public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: "Marvin Häuser" <Marvin.Haeuser@outlook.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "ruiyu.ni@intel.com" <ruiyu.ni@intel.com>,
	"eric.dong@intel.com" <eric.dong@intel.com>,
	"star.zeng@intel.com" <star.zeng@intel.com>
Subject: Re: [PATCH 2/2] MdeModulePkg/BaseSerialPortLib16550: Prevent truncating constant values.
Date: Tue, 27 Feb 2018 19:35:17 +0100	[thread overview]
Message-ID: <ff814096-0b5e-46de-316a-39041887aee6@redhat.com> (raw)
In-Reply-To: <AM4PR06MB1491AA67FE13BAC52CE3819A80C00@AM4PR06MB1491.eurprd06.prod.outlook.com>

Hi Marvin,

On 02/27/18 17:49, Marvin Häuser wrote:
> The toolcahin VS2015x86 issues warnings when truncating constant
> values. Explicitely cast such to avoid it.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
> ---
>  MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.c b/MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.c
> index 0ccac96f419c..10eca6c0a7aa 100644
> --- a/MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.c
> +++ b/MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.c
> @@ -366,7 +366,7 @@ GetSerialRegisterBase (
>    //
>    if (DeviceInfo->PowerManagementStatusAndControlRegister != 0x00) {
>      if ((PciRead16 (PciLibAddress + DeviceInfo->PowerManagementStatusAndControlRegister) & (BIT0 | BIT1)) != 0x00) {
> -      PciAnd16 (PciLibAddress + DeviceInfo->PowerManagementStatusAndControlRegister, (UINT16)~(BIT0 | BIT1));
> +      PciAnd16 (PciLibAddress + DeviceInfo->PowerManagementStatusAndControlRegister, (UINT16)~(UINT16)(BIT0 | BIT1));
>        //
>        // If PCI UART was not in D0, then make sure FIFOs are enabled, but do not reset FIFOs
>        //
> @@ -402,7 +402,7 @@ GetSerialRegisterBase (
>      //
>      if (DeviceInfo->PowerManagementStatusAndControlRegister != 0x00) {
>        if ((PciRead16 (PciLibAddress + DeviceInfo->PowerManagementStatusAndControlRegister) & (BIT0 | BIT1)) != 0x00) {
> -        PciAnd16 (PciLibAddress + DeviceInfo->PowerManagementStatusAndControlRegister, (UINT16)~(BIT0 | BIT1));
> +        PciAnd16 (PciLibAddress + DeviceInfo->PowerManagementStatusAndControlRegister, (UINT16)~(UINT16)(BIT0 | BIT1));
>        }
>      }
>        
> 

I find these warnings -- which I can only make up in my mind, since the
commit message does not contain them -- bizarre. More precisely, I find
the fact bizarre that the patch suppresses those warnings. Here's my
argument:

The expression (BIT0 | BIT1) has type "int". (Or, if you will, "INT32".)
This is because of

#define  BIT0     0x00000001
#define  BIT1     0x00000002

where the "0x" prefix, as I like to put it casually, only "enables" the
compiler to consider unsigned integer types when picking the type for
the integer constant; as opposed to "forcing" an unsigned type (that
would come from the "u" suffix).

Thus, because these constants are in range for "int", they are made
"int"s, and the expression (BIT0 | BIT1) also has type "int".

When you apply the bit-neg operator, the sign bit is negated. I consider
that *exceedingly ugly*, but it is not undefined behavior, according to
ISO C (as I understand it). Given our representation of "int" (which is
implementation-defined), namely two's complement with no padding bits,
the bit-neg does not produce a trap representation, it simply produces a
negative value. (Namely, (-4).)

Then, the outermost UINT16 cast, in the expression (UINT16)~(BIT0 |
BIT1), converts the negative value to UINT16. This conversion is
well-defined in the C standard; and, *solely* because of the two's
complement representation that we use (see above), the complete
expression happens to produce the exact value that we need; namely 65535
+ 1 + (-4) == 65532 == binary 1111_1111_1111_1100.

(

If we used one's complement, or sign-and-magnitude, then the bit-neg
would produce a negative value that would *not* yield a correct end
result, when converted to UINT16:

- With one's complement, we'd get (-3) from the bit-neg, and the end
result would be 65535 + 1 + (-3) == 65533 == binary 1111_1111_1111_1101.
Not the mask we want.

- With sign-and-magnitude, we'd get value (-2147483644) from the bit-neg
(sign bit 1, magnitude 0x7FFF_FFFC). Converting this to UINT16 (i.e.
adding 65536 repeatedly, 32768 times, until the value is in range for
UINT16) yields the value 4; binary 0000_0000_0000_0100. Again not the
mask we need.

)

So, again: perhaps this "silent" dependency on two's complement in the
bit-neg is why VS2015x86 complains -- I don't know.


Now, the bizarre thing is, the patch does not change *anything* at all
in this thought process! When you do

  (UINT16)(BIT0 | BIT1)

the resultant UINT16 value is immediately promoted back to "int" (due to
the default integer promotions -- all UINT16 values can be represented
in "int"), before the bit-neg operator is applied. In other words, the
bit-neg operator is applied to the exact same value (including type
"int") as before the patch. Thus I don't understand how the patch can
have any effect on the compiler.


Now, if you wrote

  (UINT16)~(UINT32)(BIT0 | BIT1)
           ^^^^^^^^

I would understand that (and indeed this is the form that I find
optimal). UINT32 maps to "unsigned int", and "unsigned int" is
unaffected by the integer promotions. Therefore the bit-neg would be
performed on an "unsigned int" -- fantastic: no dependency on the
representation of negative values --, and the resultant non-negative
value -- directly defined by the C standard: 4294967292, 0xFFFF_FFFC --
would be truncated to UINT16 "more cleanly". (Speaking in "assumed
VS2015x86 terms" anyway).

So... I'm not saying you should care about my review; however, if you
do, would you please consider resubmitting the patch with UINT32? :)

There's an argument for using UINT32 here (regardless of VS2015x86);
namely that we should avoid bit-neg on signed integer types anyway, for
our own sanity's sake. If that fixes some compiler warnings too, all the
better.

Thanks!
Laszlo


  reply	other threads:[~2018-02-27 18:29 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20180227164940.6956-1-Marvin.Haeuser@outlook.com>
2018-02-27 16:49 ` [PATCH 2/2] MdeModulePkg/BaseSerialPortLib16550: Prevent truncating constant values Marvin Häuser
2018-02-27 18:35   ` Laszlo Ersek [this message]
2018-02-27 18:55     ` Marvin Häuser
2018-02-28  2:44       ` Zeng, Star
2018-03-01 17:34         ` Marvin Häuser
2018-03-02  2:01           ` Zeng, Star
2018-02-28 11:14       ` Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ff814096-0b5e-46de-316a-39041887aee6@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox