[2/2] translate-all: Use proper type

Message ID	20161018183441.GB9586@flamenco
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Date: Tue, 18 Oct 2016 14:34:41 -0400 From: "Emilio G. Cota" <cota@braap.org> To: Pranith Kumar <bobby.prani@gmail.com> Message-ID: <20161018183441.GB9586@flamenco> References: <20161018145620.20658-1-bobby.prani@gmail.com> <20161018145620.20658-2-bobby.prani@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161018145620.20658-2-bobby.prani@gmail.com> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [Qemu-devel] [PATCH 2/2] translate-all: Use proper type Precedence: list Cc: Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <rth@twiddle.net>, "open list:Overall" <qemu-devel@nongnu.org>, Peter Crosthwaite <crosthwaite.peter@gmail.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Message ID

20161018183441.GB9586@flamenco

State

New

Headers

Date: Tue, 18 Oct 2016 14:34:41 -0400
From: "Emilio G. Cota" <cota@braap.org>
To: Pranith Kumar <bobby.prani@gmail.com>
Message-ID: <20161018183441.GB9586@flamenco>
References: <20161018145620.20658-1-bobby.prani@gmail.com>
	<20161018145620.20658-2-bobby.prani@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161018145620.20658-2-bobby.prani@gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Subject: Re: [Qemu-devel] [PATCH 2/2] translate-all: Use proper type
Precedence: list
Cc: Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <rth@twiddle.net>,
	"open list:Overall" <qemu-devel@nongnu.org>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Commit Message

Emilio Cota Oct. 18, 2016, 6:34 p.m. UTC

On Tue, Oct 18, 2016 at 10:56:20 -0400, Pranith Kumar wrote:
> gcc does not warn about the wrong type since it is a void pointer
> which can be cast to any type.
> 
> Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
> ---
>  translate-all.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/translate-all.c b/translate-all.c
> index 8ca393c..c77470a 100644
> --- a/translate-all.c
> +++ b/translate-all.c
> @@ -412,7 +412,7 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
>  
>      /* Level 2..N-1.  */
>      for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
> -        void **p = atomic_rcu_read(lp);
> +        void *p = atomic_rcu_read(lp);
>  
>          if (p == NULL) {
>              if (!alloc) {

Let me redo your patch with more context (for patches like this using
format-patch -U<n> is useful):

$ git diff -U11 translate-all.c

I prefer void **p since that matches lp's and l1_map's type.

It's true that since we're dealing with void * the compiler won't
complain either way.

		Emilio

Comments

Eric Blake Oct. 18, 2016, 6:43 p.m. UTC | #1

On 10/18/2016 01:34 PM, Emilio G. Cota wrote:
> +++ b/translate-all.c
> @@ -405,23 +405,23 @@ static void page_init(void)
>  static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
>  {
>      PageDesc *pd;
>      void **lp;
>      int i;
> 
>      /* Level 1.  Always allocated.  */
>      lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
> 
>      /* Level 2..N-1.  */
>      for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
> -        void **p = atomic_rcu_read(lp);
> +        void *p = atomic_rcu_read(lp);
> 
>          if (p == NULL) {
>              if (!alloc) {
>                  return NULL;
>              }
>              p = g_new0(void *, V_L2_SIZE);
>              atomic_rcu_set(lp, p);
>          }
> 
>          lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));

Pointer addition of 'void *' plus an offset is undefined (gcc, and
presumably clang, have an extension that treats it the same as computing
an offset to a 'char *'; but some compilers choke); this is because
sizeof(void) is unknown, so you don't know what stride to make for each
offset.  Or put another way, 'p + offset' is the same as
'&((*p)[offset])', but (*p)[offset] is ill-defined when p is the opaque
type void.

Pointer addition of 'void **' plus an offset is well-defined, because
sizeof(void*) is well-defined and therefore the stride (4 or 8) makes
sense.  Or in array notation, computing '&((*p)[offset]) means we are
skipping to the offset array entry where p is the start of the array of
void* pointers.

In that regards, changing the type of p from 'void **' (where you stride
by the size of a pointer when computing lp) to 'void *' (where you
stride by 1 under gcc when computing lp) is WRONG.

> I prefer void **p since that matches lp's and l1_map's type.

Not just prefer, but require.

> 
> It's true that since we're dealing with void * the compiler won't
> complain either way.

It's a shame that void* relaxes typing so much, but this is one case
where we HAVE to use the right type.

Pranith Kumar Oct. 18, 2016, 7:14 p.m. UTC | #2

Eric Blake writes:

> On 10/18/2016 01:34 PM, Emilio G. Cota wrote:
>> +++ b/translate-all.c
>> @@ -405,23 +405,23 @@ static void page_init(void)
>>  static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
>>  {
>>      PageDesc *pd;
>>      void **lp;
>>      int i;
>> 
>>      /* Level 1.  Always allocated.  */
>>      lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
>> 
>>      /* Level 2..N-1.  */
>>      for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
>> -        void **p = atomic_rcu_read(lp);
>> +        void *p = atomic_rcu_read(lp);
>> 
>>          if (p == NULL) {
>>              if (!alloc) {
>>                  return NULL;
>>              }
>>              p = g_new0(void *, V_L2_SIZE);
>>              atomic_rcu_set(lp, p);
>>          }
>> 
>>          lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
>
> Pointer addition of 'void *' plus an offset is undefined (gcc, and
> presumably clang, have an extension that treats it the same as computing
> an offset to a 'char *'; but some compilers choke); this is because
> sizeof(void) is unknown, so you don't know what stride to make for each
> offset.  Or put another way, 'p + offset' is the same as
> '&((*p)[offset])', but (*p)[offset] is ill-defined when p is the opaque
> type void.
>
> Pointer addition of 'void **' plus an offset is well-defined, because
> sizeof(void*) is well-defined and therefore the stride (4 or 8) makes
> sense.  Or in array notation, computing '&((*p)[offset]) means we are
> skipping to the offset array entry where p is the start of the array of
> void* pointers.
>

Indeed. I missed that crucial detail. I would prefer explicitly casting to
'void **' for p, since that is not the type of what is being returned by
atomic_rcu_read().

The joys of void pointer arithmetic, TIL.

diff --git a/translate-all.c b/translate-all.c
index 4200869..6928ace 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -405,23 +405,23 @@  static void page_init(void)
 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
 {
     PageDesc *pd;
     void **lp;
     int i;

     /* Level 1.  Always allocated.  */
     lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));

     /* Level 2..N-1.  */
     for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
-        void **p = atomic_rcu_read(lp);
+        void *p = atomic_rcu_read(lp);

         if (p == NULL) {
             if (!alloc) {
                 return NULL;
             }
             p = g_new0(void *, V_L2_SIZE);
             atomic_rcu_set(lp, p);
         }

         lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
     }

[2/2] translate-all: Use proper type

Commit Message

Comments

Patch