From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B8D4B21CF1D04 for ; Tue, 13 Feb 2018 09:57:16 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C3E0F7CBB2; Tue, 13 Feb 2018 18:03:06 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-17.rdu2.redhat.com [10.10.120.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id C93C32026DFD; Tue, 13 Feb 2018 18:03:05 +0000 (UTC) From: Laszlo Ersek To: Ard Biesheuvel , "Kinney, Michael D" Cc: Sean Brogan , Bret Barkelew , "edk2-devel@lists.01.org" , "Gao, Liming" References: <20171219193625.16060-1-michael.d.kinney@intel.com> <656eb64b-3265-f021-ff4f-df2ed6b7c752@redhat.com> <868954f3-f368-073c-9e62-d11440e719c9@redhat.com> Message-ID: Date: Tue, 13 Feb 2018 19:03:04 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Tue, 13 Feb 2018 18:03:06 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Tue, 13 Feb 2018 18:03:06 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: Re: [Patch] MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2018 17:57:17 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 02/13/18 18:51, Laszlo Ersek wrote: > So, my point is, we should be aware of what ISO C says about integer > overflow, and then pick one: > > - we target strict ISO C compliance (wrt. integer arithmetic) with > SafeIntLib -- in which case a re-evaluation and patches are necessary, > > - or else we define additional C language guarantees, and then we > *ensure* those via compiler flags, universally. Specifically, see "-fwrapv" for GCC: -fwrapv This option instructs the compiler to assume that signed arithmetic overflow of addition, subtraction and multiplication wraps around using twos-complement representation. This flag enables some optimizations and disables others. This option is enabled by default for the Java front end, as required by the Java language specification. It is used by QEMU, for example. Citing the "configure" script: > # default flags for all hosts > # We use -fwrapv to tell the compiler that we require a C dialect where > # left shift of signed integers is well defined and has the expected > # 2s-complement style results. (Both clang and gcc agree that it > # provides these semantics.) > QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv $QEMU_CFLAGS" edk2 doesn't use "-fwrapv" (yet?), and I'm not sure an equivalent flag exists for VS / MSVC at all. Thanks! Laszlo