Date: Sat, 30 Nov 2013 15:56:16 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: current@freebsd.org Subject: RFC: (Unconditionally) enable -fno-strict-overflow for kernel builds Message-ID: <20131130135616.GA59496@kib.kiev.ua>
next in thread | raw e-mail | index | archive | help
--tC0181x+qd2nK2ch Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I propose to unconditionally add the switch -fno-strict-overflow to the kernel compilation. See the patch at the end of message for exact change proposed. What does it do. It disallows useless and counter-intuitive behaviour of the compiler(s) for the signed overflow. Basically, the issue is that the C standard left signed overflow as undefined to allow for different hardware implementation of signess to be used for signed arithmetic. De-facto, all architectures where FreeBSD works or have a chance to be ported, use two-complement signed integer representation, and developers intuition is right about it. The compiler authors take the undefined part there as a blanket to perform optimizations which are assuming that signed overflow cannot happen. The problem with that approach is that typical checks for bounds are exactly the place where the overflow can happen. Instead of making some artificial example, I would just point to my own r258088 and r258397. What makes the things much worse is that the behaviour is highly depended on the optimization level of the exact version of compiler. What other projects did in this regard. They turned the same knob unconditionally. I can point at least to Linux kernel and Postgresql. Python uses -fwrapv, which is equivalent to the -fno-strict-overflow on the two-complement machines. Linux used -fwrapv before switched to -fno-strict-overflow. diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk index 2939a59..6e6ba92 100644 --- a/sys/conf/kern.mk +++ b/sys/conf/kern.mk @@ -148,6 +148,12 @@ INLINE_LIMIT?=3D 8000 CFLAGS+=3D -ffreestanding =20 # +# Do not allow a compiler to optimize out overflow checks for signed +# types. +# +CFLAGS+=3D -fno-strict-overflow + +# # GCC SSP support # .if ${MK_SSP} !=3D "no" && ${MACHINE_CPUARCH} !=3D "ia64" && \ --tC0181x+qd2nK2ch Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIbBAEBAgAGBQJSme5/AAoJEJDCuSvBvK1BQRMP+LRs2cW2QZ1iuQC7GLRdlCqc rKkJmSJLy1qkmB7vnZKUtYcAGsapxPZE0FDqnU1sPjAf1eiRsp3XgXQth8sinT6H HUQKjsM6H5kC2MMdYRVv0UlUT5Dg5mRXgrKIq0v/l3Rc2n6Efh6WiqU+pCn/Hq5h JVCp0g7E69VxUm731tFDZWxYQILbqMldCly6+3RO4G9Q2+u1hPswFl/riesSvjPd YTlgJgLzFye6Ehgk7Y1sZV4Dl425BbU6sHBCyLU7R71a8Dmo8twFSDSv76TfEBda 0Mpxc3E2M+vyCiVip/ubYvmeoaK/ErZfOFUFGt2nN3jiJuURXojE7ImcCEH6bO2o WOANjmxZ0/i8mHrEk8D8GYhSdKwni0yDgaXeIwJr+dFlR2MHXE32JJbF+RbyQpny 91T4hI3bsRN0RqjMzk4ukDszRh0ETKbpWk7cWbtI2ExVgIxMZIuji49aBZkfZgs4 GCHxRq1IDLh8SdaFJe4ldjRl6iE1DDT1rrsTOsk8c5aqc+ESLUPnZ4czQhGvmr8C VfVpX38JrCO3Eu6/Sr3EgRnUQzbWBmEjXNwU2lzFF2sJ+sPrG95lK5eHQ5CkLyQI /kDQ1YGfZQLO3Bv9tJpXS4j7Ro7o0YVhj6FpAkkg6NldaFeWmISL1JI9O9rIvVS4 2NYgf/R+krTpK3cAPOg= =9ZMN -----END PGP SIGNATURE----- --tC0181x+qd2nK2ch--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131130135616.GA59496>