Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-12-05 Thread Dan Carpenter
On Fri, Dec 05, 2014 at 10:50:19AM -0800, Linus Torvalds wrote: > On Fri, Dec 5, 2014 at 1:54 AM, Dan Carpenter > wrote: > > > > There are some false positives which do: > > > > if ((u16)(u16_foo + u16_bar) < u16_foo) { > > Actually, the worse false positive is the ones that are pointer

Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-12-05 Thread Linus Torvalds
On Fri, Dec 5, 2014 at 1:54 AM, Dan Carpenter wrote: > > There are some false positives which do: > > if ((u16)(u16_foo + u16_bar) < u16_foo) { Actually, the worse false positive is the ones that are pointer comparisons. A compiler that does those as signed is just broken. It's happened,

Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-12-05 Thread Dan Carpenter
Hi Sasha, Is this what you are looking for? This list is made with next-20141204. It's mostly code which does: x = foo + bar; if (x < foo) We compile the kernel with -fnostrict-overflow so GCC won't optimize these checks away. I don't think they cause a problem? There are som

Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-11-27 Thread Dan Carpenter
On Wed, Nov 26, 2014 at 10:58:43AM -0800, Linus Torvalds wrote: > I don't think coccinelle can do signedness checks, though, especially > of the kind that are hidden deep behind some typedef like "loff_t". > Maybe I'm wrong. Maybe smatch can? Adding Dan Carpenter to the cc.. > Smatch knows about

Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-11-26 Thread Linus Torvalds
On Wed, Nov 26, 2014 at 10:50 AM, Sasha Levin wrote: > > The kernel still has it's share of *signed* integer overflows. Example? > fadvise64_64(): Yes, those would definitely be worth fixing. [ Although quite frankly, since I know gcc already knows about the whole "check for overflow" pattern,

Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-11-26 Thread Sasha Levin
On 11/26/2014 12:55 PM, Linus Torvalds wrote: > On Nov 26, 2014 6:00 AM, "Sasha Levin" > wrote: >> >> We've used to detect integer overflows by causing an overflow and testing the >> result. For example, to test for addition overflow we would: >> >> if (a + b

Re: [RFC 1/2] compiler: use compiler to detect integer overflows

2014-11-26 Thread Andrey Ryabinin
2014-11-26 17:00 GMT+03:00 Sasha Levin : > We've used to detect integer overflows by causing an overflow and testing the > result. For example, to test for addition overflow we would: > > if (a + b < a) > /* Overflow detected */ > > While it works, this is actually an undefi