[glib: 1/2] gtypes: Rework checked arithmetic handling

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 1/2] gtypes: Rework checked arithmetic handling
Date: Thu, 18 Nov 2021 10:54:55 +0000 (UTC)

commit bc04b57eedb057f60ac23b9da9cfa7e26ca1766a
Author: Philip Withnall <pwithnall endlessos org>
Date:   Wed Nov 17 11:52:21 2021 +0000

    gtypes: Rework checked arithmetic handling
    
    Rather than using the fixed-type compiler builtins
    (`__builtin_uadd_overflow()`, etc.), use the generic versions
    (`__builtin_add_overflow()`). This avoids issues with matching the
    definition of GLib types (such as `guint` and particularly `gsize`) to
    basic C types (`int`, `long`, `long long`), as the mapping can vary
    between platforms.
    
    See https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
    
    Adjust the fallback inline functions similarly.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    
    Fixes: #2523

 glib/gtypes.h | 66 ++++++++++++++++++++++++++++++++---------------------------
 1 file changed, 36 insertions(+), 30 deletions(-)
---
diff --git a/glib/gtypes.h b/glib/gtypes.h
index 2c4825582..ea2a49057 100644
--- a/glib/gtypes.h
+++ b/glib/gtypes.h
@@ -424,56 +424,62 @@ typedef const gchar *   (*GTranslateFunc)       (const gchar   *str,
 /* https://bugzilla.gnome.org/show_bug.cgi?id=769104 */
 #if __GNUC__ >= 5 && !defined(__INTEL_COMPILER)
 #define _GLIB_HAVE_BUILTIN_OVERFLOW_CHECKS
-#elif g_macro__has_builtin(__builtin_uadd_overflow)
+#elif g_macro__has_builtin(__builtin_add_overflow)
 #define _GLIB_HAVE_BUILTIN_OVERFLOW_CHECKS
 #endif
 #endif
 
+#ifdef _GLIB_HAVE_BUILTIN_OVERFLOW_CHECKS
+
 #define g_uint_checked_add(dest, a, b) \
-    _GLIB_CHECKED_ADD_U32(dest, a, b)
+    (!__builtin_add_overflow(a, b, dest))
 #define g_uint_checked_mul(dest, a, b) \
-    _GLIB_CHECKED_MUL_U32(dest, a, b)
+    (!__builtin_mul_overflow(a, b, dest))
 
 #define g_uint64_checked_add(dest, a, b) \
-    _GLIB_CHECKED_ADD_U64(dest, a, b)
+    (!__builtin_add_overflow(a, b, dest))
 #define g_uint64_checked_mul(dest, a, b) \
-    _GLIB_CHECKED_MUL_U64(dest, a, b)
+    (!__builtin_mul_overflow(a, b, dest))
 
-#if GLIB_SIZEOF_SIZE_T == 8
 #define g_size_checked_add(dest, a, b) \
-    _GLIB_CHECKED_ADD_U64(dest, a, b)
+    (!__builtin_add_overflow(a, b, dest))
 #define g_size_checked_mul(dest, a, b) \
-    _GLIB_CHECKED_MUL_U64(dest, a, b)
-#else
-#define g_size_checked_add(dest, a, b) \
-    _GLIB_CHECKED_ADD_U32(dest, a, b)
-#define g_size_checked_mul(dest, a, b) \
-    _GLIB_CHECKED_MUL_U32(dest, a, b)
-#endif
+    (!__builtin_mul_overflow(a, b, dest))
+
+#else  /* !_GLIB_HAVE_BUILTIN_OVERFLOW_CHECKS */
 
 /* The names of the following inlines are private.  Use the macro
  * definitions above.
  */
-#ifdef _GLIB_HAVE_BUILTIN_OVERFLOW_CHECKS
-static inline gboolean _GLIB_CHECKED_ADD_U32 (guint32 *dest, guint32 a, guint32 b) {
-  return !__builtin_uadd_overflow(a, b, dest); }
-static inline gboolean _GLIB_CHECKED_MUL_U32 (guint32 *dest, guint32 a, guint32 b) {
-  return !__builtin_umul_overflow(a, b, dest); }
-static inline gboolean _GLIB_CHECKED_ADD_U64 (guint64 *dest, guint64 a, guint64 b) {
-  G_STATIC_ASSERT(sizeof (unsigned long long) == sizeof (guint64));
-  return !__builtin_uaddll_overflow(a, b, (unsigned long long *) dest); }
-static inline gboolean _GLIB_CHECKED_MUL_U64 (guint64 *dest, guint64 a, guint64 b) {
-  return !__builtin_umulll_overflow(a, b, (unsigned long long *) dest); }
-#else
-static inline gboolean _GLIB_CHECKED_ADD_U32 (guint32 *dest, guint32 a, guint32 b) {
+static inline gboolean _GLIB_CHECKED_ADD_UINT (guint *dest, guint a, guint b) {
   *dest = a + b; return *dest >= a; }
-static inline gboolean _GLIB_CHECKED_MUL_U32 (guint32 *dest, guint32 a, guint32 b) {
+static inline gboolean _GLIB_CHECKED_MUL_UINT (guint *dest, guint a, guint b) {
   *dest = a * b; return !a || *dest / a == b; }
-static inline gboolean _GLIB_CHECKED_ADD_U64 (guint64 *dest, guint64 a, guint64 b) {
+static inline gboolean _GLIB_CHECKED_ADD_UINT64 (guint64 *dest, guint64 a, guint64 b) {
   *dest = a + b; return *dest >= a; }
-static inline gboolean _GLIB_CHECKED_MUL_U64 (guint64 *dest, guint64 a, guint64 b) {
+static inline gboolean _GLIB_CHECKED_MUL_UINT64 (guint64 *dest, guint64 a, guint64 b) {
   *dest = a * b; return !a || *dest / a == b; }
-#endif
+static inline gboolean _GLIB_CHECKED_ADD_SIZE (gsize *dest, gsize a, gsize b) {
+  *dest = a + b; return *dest >= a; }
+static inline gboolean _GLIB_CHECKED_MUL_SIZE (gsize *dest, gsize a, gsize b) {
+  *dest = a * b; return !a || *dest / a == b; }
+
+#define g_uint_checked_add(dest, a, b) \
+    _GLIB_CHECKED_ADD_UINT(dest, a, b)
+#define g_uint_checked_mul(dest, a, b) \
+    _GLIB_CHECKED_MUL_UINT(dest, a, b)
+
+#define g_uint64_checked_add(dest, a, b) \
+    _GLIB_CHECKED_ADD_UINT64(dest, a, b)
+#define g_uint64_checked_mul(dest, a, b) \
+    _GLIB_CHECKED_MUL_UINT64(dest, a, b)
+
+#define g_size_checked_add(dest, a, b) \
+    _GLIB_CHECKED_ADD_SIZE(dest, a, b)
+#define g_size_checked_mul(dest, a, b) \
+    _GLIB_CHECKED_MUL_SIZE(dest, a, b)
+
+#endif  /* !_GLIB_HAVE_BUILTIN_OVERFLOW_CHECKS */
 
 /* IEEE Standard 754 Single Precision Storage Format (gfloat):
  *
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]