLAGS+= -fno-strict-overflow > + > +# > # GCC SSP support > # > .if ${MK_SSP} != "no" && ${MACHINE_CPUARCH} != "ia64" && \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmomC6CMuo__etm7X6W8Hpg8MafL2StePdSz4Jn0XN6MGww>