include: Implement N2867.
ClosedPublic
Actions

Authored by des on Sep 5 2023, 3:41 PM.

Details

Reviewers

kib
emaste

Commits

rGc3ae84bc2a57: include: Implement N2867.
rGe6615b10347c: include: Implement N2867.

Summary

This adds macros for checked addition, subtraction, and multiplication with semantics similar to the builtins gcc and clang have had for years.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

des created this revision.Sep 5 2023, 3:41 PM

Herald added a subscriber: imp. · View Herald TranscriptSep 5 2023, 3:41 PM

des requested review of this revision.Sep 5 2023, 3:41 PM

Harbormaster completed remote builds in B53439: Diff 126888.Sep 5 2023, 3:41 PM

emaste added a subscriber: emaste.Sep 5 2023, 3:53 PM

Once this goes in I will redo 20bd59416dcacbd2b776fe49dfa193900f303287 to use the new macros.

des retitled this revision from libc: Implement N2867. to include: Implement N2867..Sep 5 2023, 4:08 PM

des added child revisions: D41735: include: Add tests for N2867., D41736: less: We have <stdckdint.h> now..Sep 5 2023, 4:20 PM

kib added a subscriber: kib.Sep 5 2023, 8:08 PM

kib added inline comments.

include/stdckdint.h
8	These names pollute user namespace. Typically we prepend the underscore to upper-case symbols to avoid that.

des added inline comments.Sep 6 2023, 12:48 AM

include/stdckdint.h
8	I was considering just using `__STDC_VERSION_STDCKDINT_H__` here, can you see any reason not to?

Use the feature macro as include guard.

Harbormaster completed remote builds in B53458: Diff 126929.Sep 6 2023, 1:53 AM

imp added inline comments.Sep 6 2023, 1:59 AM

include/stdckdint.h
8	I forget: can we use #pragma once yet?
8	Though this is a good way to do it too

des marked 2 inline comments as done.Sep 6 2023, 3:35 AM

des added inline comments.

include/stdckdint.h
8	I forget: can we use #pragma once yet? Rejected by WG14 because it was deemed too hard to describe portably. All the compilers we care about support it, though, so we could just decide to use it regardless. I wouldn't be surprised if it speeds up the build noticeably.

des marked an inline comment as done.Sep 6 2023, 4:48 AM

kib added inline comments.Sep 6 2023, 12:51 PM

include/stdckdint.h
20	Isn't __has_builtin clang-specific? Did you tested this with gcc? I suspect that gcc would always hit _Static_assert()s despite providing the built-ins.

emaste added inline comments.Sep 6 2023, 1:00 PM

include/stdckdint.h

(recent enough) GCC supports __has_builtin
https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fbuiltin.html

In 20bd59416dca (when an earlier GCC version was relevant) I used:

#if __GNUC__ >= 5 || \
    (defined(__has_builtin) && __has_builtin(__builtin_add_overflow))
        if (__builtin_add_overflow(a, b, &result))
                errx(1, "Corrupt patch");
#else
        if ((b > 0 && a > OFF_MAX - b) || (b < 0 && a < OFF_MIN - b))
                errx(1, "Corrupt patch");
        result = a + b;
#endif

support gcc < 10

Harbormaster completed remote builds in B53467: Diff 126963.Sep 6 2023, 3:06 PM

des added inline comments.Sep 6 2023, 3:08 PM

include/stdckdint.h
20	GCC has had `__has_builtin()` since 10.1, but I'm not 100% satisfied that we no longer care about GCC 9. I've regenerated the patch.

kib accepted this revision.Sep 6 2023, 3:08 PM

This revision is now accepted and ready to land.Sep 6 2023, 3:08 PM

emaste accepted this revision.Sep 7 2023, 1:03 AM

similar to my comment in the other review would be nice to briefly mention what N2867 is in the commit subject like include: Implement N2867, checked addition subtraction and multiplication or overflow-checked math or so