Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87835
Return-Path: <anatol.php@belski.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91531 invoked from network); 21 Aug 2015 10:22:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Aug 2015 10:22:10 -0000
Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error)
X-PHP-List-Original-Sender: anatol.php@belski.net
X-Host-Fingerprint: 85.214.73.107 klapt.com  
Received: from [85.214.73.107] ([85.214.73.107:41034] helo=h1123647.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F8/E2-64560-ECBF6D55 for <internals@lists.php.net>; Fri, 21 Aug 2015 06:22:06 -0400
Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006)
	id 316C823D6299; Fri, 21 Aug 2015 12:22:03 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	h1123647.serverkompetenz.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.5 tests=ALL_TRUSTED,BAYES_00,
	URIBL_BLOCKED autolearn=unavailable version=3.3.2
Received: from w530phpdev (p579F3AD8.dip0.t-ipconnect.de [87.159.58.216])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id D692A23D6003;
	Fri, 21 Aug 2015 12:21:59 +0200 (CEST)
To: "'Sherif Ramadan'" <theanomaly.is@gmail.com>
Cc: "'Dmitry Stogov'" <dmitry@php.net>,
	"'Xinchen Hui'" <xinchen.h@zend.com>,
	"'Nikita Popov'" <nikita.ppv@gmail.com>,
	"'Pierre Joye'" <pierre.php@gmail.com>,
	"'Bob Weinand'" <bobwei9@hotmail.com>,
	"'Jakub Zelenka'" <bukka@php.net>,
	"'Matt Wilmas'" <php_lists@realplain.com>,
	"'PHP Internals'" <internals@lists.php.net>
References: <02a601d0dbed$2c828df0$8587a9d0$@belski.net>	<CAL+t6cHdJNNySG0x76a1k_903XrFmfcCDHHH8LbmiTRNoQ3c4Q@mail.gmail.com>	<02ae01d0dbf5$01c17330$05445990$@belski.net>	<02b001d0dbf5$607ab7b0$21702710$@belski.net> <CAL+t6cEsfH6m6HPbr9KoenSA3N35spucpoE=norTWS9dKZJJNA@mail.gmail.com>
In-Reply-To: <CAL+t6cEsfH6m6HPbr9KoenSA3N35spucpoE=norTWS9dKZJJNA@mail.gmail.com>
Date: Fri, 21 Aug 2015 12:22:07 +0200
Message-ID: <02ba01d0dbfb$3de2c390$b9a84ab0$@belski.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQK9NdJN9egRUY1Umglkf8yuRLR3fgF0Y2w7Afrl8XkB4m4i6wDvLFLZnAuCDMA=
Content-Language: en-us
Subject: RE: [PHP-DEV] Overflow checks and integral vars comparison
From: anatol.php@belski.net ("Anatol Belski")



> -----Original Message-----
> From: Sherif Ramadan [mailto:theanomaly.is@gmail.com]
> Sent: Friday, August 21, 2015 12:00 PM
> To: Anatol Belski <anatol.php@belski.net>
> Cc: Dmitry Stogov <dmitry@php.net>; Xinchen Hui <xinchen.h@zend.com>;
> Nikita Popov <nikita.ppv@gmail.com>; Pierre Joye =
<pierre.php@gmail.com>;
> Bob Weinand <bobwei9@hotmail.com>; Jakub Zelenka <bukka@php.net>; Matt
> Wilmas <php_lists@realplain.com>; PHP Internals =
<internals@lists.php.net>
> Subject: Re: [PHP-DEV] Overflow checks and integral vars comparison
>=20
> I think you're a little optimistic about how effective these macros =
would be for
> overflow checks. Also, if we're talking ANSI C or C99, then size_t is =
always
> unsigned, and as far as I know GCC 2.4 always treats it as such.
> If we're trying to stick to C here anyway.
>=20
> As far as architecture specific stuff I would much rather rely on =
using the built-in
> GCC overflow checks here https://gcc.gnu.org/onlinedocs/gcc/Integer-
> Overflow-Builtins.html
>=20
Yes, this is a good idea as a further extension of such mechanics. =
However you're talking about a different topic that I've proposed now.
> ... as they are much safer and likely going to be far more performant =
than doing
> all these casts everywhere. Not to mention the fact that you can =
actually catch
> the overflow at the actual arithmetic level, where it's safe, and =
hopefully be able
> to rely on the ISA's overflow or carry bits. If we're trying to detect =
overflows or
> wraps after the fact, you don't add much in the way of security. For =
example,
> I'm not at all sure how (zlong) < (zend_long)INT_MIN will ever detect =
an
> overflow.
>=20
What I'm talking about is detecting whether a variable of zend_long or =
size_t is in the safe range to be passed to a signature requiring int. =
This is quite a minimalistic start in this direction.

Also please remember that there is not only GCC in the world. It is =
quite another topic to implement overflow checks portable ways, some =
intrinsics can be here of some help, too. But rather than hitting quite =
a global thing, I'd rather start on what is simple and is for sure an =
issue at least with some dependency libs.

Regards

Anatol