From owner-freebsd-current@FreeBSD.ORG Sat Nov 30 18:53:08 2013 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE239BD0 for ; Sat, 30 Nov 2013 18:53:08 +0000 (UTC) Received: from mail-qa0-x233.google.com (mail-qa0-x233.google.com [IPv6:2607:f8b0:400d:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7E5A71273 for ; Sat, 30 Nov 2013 18:53:08 +0000 (UTC) Received: by mail-qa0-f51.google.com with SMTP id o15so2940334qap.17 for ; Sat, 30 Nov 2013 10:53:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=hUSfQCb/NySdiv9y/sxtJNwTd3de3dSpyf9ZsXcfCPU=; b=oZOgDnVbUKrx3VryTAFykA21tY4xPWZUYdRxWUWBgKhZ8ssMEcg6his7HVPdZnm0Lm AdyDIuUi9UMQrU9UPNkuZ94IsbuWrukMHB9qH9fmKnIdKDDZ7lCFhIK/yFfBb81dPzSX JGDyRVdphiesK+3yI+L3KYBMSmGAo0cfOt6JlKm+HC9Ub0NgyARFJ/Y1eGQB3FJyWrJZ qXSG1LxbpSNyiGNveCZmyIjiIBZVUhXdGwE96Q8pBU1MBqRGUUnDJ7ev6At97BRJs/WX DQBYcnLB94glwIO9yt1D1O6A7/qOv2b1ZQ/ZusdTUx9JAp/YGJmUv7LU+YxIZyx4jE7g +IQA== MIME-Version: 1.0 X-Received: by 10.224.46.8 with SMTP id h8mr777417qaf.49.1385837587648; Sat, 30 Nov 2013 10:53:07 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.224.53.200 with HTTP; Sat, 30 Nov 2013 10:53:07 -0800 (PST) In-Reply-To: <20131130135616.GA59496@kib.kiev.ua> References: <20131130135616.GA59496@kib.kiev.ua> Date: Sat, 30 Nov 2013 10:53:07 -0800 X-Google-Sender-Auth: HFXMjo3tC-CKCSTQKfDJHwJD49Y Message-ID: Subject: Re: RFC: (Unconditionally) enable -fno-strict-overflow for kernel builds From: Adrian Chadd To: Konstantin Belousov Content-Type: text/plain; charset=ISO-8859-1 Cc: "current@freebsd.org" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Nov 2013 18:53:08 -0000 +1, this caught us out with sendfile testing very recently :( -a On 30 November 2013 05:56, Konstantin Belousov wrote: > I propose to unconditionally add the switch -fno-strict-overflow to the > kernel compilation. See the patch at the end of message for exact change > proposed. > > What does it do. It disallows useless and counter-intuitive behaviour of > the compiler(s) for the signed overflow. Basically, the issue is that > the C standard left signed overflow as undefined to allow for different > hardware implementation of signess to be used for signed arithmetic. > De-facto, all architectures where FreeBSD works or have a chance to be > ported, use two-complement signed integer representation, and developers > intuition is right about it. > > The compiler authors take the undefined part there as a blanket to perform > optimizations which are assuming that signed overflow cannot happen. The > problem with that approach is that typical checks for bounds are exactly > the place where the overflow can happen. Instead of making some artificial > example, I would just point to my own r258088 and r258397. > > What makes the things much worse is that the behaviour is highly depended > on the optimization level of the exact version of compiler. > > What other projects did in this regard. They turned the same knob > unconditionally. I can point at least to Linux kernel and Postgresql. > Python uses -fwrapv, which is equivalent to the -fno-strict-overflow > on the two-complement machines. Linux used -fwrapv before switched > to -fno-strict-overflow. > > diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk > index 2939a59..6e6ba92 100644 > --- a/sys/conf/kern.mk > +++ b/sys/conf/kern.mk > @@ -148,6 +148,12 @@ INLINE_LIMIT?= 8000 > CFLAGS+= -ffreestanding > > # > +# Do not allow a compiler to optimize out overflow checks for signed > +# types. > +# > +CFLAGS+= -fno-strict-overflow > + > +# > # GCC SSP support > # > .if ${MK_SSP} != "no" && ${MACHINE_CPUARCH} != "ia64" && \