[1/2] Replace check_mul_overflow_size_t with INT_MULTIPLY_WRAPV

Message ID 20181221183813.16245-1-adhemerval.zanella@linaro.org
State New
Headers show
Series
  • [1/2] Replace check_mul_overflow_size_t with INT_MULTIPLY_WRAPV
Related show

Commit Message

Adhemerval Zanella Dec. 21, 2018, 6:38 p.m.
Checked on x86_64-linux-gnu and i686-linux-gnu.

	* malloc/alloc_buffer_alloc_array.c (__libc_alloc_buffer_alloc_array):
	Use INT_MULTIPLY_WRAPV in place of check_mul_overflow_size_t.
	* malloc/dynarray_emplace_enlarge.c (__libc_dynarray_emplace_enlarge):
	Likewise.
	* malloc/dynarray_resize.c (__libc_dynarray_resize): Likewise.
	* malloc/reallocarray.c (__libc_reallocarray): Likewise.
	* malloc/malloc-internal.h (check_mul_overflow_size_t): Remove
	function.
	* support/blob_repeat.c (check_mul_overflow_size_t,
	(minimum_stride_size, support_blob_repeat_allocate): Likewise.
---
 ChangeLog                         | 13 +++++++++++++
 malloc/alloc_buffer_alloc_array.c |  4 ++--
 malloc/dynarray_emplace_enlarge.c |  4 ++--
 malloc/dynarray_resize.c          |  4 ++--
 malloc/malloc-internal.h          | 20 --------------------
 malloc/reallocarray.c             |  7 +++----
 support/blob_repeat.c             | 27 ++++-----------------------
 7 files changed, 26 insertions(+), 53 deletions(-)

Comments

Paul Eggert Dec. 21, 2018, 9:14 p.m. | #1
Thanks, this patch looks good.
Florian Weimer Dec. 22, 2018, 6:17 a.m. | #2
* Adhemerval Zanella:

> -  bool overflow = check_mul_overflow_size_t (element_size, count, &size);
> +  bool overflow = INT_MULTIPLY_WRAPV (element_size, count, &size);

What's the reason for not using the compiler built-in?
Paul Eggert Dec. 23, 2018, 6:55 a.m. | #3
Florian Weimer wrote:
>> -  bool overflow = check_mul_overflow_size_t (element_size, count, &size);
>> +  bool overflow = INT_MULTIPLY_WRAPV (element_size, count, &size);
> What's the reason for not using the compiler built-in?

Presumably Adhemerval wrote that patch before Joseph's commit yesterday that 
bumped glibc's minimum GCC requirement from GCC 4.9 to GCC 5. But you're right, 
now that we're requiring GCC 5 the code can use __builtin_mul_overflow instead 
of INT_MULTIPLY_WRAPV. And using the builtin would address DJ's concern as well. 
So it would be better to redo the patch that way.

Patch

diff --git a/malloc/alloc_buffer_alloc_array.c b/malloc/alloc_buffer_alloc_array.c
index 1dd098a8fc..35de7115e2 100644
--- a/malloc/alloc_buffer_alloc_array.c
+++ b/malloc/alloc_buffer_alloc_array.c
@@ -17,7 +17,7 @@ 
    <http://www.gnu.org/licenses/>.  */
 
 #include <alloc_buffer.h>
-#include <malloc-internal.h>
+#include <intprops.h>
 #include <libc-pointer-arith.h>
 
 void *
@@ -28,7 +28,7 @@  __libc_alloc_buffer_alloc_array (struct alloc_buffer *buf, size_t element_size,
   /* The caller asserts that align is a power of two.  */
   size_t aligned = ALIGN_UP (current, align);
   size_t size;
-  bool overflow = check_mul_overflow_size_t (element_size, count, &size);
+  bool overflow = INT_MULTIPLY_WRAPV (element_size, count, &size);
   size_t new_current = aligned + size;
   if (!overflow                /* Multiplication did not overflow.  */
       && aligned >= current    /* No overflow in align step.  */
diff --git a/malloc/dynarray_emplace_enlarge.c b/malloc/dynarray_emplace_enlarge.c
index 0408271e27..7538cbe4c5 100644
--- a/malloc/dynarray_emplace_enlarge.c
+++ b/malloc/dynarray_emplace_enlarge.c
@@ -18,7 +18,7 @@ 
 
 #include <dynarray.h>
 #include <errno.h>
-#include <malloc-internal.h>
+#include <intprops.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -52,7 +52,7 @@  __libc_dynarray_emplace_enlarge (struct dynarray_header *list,
     }
 
   size_t new_size;
-  if (check_mul_overflow_size_t (new_allocated, element_size, &new_size))
+  if (INT_MULTIPLY_WRAPV (new_allocated, element_size, &new_size))
     return false;
   void *new_array;
   if (list->array == scratch)
diff --git a/malloc/dynarray_resize.c b/malloc/dynarray_resize.c
index 0bfca1ba4b..4d766605ff 100644
--- a/malloc/dynarray_resize.c
+++ b/malloc/dynarray_resize.c
@@ -18,7 +18,7 @@ 
 
 #include <dynarray.h>
 #include <errno.h>
-#include <malloc-internal.h>
+#include <intprops.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -38,7 +38,7 @@  __libc_dynarray_resize (struct dynarray_header *list, size_t size,
      over-allocation here.  */
 
   size_t new_size_bytes;
-  if (check_mul_overflow_size_t (size, element_size, &new_size_bytes))
+  if (INT_MULTIPLY_WRAPV (size, element_size, &new_size_bytes))
     {
       /* Overflow.  */
       __set_errno (ENOMEM);
diff --git a/malloc/malloc-internal.h b/malloc/malloc-internal.h
index 9cee0fb2d7..70d5b38504 100644
--- a/malloc/malloc-internal.h
+++ b/malloc/malloc-internal.h
@@ -74,24 +74,4 @@  void __malloc_fork_unlock_child (void) attribute_hidden;
 /* Called as part of the thread shutdown sequence.  */
 void __malloc_arena_thread_freeres (void) attribute_hidden;
 
-/* Set *RESULT to LEFT * RIGHT.  Return true if the multiplication
-   overflowed.  */
-static inline bool
-check_mul_overflow_size_t (size_t left, size_t right, size_t *result)
-{
-#if __GNUC__ >= 5
-  return __builtin_mul_overflow (left, right, result);
-#else
-  /* size_t is unsigned so the behavior on overflow is defined.  */
-  *result = left * right;
-  size_t half_size_t = ((size_t) 1) << (8 * sizeof (size_t) / 2);
-  if (__glibc_unlikely ((left | right) >= half_size_t))
-    {
-      if (__glibc_unlikely (right != 0 && *result / right != left))
-        return true;
-    }
-  return false;
-#endif
-}
-
 #endif /* _MALLOC_INTERNAL_H */
diff --git a/malloc/reallocarray.c b/malloc/reallocarray.c
index 319eccd21f..f3a83abc91 100644
--- a/malloc/reallocarray.c
+++ b/malloc/reallocarray.c
@@ -18,19 +18,18 @@ 
 
 #include <errno.h>
 #include <malloc.h>
-#include <malloc/malloc-internal.h>
+#include <intprops.h>
 
 void *
 __libc_reallocarray (void *optr, size_t nmemb, size_t elem_size)
 {
   size_t bytes;
-  if (check_mul_overflow_size_t (nmemb, elem_size, &bytes))
+  if (INT_MULTIPLY_WRAPV (nmemb, elem_size, &bytes))
     {
       __set_errno (ENOMEM);
       return 0;
     }
-  else
-    return realloc (optr, bytes);
+  return realloc (optr, bytes);
 }
 libc_hidden_def (__libc_reallocarray)
 
diff --git a/support/blob_repeat.c b/support/blob_repeat.c
index 718846d81d..e4260872fd 100644
--- a/support/blob_repeat.c
+++ b/support/blob_repeat.c
@@ -29,31 +29,12 @@ 
 #include <sys/mman.h>
 #include <unistd.h>
 #include <wchar.h>
+#include <intprops.h>
 
 /* Small allocations should use malloc directly instead of the mmap
    optimization because mappings carry a lot of overhead.  */
 static const size_t maximum_small_size = 4 * 1024 * 1024;
 
-/* Set *RESULT to LEFT * RIGHT.  Return true if the multiplication
-   overflowed.  See <malloc/malloc-internal.h>.  */
-static inline bool
-check_mul_overflow_size_t (size_t left, size_t right, size_t *result)
-{
-#if __GNUC__ >= 5
-  return __builtin_mul_overflow (left, right, result);
-#else
-  /* size_t is unsigned so the behavior on overflow is defined.  */
-  *result = left * right;
-  size_t half_size_t = ((size_t) 1) << (8 * sizeof (size_t) / 2);
-  if (__glibc_unlikely ((left | right) >= half_size_t))
-    {
-      if (__glibc_unlikely (right != 0 && *result / right != left))
-        return true;
-    }
-  return false;
-#endif
-}
-
 /* Internal helper for fill.  */
 static void
 fill0 (char *target, const char *element, size_t element_size,
@@ -138,8 +119,8 @@  minimum_stride_size (size_t page_size, size_t element_size)
      common multiple, it appears only once.  Therefore, shift one
      factor.  */
   size_t multiple;
-  if (check_mul_overflow_size_t (page_size >> common_zeros, element_size,
-                                 &multiple))
+  if (INT_MULTIPLY_WRAPV (page_size >> common_zeros, element_size,
+                          &multiple))
     return 0;
   return multiple;
 }
@@ -275,7 +256,7 @@  support_blob_repeat_allocate (const void *element, size_t element_size,
                               size_t count)
 {
   size_t total_size;
-  if (check_mul_overflow_size_t (element_size, count, &total_size))
+  if (INT_MULTIPLY_WRAPV (element_size, count, &total_size))
     {
       errno = EOVERFLOW;
       return (struct support_blob_repeat) { 0 };