qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix incorrect int->float conversions caught by clang -Wimpli

From: Richard Henderson
Subject: Re: [PATCH] Fix incorrect int->float conversions caught by clang -Wimplicit-int-float-conversion
Date: Thu, 21 Nov 2019 13:18:17 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 
On 11/20/19 6:30 PM, Fangrui Song wrote:
> On 2019-11-20, Juan Quintela wrote:
>> Markus Armbruster <address@hidden> wrote:
>>> Fangrui Song <address@hidden> writes:
>>>
>>>> The warning will be enabled by default in clang 10. It is not
>>>> available for clang <= 9.
>>>>
>>>> qemu/migration/migration.c:2038:24: error: implicit conversion from
>>>> 'long' to 'double' changes value from 9223372036854775807 to
>>>> 9223372036854775808 [-Werror,-Wimplicit-int-float-conversion]
>>>> ...
>>>> qemu/util/cutils.c:245:23: error: implicit conversion from 'unsigned
>>>> long' to 'double' changes value from 18446744073709550592 to
>>>> 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
>>>>
>>>> Signed-off-by: Fangrui Song <address@hidden>
>>>> ---
>>>>   migration/migration.c | 4 ++--
>>>>   util/cutils.c         | 4 ++--
>>>>   2 files changed, 4 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/migration/migration.c b/migration/migration.c
>>>> index 354ad072fa..ac3ea2934a 100644
>>>> --- a/migration/migration.c
>>>> +++ b/migration/migration.c
>>>> @@ -53,6 +53,7 @@
>>>>   #include "monitor/monitor.h"
>>>>   #include "net/announce.h"
>>>>   #include "qemu/queue.h"
>>>> +#include <math.h>
>>>>
>>>>   #define MAX_THROTTLE  (32 << 20)      /* Migration transfer speed
>>>> throttling */
>>>>
>>>> @@ -2035,11 +2036,10 @@ void qmp_migrate_set_downtime(double value, Error
>>>> **errp)
>>>         if (value < 0 || value > MAX_MIGRATE_DOWNTIME_SECONDS) {
>>>             error_setg(errp, "Parameter 'downtime_limit' expects an integer
>>> in "
>>>                              "the range of 0 to %d seconds",
>>>                              MAX_MIGRATE_DOWNTIME_SECONDS);
>>>             return;
>>>>       }
>>>
>>> @value is now in [0,2000].
>>>
>>>>
>>>>       value *= 1000; /* Convert to milliseconds */
>>>
>>> @value is in [0,2000000]
>>>
>>>> -    value = MAX(0, MIN(INT64_MAX, value));
>>>
>>> This does nothing.
>>>
>>>>
>>>>       MigrateSetParameters p = {
>>>>           .has_downtime_limit = true,
>>>> -        .downtime_limit = value,
>>>> +        .downtime_limit = (int64_t)fmin(value, nextafter(0x1p63, 0)),
>>>
>>> This does nothing and is hard to read :)
>>>
>>> Can we simply drop the offending line statement instead?
>>
>> Agreed aboutdropping the whole bussines for migration.
>>
>>
>>>>       };
>>>>
>>>>       qmp_migrate_set_parameters(&p, errp);
>>>> diff --git a/util/cutils.c b/util/cutils.c
>>>> index fd591cadf0..2b4484c015 100644
>>>> --- a/util/cutils.c
>>>> +++ b/util/cutils.c
>>>> @@ -239,10 +239,10 @@ static int do_strtosz(const char *nptr, const char
>>>> **end,
>>>>           goto out;
>>>>       }
>>>>       /*
>>>> -     * Values >= 0xfffffffffffffc00 overflow uint64_t after their trip
>>>> +     * Values > nextafter(0x1p64, 0) overflow uint64_t after their trip
>>>>        * through double (53 bits of precision).
>>>>        */
>>>> -    if ((val * mul >= 0xfffffffffffffc00) || val < 0) {
>>>> +    if ((val * mul > nextafter(0x1p64, 0)) || val < 0) {
>>>>           retval = -ERANGE;
>>>>           goto out;
>>>>       }
>>
>> This comment was really bad (it says the same that the code).
>> On the other hand, I can *kind of* understand what does 0xffff<more
>> f's here>.
>>
>> But I am at a complete loss about what value is:
>>
>> nextafter(0x1p64, 0).
>>
>> Can we put what value is that instead?
> 
> It is a C99 hexadecimal floating-point literal.
> 0x1p64 represents hex fraction 1.0 scaled by 2**64, that is 2**64.
> 
> We can write this as `val * mul > 0xfffffffffffff800p0`, but I feel that
> counting the number of f's is error-prone and is not fun.
> 
> (We cannot use val * mul >= 0x1p64.
> If FLT_EVAL_METHOD == 2, the intermediate computation val * mul will be
> performed at long double precision, val * mul may not by representable
> by a double and will overflow as (double)0x1p64.)

I agree about not spelling out the f's, or the 0x800 at the end.  That's
something that the compiler can do for us, resolving this standard library
function at compile-time.

We just need a better comment.  Perhaps:

    /*
     * Values near UINT64_MAX overflow to 2**64 when converting
     * to double precision.  Compare against the maximum representable
     * double precision value below 2**64, computed as "the next value
     * after 2**64 (0x1p64) in the direction of 0".
     */


r~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]