Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87900 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 5796 invoked from network); 25 Aug 2015 10:06:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Aug 2015 10:06:18 -0000 Authentication-Results: pb1.pair.com header.from=php_lists@realplain.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=php_lists@realplain.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain realplain.com from 216.33.127.81 cause and error) X-PHP-List-Original-Sender: php_lists@realplain.com X-Host-Fingerprint: 216.33.127.81 mta21.charter.net Solaris 10 1203 Received: from [216.33.127.81] ([216.33.127.81:36484] helo=mta21.charter.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 23/00-05482-81E3CD55 for ; Tue, 25 Aug 2015 06:06:16 -0400 Received: from imp09 ([10.20.200.9]) by mta21.charter.net (InterMail vM.8.01.05.09 201-2260-151-124-20120717) with ESMTP id <20150825100613.LNHQ23400.mta21.charter.net@imp09>; Tue, 25 Aug 2015 06:06:13 -0400 Received: from mtaout005.msg.strl.va.charter.net ([68.114.190.30]) by imp09 with smtp.charter.net id 8y6D1r0010fnx6C05y6DQN; Tue, 25 Aug 2015 06:06:13 -0400 Received: from impout006 ([68.114.189.21]) by mtaout005.msg.strl.va.charter.net (InterMail vM.9.00.020.01 201-2473-160) with ESMTP id <20150825100613.VGIZ28769.mtaout005.msg.strl.va.charter.net@impout006>; Tue, 25 Aug 2015 05:06:13 -0500 Received: from pc1 ([96.35.251.86]) by impout006 with charter.net id 8y6C1r0061sc0so01y6CMM; Tue, 25 Aug 2015 05:06:13 -0500 X-Authority-Analysis: v=2.1 cv=Z7ZiHRhA c=1 sm=1 tr=0 a=Is5gsZaFXO8aPum+t7Tz+g==:117 a=Is5gsZaFXO8aPum+t7Tz+g==:17 a=hOpmn2quAAAA:8 a=BCPeO_TGAAAA:8 a=8nJEP1OIZ-IA:10 a=R9LKslnav-Vxx9i1jjEA:9 a=wPNLvfGTeEIA:10 Message-ID: To: "Anatol Belski" , "'Dmitry Stogov'" , "'Xinchen Hui'" , "'Nikita Popov'" , "'Pierre Joye'" , "'Bob Weinand'" , "'Jakub Zelenka'" Cc: References: <02a601d0dbed$2c828df0$8587a9d0$@belski.net> Date: Tue, 25 Aug 2015 05:06:12 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Subject: Re: [PHP-DEV] Overflow checks and integral vars comparison From: php_lists@realplain.com ("Matt Wilmas") Hi Anatol, Dmitry, all, ----- Original Message ----- From: "Anatol Belski" Sent: Friday, August 21, 2015 > Hi, > > Resending this as missed internals at the start. > > I was lately rethinking some part of the 64-bit RFC, and also seeing now > Jakub's work on catching overflows in ext/openssl and Matt Williams > suggestions on it (which was going a bit more global over it). So I came > up > with these macros with two goals Dang, people be gettin' my name wrong, in the same way, even "in writing." ;-P > - standardize the overflow checks > - do actualy checks only on architectures where it's needed The compiler will already do that, as I've said of course, and more importantly (for most cases), it will never get it wrong. > - simplify the checks where external libs (openssl, libxml, etc.) use firm > datatypes like int > > #if SIZEOF_INT == SIZEOF_ZEND_LONG > # define ZEND_LONG_INT_OVFL(zl) (0) > # define ZEND_LONG_INT_UDFL(zl) (0) > #else > # define ZEND_LONG_INT_OVFL(zlong) ((zlong) > (zend_long)INT_MAX) # define > ZEND_LONG_INT_UDFL(zlong) ((zlong) < (zend_long)INT_MIN) #endif Really no point in all that... > #define ZEND_SIZE_T_INT_OVFL(size) ((size) > (size_t)INT_MAX) What's wrong with just doing the check, "as is," instead of hiding it behind a [longer] macro? (Also, none of the casts are necessary...?) > So having it like > > If (ZEND_LONG_INT_OVFL(x)) { > return; > } > > Compiler would eliminate the branch automatically on 32-bit and ILP64. Already will. :^) > Some other macros to do signed/unsigned comparison, these can be extended. > > #define ZEND_SIZE_T_GT_ZEND_LONG(size, zlong) ((zlong) < 0 || (size) > > (size_t)(zlong)) #define ZEND_SIZE_T_GTE_ZEND_LONG(size, zlong) ((zlong) < > 0 > || (size) >= (size_t)(zlong)) #define ZEND_SIZE_T_LT_ZEND_LONG(size, > zlong) > ((zlong) >= 0 && (size) < (size_t)(zlong)) #define > ZEND_SIZE_T_LTE_ZEND_LONG(size, zlong) ((zlong) >= 0 && (size) <= > (size_t)(zlong)) Yes, the only case where we might want to do something special is comparing an unsigned type, like size_t (string lengths), with a signed max, since that's not impossible to the compiler. Of course, you have to KNOW that's what you want and/or it's safe to ignore the check, e.g. not dealing with strings > 2 GB on 32-bit, etc. And again, a generic way to do that for a "max" of integer type or greater (since literals are smallest type >= int that will hold the value), that should work anywhere, is: #define ZEND_SIGNED_OVFL_etc(val, max) (sizeof(val) > sizeof(max) && (val) > (max)) Simple and optimizes easily... > IMHO these and maybe more are missing after the 64-bit RFC. Do you think > they would make sense? Or would make sense now, or later in master? Also, why, exactly, has the zend_string length been defined as size_t (just because it's "supposed to" be?), which is incompatible with most everything in PHP, instead of zend_long (since we had int before)? e.g. Just look at strlen() -- oops, size_t no worky! :-/ Dmitry? We need range checking there, right? Conversion to double? No? Then there's *no point* in using size_t, and would let the compiler auto-optimize the above-referenced comparisons with size_t... > Thanks > > Anatol - Matt