Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87852 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19317 invoked from network); 22 Aug 2015 01:38:43 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Aug 2015 01:38:43 -0000 Authentication-Results: pb1.pair.com smtp.mail=theanomaly.is@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=theanomaly.is@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.176 as permitted sender) X-PHP-List-Original-Sender: theanomaly.is@gmail.com X-Host-Fingerprint: 209.85.217.176 mail-lb0-f176.google.com Received: from [209.85.217.176] ([209.85.217.176:36349] helo=mail-lb0-f176.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 79/E3-19109-1A2D7D55 for ; Fri, 21 Aug 2015 21:38:42 -0400 Received: by lbbpu9 with SMTP id pu9so53210518lbb.3 for ; Fri, 21 Aug 2015 18:38:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4eGy3huRupgY43lj9WL7F1wJnypB1F7zkk/gno5bLQc=; b=fKELr/IzpGvYJEGeMopRBZKdc6lb73jtqrml7Bsd63PQ5Q7MjGQB3dskb0fjYB2WX5 K5xWNAhutB16OFl+vac6synoMI9CcZFz8Vk5LAGkFjkmKRsZNhsg+uGtt2johr4k+sx5 RDTDI/sXKPcDZ4+M/ek7hwnpw5sreo5/tKi7TJLVXLKN9vAh12DfCSAZ77r1zIj2TQ/9 3wXs1twvrReq4m6oEPURWfIL7SMDPJrnAVOkiMCU/uDhye04JMB3uOAhyG2LfawgrfvU aW1AK/HxrlXRDJGvUU03l0XsXedjCBJd6YmIJm4D7apP5Rkh0R4mmtYTsnzPXLABMT5i 6uNQ== MIME-Version: 1.0 X-Received: by 10.112.204.162 with SMTP id kz2mr10523567lbc.115.1440207518526; Fri, 21 Aug 2015 18:38:38 -0700 (PDT) Received: by 10.25.200.196 with HTTP; Fri, 21 Aug 2015 18:38:38 -0700 (PDT) In-Reply-To: <02ba01d0dbfb$3de2c390$b9a84ab0$@belski.net> References: <02a601d0dbed$2c828df0$8587a9d0$@belski.net> <02ae01d0dbf5$01c17330$05445990$@belski.net> <02b001d0dbf5$607ab7b0$21702710$@belski.net> <02ba01d0dbfb$3de2c390$b9a84ab0$@belski.net> Date: Fri, 21 Aug 2015 21:38:38 -0400 Message-ID: To: Anatol Belski Cc: Dmitry Stogov , Xinchen Hui , Nikita Popov , Pierre Joye , Bob Weinand , Jakub Zelenka , Matt Wilmas , PHP Internals Content-Type: multipart/alternative; boundary=001a11c3d08c8b72b0051ddc714f Subject: Re: [PHP-DEV] Overflow checks and integral vars comparison From: theanomaly.is@gmail.com (Sherif Ramadan) --001a11c3d08c8b72b0051ddc714f Content-Type: text/plain; charset=UTF-8 On Fri, Aug 21, 2015 at 6:22 AM, Anatol Belski wrote: > > > > -----Original Message----- > > From: Sherif Ramadan [mailto:theanomaly.is@gmail.com] > > Sent: Friday, August 21, 2015 12:00 PM > > To: Anatol Belski > > Cc: Dmitry Stogov ; Xinchen Hui ; > > Nikita Popov ; Pierre Joye ; > > Bob Weinand ; Jakub Zelenka ; Matt > > Wilmas ; PHP Internals > > > Subject: Re: [PHP-DEV] Overflow checks and integral vars comparison > > > > I think you're a little optimistic about how effective these macros > would be for > > overflow checks. Also, if we're talking ANSI C or C99, then size_t is > always > > unsigned, and as far as I know GCC 2.4 always treats it as such. > > If we're trying to stick to C here anyway. > > > > As far as architecture specific stuff I would much rather rely on using > the built-in > > GCC overflow checks here https://gcc.gnu.org/onlinedocs/gcc/Integer- > > Overflow-Builtins.html > > > Yes, this is a good idea as a further extension of such mechanics. However > you're talking about a different topic that I've proposed now. > > ... as they are much safer and likely going to be far more performant > than doing > > all these casts everywhere. Not to mention the fact that you can > actually catch > > the overflow at the actual arithmetic level, where it's safe, and > hopefully be able > > to rely on the ISA's overflow or carry bits. If we're trying to detect > overflows or > > wraps after the fact, you don't add much in the way of security. For > example, > > I'm not at all sure how (zlong) < (zend_long)INT_MIN will ever detect an > > overflow. > > > What I'm talking about is detecting whether a variable of zend_long or > size_t is in the safe range to be passed to a signature requiring int. This > is quite a minimalistic start in this direction. > I see. So you're not actually doing overflow checks then? Because at the point you'd be checking this zend_long or size_t it could have already overflowed or wrapped. The subject may have misled me to understand differently. > > Also please remember that there is not only GCC in the world. It is quite > another topic to implement overflow checks portable ways, some intrinsics > can be here of some help, too. But rather than hitting quite a global > thing, I'd rather start on what is simple and is for sure an issue at least > with some dependency libs. > Of course, but the ASM can also be ported to other architectures and wrapped in #ifdef for non x86 and MSVC or other compilers, for example. It's not impossible to achieve some sane degree of portability there. I see Andrea already worked on some of this in zend_operators.h for example https://github.com/php/php-src/blob/ee2e1691080dad2a3110107dd8bd02ee23b41fa0/Zend/zend_operators.h#L437 Of course, making integer overflow checks safe and efficient is by no means easy on every given architecture, but surely we could aim to support at least the broadest current architectures at first and fall back to C overflow checks if necessary. I agree with starting simple. I'm honestly not sure of the effectiveness of what you're proposing to be honest, but maybe with a PR I'd be able to wrap my head around it a little more. > > Regards > > Anatol > > --001a11c3d08c8b72b0051ddc714f--