Date: Sat, 30 Nov 2013 15:56:16 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: current@freebsd.org Subject: RFC: (Unconditionally) enable -fno-strict-overflow for kernel builds Message-ID: <20131130135616.GA59496@kib.kiev.ua>
next in thread | raw e-mail | index | archive | help
--tC0181x+qd2nK2ch
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I propose to unconditionally add the switch -fno-strict-overflow to the
kernel compilation. See the patch at the end of message for exact change
proposed.
What does it do. It disallows useless and counter-intuitive behaviour of
the compiler(s) for the signed overflow. Basically, the issue is that
the C standard left signed overflow as undefined to allow for different
hardware implementation of signess to be used for signed arithmetic.
De-facto, all architectures where FreeBSD works or have a chance to be
ported, use two-complement signed integer representation, and developers
intuition is right about it.
The compiler authors take the undefined part there as a blanket to perform
optimizations which are assuming that signed overflow cannot happen. The
problem with that approach is that typical checks for bounds are exactly
the place where the overflow can happen. Instead of making some artificial
example, I would just point to my own r258088 and r258397.
What makes the things much worse is that the behaviour is highly depended
on the optimization level of the exact version of compiler.
What other projects did in this regard. They turned the same knob
unconditionally. I can point at least to Linux kernel and Postgresql.
Python uses -fwrapv, which is equivalent to the -fno-strict-overflow
on the two-complement machines. Linux used -fwrapv before switched
to -fno-strict-overflow.
diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk
index 2939a59..6e6ba92 100644
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@ -148,6 +148,12 @@ INLINE_LIMIT?=3D 8000
CFLAGS+=3D -ffreestanding
=20
#
+# Do not allow a compiler to optimize out overflow checks for signed
+# types.
+#
+CFLAGS+=3D -fno-strict-overflow
+
+#
# GCC SSP support
#
.if ${MK_SSP} !=3D "no" && ${MACHINE_CPUARCH} !=3D "ia64" && \
--tC0181x+qd2nK2ch
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIbBAEBAgAGBQJSme5/AAoJEJDCuSvBvK1BQRMP+LRs2cW2QZ1iuQC7GLRdlCqc
rKkJmSJLy1qkmB7vnZKUtYcAGsapxPZE0FDqnU1sPjAf1eiRsp3XgXQth8sinT6H
HUQKjsM6H5kC2MMdYRVv0UlUT5Dg5mRXgrKIq0v/l3Rc2n6Efh6WiqU+pCn/Hq5h
JVCp0g7E69VxUm731tFDZWxYQILbqMldCly6+3RO4G9Q2+u1hPswFl/riesSvjPd
YTlgJgLzFye6Ehgk7Y1sZV4Dl425BbU6sHBCyLU7R71a8Dmo8twFSDSv76TfEBda
0Mpxc3E2M+vyCiVip/ubYvmeoaK/ErZfOFUFGt2nN3jiJuURXojE7ImcCEH6bO2o
WOANjmxZ0/i8mHrEk8D8GYhSdKwni0yDgaXeIwJr+dFlR2MHXE32JJbF+RbyQpny
91T4hI3bsRN0RqjMzk4ukDszRh0ETKbpWk7cWbtI2ExVgIxMZIuji49aBZkfZgs4
GCHxRq1IDLh8SdaFJe4ldjRl6iE1DDT1rrsTOsk8c5aqc+ESLUPnZ4czQhGvmr8C
VfVpX38JrCO3Eu6/Sr3EgRnUQzbWBmEjXNwU2lzFF2sJ+sPrG95lK5eHQ5CkLyQI
/kDQ1YGfZQLO3Bv9tJpXS4j7Ro7o0YVhj6FpAkkg6NldaFeWmISL1JI9O9rIvVS4
2NYgf/R+krTpK3cAPOg=
=9ZMN
-----END PGP SIGNATURE-----
--tC0181x+qd2nK2ch--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131130135616.GA59496>