From unknown Tue Aug 19 07:27:18 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#7928 <7928@debbugs.gnu.org> To: bug#7928 <7928@debbugs.gnu.org> Subject: Status: mktime test in configure: UB resulting in infinite loop Reply-To: bug#7928 <7928@debbugs.gnu.org> Date: Tue, 19 Aug 2025 14:27:18 +0000 retitle 7928 mktime test in configure: UB resulting in infinite loop reassign 7928 coreutils submitter 7928 Rich Felker severity 7928 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 01:43:29 2011 Received: (at submit) by debbugs.gnu.org; 27 Jan 2011 06:43:30 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiLZp-0004DR-8i for submit@debbugs.gnu.org; Thu, 27 Jan 2011 01:43:29 -0500 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiK18-0001wu-2R for submit@debbugs.gnu.org; Thu, 27 Jan 2011 00:03:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PiK90-0001Zo-BK for submit@debbugs.gnu.org; Thu, 27 Jan 2011 00:11:43 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,RDNS_DYNAMIC autolearn=no version=3.3.1 Received: from lists.gnu.org ([199.232.76.165]:50247) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PiK90-0001Zk-9X for submit@debbugs.gnu.org; Thu, 27 Jan 2011 00:11:42 -0500 Received: from [140.186.70.92] (port=49959 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PiK8z-0002sP-L4 for bug-coreutils@gnu.org; Thu, 27 Jan 2011 00:11:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PiK8y-0001ZP-5t for bug-coreutils@gnu.org; Thu, 27 Jan 2011 00:11:41 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:44759 helo=brightrain.aerifal.cx) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PiK8y-0001ZD-1K for bug-coreutils@gnu.org; Thu, 27 Jan 2011 00:11:40 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1PiKIx-0000IG-00 for bug-coreutils@gnu.org; Thu, 27 Jan 2011 05:21:59 +0000 Date: Thu, 27 Jan 2011 00:21:59 -0500 To: bug-coreutils@gnu.org Subject: mktime test in configure: UB resulting in infinite loop Message-ID: <20110127052159.GA1091@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) From: Rich Felker X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Spam-Score: -6.6 (------) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 27 Jan 2011 01:43:28 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.6 (------) The configure test for mktime (m4/mktime.m4) contains the following code: for (;;) { t = (time_t_max << 1) + 1; if (t <= time_t_max) break; time_t_max = t; } This code has undefined behavior on signed integer overflow; at least some versions of gcc, and any sane compiler, will optimize out the exit condition since algebraically 2x+1>x for any nonnegative x. The result is an infinite loop and failure of the test after the 60-second timeout. Finding the max possible value for a signed integer type is actually a very hard problem in C. As far as I know it's impossible at compile-time and might even be impossible at runtime unless you make some assumptions (either the absence of padding bits, or the well-definedness of converting larger/unsigned types to signed types). The approach I would take is just: time_t_max = (time_t)1 << 8*sizeof(time_t)-2; If this test comes from higher-up (gnulib?) please forward my bug report to the relevant upstream. From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 10:06:53 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 15:06:53 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiTQy-0007Ue-TN for submit@debbugs.gnu.org; Thu, 27 Jan 2011 10:06:53 -0500 Received: from mx1.redhat.com ([209.132.183.28]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiTQv-0007UQ-Ed for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 10:06:50 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id p0RFEvIJ027608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 27 Jan 2011 10:14:57 -0500 Received: from [10.3.113.146] (ovpn-113-146.phx2.redhat.com [10.3.113.146]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p0RFEue2013965; Thu, 27 Jan 2011 10:14:56 -0500 Message-ID: <4D418BF0.2070206@redhat.com> Date: Thu, 27 Jan 2011 08:14:56 -0700 From: Eric Blake Organization: Red Hat User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.7 MIME-Version: 1.0 To: Rich Felker Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop References: <20110127052159.GA1091@brightrain.aerifal.cx> In-Reply-To: <20110127052159.GA1091@brightrain.aerifal.cx> X-Enigmail-Version: 1.1.2 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigAD5DFE6155D2DC45BBF356FB" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-Spam-Score: -10.2 (----------) X-Debbugs-Envelope-To: 7928 Cc: bug-gnulib , 7928@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -10.2 (----------) This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigAD5DFE6155D2DC45BBF356FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable [adding bug-gnulib, as requested] On 01/26/2011 10:21 PM, Rich Felker wrote: > The configure test for mktime (m4/mktime.m4) contains the following > code: >=20 > for (;;) > { > t =3D (time_t_max << 1) + 1; > if (t <=3D time_t_max) > break; > time_t_max =3D t; > } >=20 > This code has undefined behavior on signed integer overflow; at least > some versions of gcc, and any sane compiler, will optimize out the > exit condition since algebraically 2x+1>x for any nonnegative x. The > result is an infinite loop and failure of the test after the 60-second > timeout. Thanks for the report. > Finding the max possible value for a signed integer type is actually a > very hard problem in C. As far as I know it's impossible at > compile-time and might even be impossible at runtime unless you make > some assumptions (either the absence of padding bits, or the > well-definedness of converting larger/unsigned types to signed types). Agreed that padding bits make it impossible - but in reality, how many porting targets have such a signed type? Here's what we do in gnulib's "intprops.h" for a compile-time designation that's accurate for every integer type on every platform that gnulib targets: /* True if negative values of the signed integer type T use two's complement, ones' complement, or signed magnitude representation, respectively. Much GNU code assumes two's complement, but some people like to be portable to all possible C hosts. */ # define TYPE_TWOS_COMPLEMENT(t) ((t) ~ (t) 0 =3D=3D (t) -1) # define TYPE_ONES_COMPLEMENT(t) ((t) ~ (t) 0 =3D=3D 0) # define TYPE_SIGNED_MAGNITUDE(t) ((t) ~ (t) 0 < (t) -1) /* True if the arithmetic type T is signed. */ # define TYPE_SIGNED(t) (! ((t) 0 < (t) -1)) /* The maximum and minimum values for the integer type T. These macros have undefined behavior if T is signed and has padding bits. If this is a problem for you, please let us know how to fix it for your host. */ # define TYPE_MINIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) 0 \ : TYPE_SIGNED_MAGNITUDE (t) \ ? ~ (t) 0 \ : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) # define TYPE_MAXIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) -1 \ : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) and no one has complained yet, so we might as well just use this same logic in m4/mktime.m4. > The approach I would take is just: >=20 > time_t_max =3D (time_t)1 << 8*sizeof(time_t)-2; 8 is a magic number; it would be better to use CHAR_BIT, as was done in intprops.h. > If this test comes from higher-up (gnulib?) please forward my bug > report to the relevant upstream. Forwarded; and the patch should be applied shortly. --=20 Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org --------------enigAD5DFE6155D2DC45BBF356FB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNQYvwAAoJEKeha0olJ0NqQ6YH/jFUV4ZjCvmwUJvseRRVfKYT e6V4IWoXdI+hQFqCM7PZshCCiF208MO1oXwkZNFLsIioNoDjl4n7R5KgTRW6KYas TXaCukwYqWdo3s/8hf2Hyi5EDnYtBMje+TwkgPE6BkgXLgAWe/yqscPlqmlcYv+g 7vg0OpKd7J80IfHF71PArFem+eV7Abi8IY7q6yWAbxtRj3WxpAqVDCl6iZU/tA0H SahZA6xTrm6GYJF1eyQRv7HJThyvvK6vSjQo+nHflpYX2mKo6uZOCwsOijxZQlUm HBD4Jo2QPqsu6au9U76DXdduYAikufcrpo4p/pHazZpg4rWx26lesTSVhzG9FIU= =X179 -----END PGP SIGNATURE----- --------------enigAD5DFE6155D2DC45BBF356FB-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 12:10:30 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 17:10:31 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiVMc-0001mH-KH for submit@debbugs.gnu.org; Thu, 27 Jan 2011 12:10:30 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13] helo=brightrain.aerifal.cx) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiVMa-0001m4-Dr for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 12:10:28 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1PiVeM-0002lZ-00; Thu, 27 Jan 2011 17:28:50 +0000 Date: Thu, 27 Jan 2011 12:28:50 -0500 To: Eric Blake Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop Message-ID: <20110127172850.GK19042@brightrain.aerifal.cx> References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D418BF0.2070206@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) From: Rich Felker X-Spam-Score: -3.6 (---) X-Debbugs-Envelope-To: 7928 Cc: bug-gnulib , 7928@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.5 (---) On Thu, Jan 27, 2011 at 08:14:56AM -0700, Eric Blake wrote: > # define TYPE_MINIMUM(t) \ > ((t) (! TYPE_SIGNED (t) \ > ? (t) 0 \ > : TYPE_SIGNED_MAGNITUDE (t) \ > ? ~ (t) 0 \ > : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) > # define TYPE_MAXIMUM(t) \ > ((t) (! TYPE_SIGNED (t) \ > ? (t) -1 \ > : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) The last line of this macro has UB due to signed integer overflow in the << operation. Replace it with (( (t)1 << CHAR_BIT*sizeof(time_t)-2 ) - 1) * 2 + 1 Which for a 32-bit type would expand as: (0x40000000 - 1) * 2 + 1 0x3fffffff *2 + 1 0x7ffffffe + 1 0x7fffffff With no overflows. > and no one has complained yet, so we might as well just use this same > logic in m4/mktime.m4. Well apparently no one complained about the overflow in coreutils either. Perhaps later gcc versions are more forgiving; I found it building on a system where I have to use gcc 3.2.3, which, being one of the earlier versions to utilize the UB of signed overflow, might be less diplomatic about it. Anyway to avoid future trouble, I would strive to remove all signed overflow UB from the tests even if it doesn't presently hurt anyone. > 8 is a magic number; it would be better to use CHAR_BIT, as was done in > intprops.h. As you wish. This code (coreutils) is sufficiently POSIX-like-system dependent that I thought using POSIX's requirement CHAR_BIT==8 was reasonable. > > If this test comes from higher-up (gnulib?) please forward my bug > > report to the relevant upstream. > > Forwarded; and the patch should be applied shortly. Thanks! Rich From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 12:49:04 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 17:49:05 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiVxw-0002fG-6F for submit@debbugs.gnu.org; Thu, 27 Jan 2011 12:49:04 -0500 Received: from smtp.cs.ucla.edu ([131.179.128.62]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiVxu-0002eo-DA for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 12:49:03 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 8335C39E80F5; Thu, 27 Jan 2011 09:57:12 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JdACYz3apJr; Thu, 27 Jan 2011 09:57:12 -0800 (PST) Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 14E0A39E80DC; Thu, 27 Jan 2011 09:57:12 -0800 (PST) Message-ID: <4D41B1F2.2080706@cs.ucla.edu> Date: Thu, 27 Jan 2011 09:57:06 -0800 From: Paul Eggert Organization: UCLA Computer Science Department User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Rich Felker Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> In-Reply-To: <20110127172850.GK19042@brightrain.aerifal.cx> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -3.3 (---) X-Debbugs-Envelope-To: 7928 Cc: 7928@debbugs.gnu.org, bug-gnulib , Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.3 (---) On 01/27/11 09:28, Rich Felker wrote: > On Thu, Jan 27, 2011 at 08:14:56AM -0700, Eric Blake wrote: >> > # define TYPE_MINIMUM(t) \ >> > ((t) (! TYPE_SIGNED (t) \ >> > ? (t) 0 \ >> > : TYPE_SIGNED_MAGNITUDE (t) \ >> > ? ~ (t) 0 \ >> > : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) >> > # define TYPE_MAXIMUM(t) \ >> > ((t) (! TYPE_SIGNED (t) \ >> > ? (t) -1 \ >> > : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) > The last line of this macro has UB due to signed integer overflow in > the << operation. No it doesn't. ~ (t) 0 evaluates to -1, and -1 << 31 does not overflow. From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 13:07:06 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 18:07:06 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiWFN-00034N-Mz for submit@debbugs.gnu.org; Thu, 27 Jan 2011 13:07:05 -0500 Received: from mx1.redhat.com ([209.132.183.28]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiWFL-00033t-5K for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 13:07:04 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id p0RIFAqF032653 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 27 Jan 2011 13:15:10 -0500 Received: from [10.3.113.146] (ovpn-113-146.phx2.redhat.com [10.3.113.146]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p0RIF9Tn021979; Thu, 27 Jan 2011 13:15:09 -0500 Message-ID: <4D41B62C.9040606@redhat.com> Date: Thu, 27 Jan 2011 11:15:08 -0700 From: Eric Blake Organization: Red Hat User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.7 MIME-Version: 1.0 To: Paul Eggert Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> <4D41B1F2.2080706@cs.ucla.edu> In-Reply-To: <4D41B1F2.2080706@cs.ucla.edu> X-Enigmail-Version: 1.1.2 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigC06A80A216E478FCC57C3B03" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -10.2 (----------) X-Debbugs-Envelope-To: 7928 Cc: 7928@debbugs.gnu.org, bug-gnulib , Rich Felker X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -10.2 (----------) This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC06A80A216E478FCC57C3B03 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 01/27/2011 10:57 AM, Paul Eggert wrote: >>>> # define TYPE_MAXIMUM(t) \ >>>> ((t) (! TYPE_SIGNED (t) \ >>>> ? (t) -1 \ >>>> : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) >> The last line of this macro has UB due to signed integer overflow in >> the << operation. >=20 > No it doesn't. ~ (t) 0 evaluates to -1, and -1 << 31 does not > overflow. C99 states this (6.5.7 paragraph 4) The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits are filled with zeros. If E1 has an unsigned type, the value of the result is E1 =D7 2^E2 , reduced modulo one more than the maximum value representable in the result type. If E1 has a signed type and nonnegative value, and E1 =D7 2^E2 is representable in the result type, then that is the resulting value; otherwise, the behavior is undefined. In other words, the problem is not about overflow, but about undefined behavior. --=20 Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org --------------enigC06A80A216E478FCC57C3B03 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNQbYtAAoJEKeha0olJ0NqWFIH/jCA0xfUZp1LT8rZm9BGcUln xePEzsFRBQWUCf8VZgveG7eDFPPRbXbOSIl7yZIeysa08TX3T192BRg5Cy/AFEyg CPo0wvp+3LYDBDOxPb+LnYXpUJn2PyDovj92O5wdXqy38dI26+wV/GcGccndwJat V1MxhkDzLRF7k09lDXpA3oxnH9BHAJOVbKVSPpiKhDfLNfwW/ddyodPhpxX6ao0h expf4K8AtX8Y6fAIDZUdc+6/f3vPI6U8PN0hcUv/eFQH4QAFG1+R5L7g6xoOWuYZ 5WOz4sMMbvWaNyICtVQsRJx1cX3Gf3j4eaHBRFk85buMetVWQRxhFrtlxq2t9wQ= =OjHR -----END PGP SIGNATURE----- --------------enigC06A80A216E478FCC57C3B03-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 13:16:56 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 18:16:57 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiWOt-0003HT-W6 for submit@debbugs.gnu.org; Thu, 27 Jan 2011 13:16:56 -0500 Received: from smtp.cs.ucla.edu ([131.179.128.62]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiWOr-0003H9-NH for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 13:16:54 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id DFDF239E80F8; Thu, 27 Jan 2011 10:25:03 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hg7hwSUpx2MZ; Thu, 27 Jan 2011 10:25:03 -0800 (PST) Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 61AE539E80DC; Thu, 27 Jan 2011 10:25:03 -0800 (PST) Message-ID: <4D41B87F.8040207@cs.ucla.edu> Date: Thu, 27 Jan 2011 10:25:03 -0800 From: Paul Eggert Organization: UCLA Computer Science Department User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> <4D41B1F2.2080706@cs.ucla.edu> <4D41B62C.9040606@redhat.com> In-Reply-To: <4D41B62C.9040606@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -3.3 (---) X-Debbugs-Envelope-To: 7928 Cc: 7928@debbugs.gnu.org, bug-gnulib , Rich Felker X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.3 (---) On 01/27/11 10:15, Eric Blake wrote: > In other words, the problem is not about overflow, but about undefined > behavior. You're right that the behavior is not defined, but this should not be a problem in practice, any more than the * CHAR_BIT business should be a problem in practice (that also relies a not-guaranteed- by-the-standard assumption). Currently the code assumes that if time_t values are signed, then they use either two's complement, ones' complement, or signed magnitude representation internally, that left shift shifts those bits left, and that there are no padding bits. The assumptions about left-shift and no padding bits are not guaranteed by the C standard, but they are portable in practice, even when using the latest GCC with all the optimization bells and whistles enabled. It's unlikely that GCC will ever break expressions like -1 << 1 merely because the C standard lets it do that. From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 13:34:06 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 18:34:06 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiWfV-0003eE-NE for submit@debbugs.gnu.org; Thu, 27 Jan 2011 13:34:05 -0500 Received: from mo-p00-ob.rzone.de ([81.169.146.162]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiWfT-0003dj-C9 for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 13:34:04 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1296153732; l=1826; s=domk; d=haible.de; h=Content-Transfer-Encoding:Content-Type:MIME-Version:In-Reply-To: References:Cc:Date:Subject:To:From:X-RZG-CLASS-ID:X-RZG-AUTH; bh=FhDkwTOATXglkSl4omULZe65LQw=; b=e3KyyMO+T94YYF6Ud/dYCi4N8HMFd/1U9wp8dZwrdOVJ0dzn+lHfUrVQEh9iKK7MehH Nb+suMux27sQBDfd9dZc664XJTZJ5ORbmkpQ8y5J7lMYscFQe7jC5hzB1u82c4y3i+sCF 5CF/auV+q4kTPPKVFwEGUnewyB8YfqQhEfM= X-RZG-AUTH: :Ln4Re0+Ic/6oZXR1YgKryK8brksyK8dozXDwHXjf9hj/zDNRbfA44+iwyQ== X-RZG-CLASS-ID: mo00 Received: from linuix.haible.de (dslb-088-068-046-137.pools.arcor-ip.net [88.68.46.137]) by post.strato.de (fruni mo29) (RZmta 25.1) with ESMTPA id u03529n0RIKSTL ; Thu, 27 Jan 2011 19:42:12 +0100 (MET) From: Bruno Haible To: bug-gnulib@gnu.org Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop Date: Thu, 27 Jan 2011 19:42:10 +0100 User-Agent: KMail/1.9.9 References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> In-Reply-To: <20110127172850.GK19042@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <201101271942.11429.bruno@clisp.org> X-Spam-Score: -3.5 (---) X-Debbugs-Envelope-To: 7928 Cc: Eric Blake , Rich Felker , 7928@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.5 (---) Rich Felker wrote: > > # define TYPE_MAXIMUM(t) \ > > ((t) (! TYPE_SIGNED (t) \ > > ? (t) -1 \ > > : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) >=20 > The last line of this macro has UB due to signed integer overflow in > the << operation. No there is no overflow here. The ~ operator has higher syntactic precedence than the << operator, therefore the expression in the last line consists of 4 steps: 1. Take a zero. 2. Invert all bits. 3. Shift left by n-1 bits. 4. Invert all bits. Taking as reference, in all three cases (two's complement, one's complement, signed magnitude) the results are: - after step 1: 000...00 - after step 2: 111...11 - after step 3: 100...00 (and no overflow here, in two's complement) - after step 4: 011...11 ISO C 99 says about the << operator: "The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits are filled with zeros. If E1 has an unsigned type, the value of the result is E1 =D7 2^E2 , reduced modulo one more than the maximum value representable in the result type. If E1 has a signed type and nonnegative value, and E1 =D7 2^E2 is representable in the result type, then that is the resulting value; otherwise, the behavior is undefined." If you take the first sentence as a mandatory description of what << does, then ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)) is the bit pattern 011...11 on all systems and with all compilers. If you take the last sentence as more relevant than the first one, then any shift of any negative value is undefined behaviour. Do you mean to say that GCC produces undefined behaviour for shifts of negative values, even those where the result is negative (no overflow)? I've never seen a sign of that. Bruno From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 16:50:29 2011 Received: (at 7928) by debbugs.gnu.org; 27 Jan 2011 21:50:29 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiZjZ-0007ya-8C for submit@debbugs.gnu.org; Thu, 27 Jan 2011 16:50:29 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13] helo=brightrain.aerifal.cx) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiZjX-0007yM-7R for 7928@debbugs.gnu.org; Thu, 27 Jan 2011 16:50:27 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1Pia1G-0002zH-00; Thu, 27 Jan 2011 22:08:46 +0000 Date: Thu, 27 Jan 2011 17:08:46 -0500 To: Bruno Haible Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop Message-ID: <20110127220846.GL19042@brightrain.aerifal.cx> References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> <201101271942.11429.bruno@clisp.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201101271942.11429.bruno@clisp.org> User-Agent: Mutt/1.5.21 (2010-09-15) From: Rich Felker X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 7928 Cc: 7928@debbugs.gnu.org, Rich Felker , bug-gnulib@gnu.org, Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.9 (--) On Thu, Jan 27, 2011 at 07:42:10PM +0100, Bruno Haible wrote: > Do you mean to say that GCC produces undefined behaviour for shifts of > negative values, even those where the result is negative (no overflow)? > I've never seen a sign of that. I mean to say that left-shifting a negative value *at all* is undefined behavior. I doubt gcc will ever break it, but why not use my version of the code that's 100% safe and never invokes undefined behavior? Rich From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 02:34:17 2011 Received: (at 7928) by debbugs.gnu.org; 28 Jan 2011 07:34:17 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiiqX-0004E7-9i for submit@debbugs.gnu.org; Fri, 28 Jan 2011 02:34:17 -0500 Received: from smtp.cs.ucla.edu ([131.179.128.62]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PiiqU-0004Du-Os for 7928@debbugs.gnu.org; Fri, 28 Jan 2011 02:34:15 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 276C739E80F0; Thu, 27 Jan 2011 23:42:26 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ctPCCSuevipK; Thu, 27 Jan 2011 23:42:25 -0800 (PST) Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net [71.189.109.235]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id B7BC539E80DC; Thu, 27 Jan 2011 23:42:25 -0800 (PST) Message-ID: <4D427361.6080601@cs.ucla.edu> Date: Thu, 27 Jan 2011 23:42:25 -0800 From: Paul Eggert Organization: UCLA Computer Science Department User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Rich Felker Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> <201101271942.11429.bruno@clisp.org> <20110127220846.GL19042@brightrain.aerifal.cx> In-Reply-To: <20110127220846.GL19042@brightrain.aerifal.cx> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: -2.9 (--) X-Debbugs-Envelope-To: 7928 Cc: 7928@debbugs.gnu.org, bug-gnulib@gnu.org, Bruno Haible , Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.9 (--) On 01/27/2011 02:08 PM, Rich Felker wrote: > I mean to say that left-shifting a negative value *at all* is > undefined behavior. I doubt gcc will ever break it, but why not use my > version of the code that's 100% safe and never invokes undefined > behavior? Your version of the code provokes similar undefined behavior when computing TYPE_MINIMUM, which means that overall it's no more reliable than what's there now. An advantage of the current approach is that there's a clear relationship between TYPE_MINIMUM and TYPE_MAXIMUM, and this aids understanding. If it could be done just as clearly by other means, that would be OK too. From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 12:19:19 2011 Received: (at 7928) by debbugs.gnu.org; 28 Jan 2011 17:19:20 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Piryh-0001ho-3u for submit@debbugs.gnu.org; Fri, 28 Jan 2011 12:19:19 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13] helo=brightrain.aerifal.cx) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Piryf-0001hc-DG for 7928@debbugs.gnu.org; Fri, 28 Jan 2011 12:19:17 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1PisGl-0007jN-00; Fri, 28 Jan 2011 17:37:59 +0000 Date: Fri, 28 Jan 2011 12:37:59 -0500 To: Paul Eggert Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop Message-ID: <20110128173759.GM19042@brightrain.aerifal.cx> References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> <201101271942.11429.bruno@clisp.org> <20110127220846.GL19042@brightrain.aerifal.cx> <4D427361.6080601@cs.ucla.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D427361.6080601@cs.ucla.edu> User-Agent: Mutt/1.5.21 (2010-09-15) From: Rich Felker X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 7928 Cc: 7928@debbugs.gnu.org, bug-gnulib@gnu.org, Bruno Haible , Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.7 (--) On Thu, Jan 27, 2011 at 11:42:25PM -0800, Paul Eggert wrote: > On 01/27/2011 02:08 PM, Rich Felker wrote: > > I mean to say that left-shifting a negative value *at all* is > > undefined behavior. I doubt gcc will ever break it, but why not use my > > version of the code that's 100% safe and never invokes undefined > > behavior? > > Your version of the code provokes similar undefined behavior > when computing TYPE_MINIMUM, which means that overall it's > no more reliable than what's there now. An advantage of > the current approach is that there's a clear relationship > between TYPE_MINIMUM and TYPE_MAXIMUM, and this aids understanding. > If it could be done just as clearly by other means, that would > be OK too. My version only computes the maximum. The minimum is -max if the type is sign/magnitude or ones complement and -max-1 if the type is twos complement. Testing which of the three allowable signed integer representations is used is easy: compare ~(t)1 against and -(t)1 and -(t)2. Rich From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 12:49:29 2011 Received: (at 7928) by debbugs.gnu.org; 28 Jan 2011 17:49:30 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PisRt-00039b-7B for submit@debbugs.gnu.org; Fri, 28 Jan 2011 12:49:29 -0500 Received: from mo-p00-ob.rzone.de ([81.169.146.160]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PisRr-00039M-Ax for 7928@debbugs.gnu.org; Fri, 28 Jan 2011 12:49:28 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1296237459; l=375; s=domk; d=haible.de; h=Content-Transfer-Encoding:Content-Type:MIME-Version:In-Reply-To: References:Cc:Date:Subject:To:From:X-RZG-CLASS-ID:X-RZG-AUTH; bh=LgzGWr9Bla20MPfBhMt0rLAAvsw=; b=dPzFOD3B3qg5FWGA3uYU7RMRna0VmpZsj/CUH9M3w2UJHOjnqcGtxT2FUgBQfeKgymV 6eT37QY6pMy3UWTPm7XzjICgmecgglcK4cAhFJ/QKKhf3m1EGF8m32Ukr6P1qxA/i6Aci uj9zQcuShCVLBeMwy5WU1FfX6lmXVH0BGF8= X-RZG-AUTH: :Ln4Re0+Ic/6oZXR1YgKryK8brksyK8dozXDwHXjf9hj/zDNRbfA44+iwyQ== X-RZG-CLASS-ID: mo00 Received: from linuix.haible.de (dslb-088-068-046-137.pools.arcor-ip.net [88.68.46.137]) by post.strato.de (jimi mo42) (RZmta 25.1) with ESMTPA id J02e8an0SG1kiM ; Fri, 28 Jan 2011 18:57:24 +0100 (MET) From: Bruno Haible To: Rich Felker Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop Date: Fri, 28 Jan 2011 18:57:22 +0100 User-Agent: KMail/1.9.9 References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D427361.6080601@cs.ucla.edu> <20110128173759.GM19042@brightrain.aerifal.cx> In-Reply-To: <20110128173759.GM19042@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <201101281857.23999.bruno@clisp.org> X-Spam-Score: -3.5 (---) X-Debbugs-Envelope-To: 7928 Cc: bug-gnulib@gnu.org, Paul Eggert , 7928@debbugs.gnu.org, Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.4 (---) Rich Felker wrote: > Testing which of the three allowable signed integer > representations is used is easy: compare ~(t)1 against and -(t)1 and > -(t)2. Testing which of the three signed integer representations is in use is not even needed: Your formula ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1) yields the correct result in all three cases. Bruno From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 13:55:18 2011 Received: (at 7928) by debbugs.gnu.org; 28 Jan 2011 18:55:19 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PitTa-0006BJ-EV for submit@debbugs.gnu.org; Fri, 28 Jan 2011 13:55:18 -0500 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13] helo=brightrain.aerifal.cx) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PitTY-0006B7-Np for 7928@debbugs.gnu.org; Fri, 28 Jan 2011 13:55:17 -0500 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1Pitlf-0007oA-00; Fri, 28 Jan 2011 19:13:59 +0000 Date: Fri, 28 Jan 2011 14:13:59 -0500 To: Bruno Haible Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop Message-ID: <20110128191359.GN19042@brightrain.aerifal.cx> References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D427361.6080601@cs.ucla.edu> <20110128173759.GM19042@brightrain.aerifal.cx> <201101281857.23999.bruno@clisp.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201101281857.23999.bruno@clisp.org> User-Agent: Mutt/1.5.21 (2010-09-15) From: Rich Felker X-Spam-Score: -1.7 (-) X-Debbugs-Envelope-To: 7928 Cc: bug-gnulib@gnu.org, Paul Eggert , 7928@debbugs.gnu.org, Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.5 (--) On Fri, Jan 28, 2011 at 06:57:22PM +0100, Bruno Haible wrote: > Rich Felker wrote: > > Testing which of the three allowable signed integer > > representations is used is easy: compare ~(t)1 against and -(t)1 and > > -(t)2. > > Testing which of the three signed integer representations is in use > is not even needed: Your formula > ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1) > yields the correct result in all three cases. It yields the correct max. However, getting the min requires knowing whether min is -max or -max-1. This depends on which of the representations is used: min = ~(t)1 == -(t)2 ? -max-1 : -max; Rich From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 30 02:56:37 2011 Received: (at 7928-done) by debbugs.gnu.org; 30 Jan 2011 07:56:38 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PjS9F-0004hU-4C for submit@debbugs.gnu.org; Sun, 30 Jan 2011 02:56:37 -0500 Received: from smtp.cs.ucla.edu ([131.179.128.62]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PjS9D-0004hI-1i for 7928-done@debbugs.gnu.org; Sun, 30 Jan 2011 02:56:36 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id C43A639E80DF; Sun, 30 Jan 2011 00:04:51 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fFI6gZgBfP1; Sun, 30 Jan 2011 00:04:51 -0800 (PST) Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net [71.189.109.235]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id C7CB539E8083; Sun, 30 Jan 2011 00:04:50 -0800 (PST) Message-ID: <4D451BA2.80604@cs.ucla.edu> Date: Sun, 30 Jan 2011 00:04:50 -0800 From: Paul Eggert Organization: UCLA Computer Science Department User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Rich Felker Subject: Re: bug#7928: mktime test in configure: UB resulting in infinite loop References: <20110127052159.GA1091@brightrain.aerifal.cx> <4D418BF0.2070206@redhat.com> <20110127172850.GK19042@brightrain.aerifal.cx> <201101271942.11429.bruno@clisp.org> <20110127220846.GL19042@brightrain.aerifal.cx> <4D427361.6080601@cs.ucla.edu> In-Reply-To: <4D427361.6080601@cs.ucla.edu> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: -2.9 (--) X-Debbugs-Envelope-To: 7928-done Cc: bug-gnulib@gnu.org, 7928-done@debbugs.gnu.org, Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.9 (--) On 01/27/2011 11:42 PM, Paul Eggert wrote: > If it could be done just as clearly by other means, that would > be OK too. To try to do that, I installed the following: --- ChangeLog | 13 +++++++++++++ lib/intprops.h | 4 ++-- lib/mktime.c | 2 +- lib/strtol.c | 4 ++-- m4/mktime.m4 | 7 ++++--- m4/nanosleep.m4 | 4 ++-- m4/parse-datetime.m4 | 8 +++++--- m4/stdint.m4 | 8 +++++--- 8 files changed, 34 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index fdaf383..ded04f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,18 @@ 2011-01-29 Paul Eggert + TYPE_MAXIMUM: avoid theoretically undefined behavior + * lib/intprops.h (TYPE_MINIMUM, TYPE_MAXIMUM): Do not shift a + negative number, which the C Standard says has undefined behavior. + In practice this is not a problem, but might as well do it by the book. + Reported by Rich Felker and Eric Blake; see + . + * lib/strtol.c (TYPE_MINIMUM, TYPE_MAXIMUM): Likewise. + * m4/mktime.m4 (AC_FUNC_MKTIME): Likewise. + * m4/nanosleep.m4 (gl_FUNC_NANOSLEEP): Likewise. + * m4/parse-datetime.m4 (gl_PARSE_DATETIME): Likewise. + * m4/stdint.m4 (gl_STDINT_H): Likewise. + * lib/mktime.c (TYPE_MAXIMUM): Redo slightly to match the others. + mktime: #undef mktime before #defining it * lib/mktime.c (mktime) [DEBUG]: #undef mktime before #defining it. diff --git a/lib/intprops.h b/lib/intprops.h index 511a5aa..58b1b3f 100644 --- a/lib/intprops.h +++ b/lib/intprops.h @@ -49,11 +49,11 @@ ? (t) 0 \ : TYPE_SIGNED_MAGNITUDE (t) \ ? ~ (t) 0 \ - : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) + : ~ TYPE_MAXIMUM (t))) # define TYPE_MAXIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) -1 \ - : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) /* Return zero if T can be determined to be an unsigned type. Otherwise, return 1. diff --git a/lib/mktime.c b/lib/mktime.c index d35bdd0..2486514 100644 --- a/lib/mktime.c +++ b/lib/mktime.c @@ -113,7 +113,7 @@ typedef long long int long_int; #define TYPE_MAXIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) -1 \ - : (((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) << 1) + 1))) + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) #ifndef TIME_T_MIN # define TIME_T_MIN TYPE_MINIMUM (time_t) diff --git a/lib/strtol.c b/lib/strtol.c index 747d70e..b6a761e 100644 --- a/lib/strtol.c +++ b/lib/strtol.c @@ -141,11 +141,11 @@ ? (t) 0 \ : TYPE_SIGNED_MAGNITUDE (t) \ ? ~ (t) 0 \ - : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) + : ~ TYPE_MAXIMUM (t))) # define TYPE_MAXIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) -1 \ - : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) # ifndef ULLONG_MAX # define ULLONG_MAX TYPE_MAXIMUM (unsigned long long) diff --git a/m4/mktime.m4 b/m4/mktime.m4 index 7836b76..56b2416 100644 --- a/m4/mktime.m4 +++ b/m4/mktime.m4 @@ -1,4 +1,4 @@ -# serial 18 +# serial 19 dnl Copyright (C) 2002-2003, 2005-2007, 2009-2011 Free Software Foundation, dnl Inc. dnl This file is free software; the Free Software Foundation @@ -175,12 +175,13 @@ main () time_t_max = (! time_t_signed ? (time_t) -1 - : ~ (~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1))); + : ((((time_t) 1 << (sizeof (time_t) * CHAR_BIT - 2)) - 1) + * 2 + 1)); time_t_min = (! time_t_signed ? (time_t) 0 : time_t_signed_magnitude ? ~ (time_t) 0 - : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)); + : ~ time_t_max); delta = time_t_max / 997; /* a suitable prime number */ for (i = 0; i < N_STRINGS; i++) diff --git a/m4/nanosleep.m4 b/m4/nanosleep.m4 index 233f1c1..34493bb 100644 --- a/m4/nanosleep.m4 +++ b/m4/nanosleep.m4 @@ -1,4 +1,4 @@ -# serial 32 +# serial 33 dnl From Jim Meyering. dnl Check for the nanosleep function. @@ -58,7 +58,7 @@ AC_DEFUN([gl_FUNC_NANOSLEEP], #define TYPE_MAXIMUM(t) \ ((t) (! TYPE_SIGNED (t) \ ? (t) -1 \ - : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) static void check_for_SIGALRM (int sig) diff --git a/m4/parse-datetime.m4 b/m4/parse-datetime.m4 index 2341de9..e665ef3 100644 --- a/m4/parse-datetime.m4 +++ b/m4/parse-datetime.m4 @@ -1,4 +1,4 @@ -# parse-datetime.m4 serial 18 +# parse-datetime.m4 serial 19 dnl Copyright (C) 2002-2006, 2008-2011 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, @@ -41,9 +41,11 @@ AC_DEFUN([gl_PARSE_DATETIME], #include /* for time_t */ #include /* for CHAR_BIT, LONG_MIN, LONG_MAX */ #define TYPE_MINIMUM(t) \ - ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) + ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ TYPE_MAXIMUM (t))) #define TYPE_MAXIMUM(t) \ - ((t) ((t) 0 < (t) -1 ? (t) -1 : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) + ((t) ((t) 0 < (t) -1 \ + ? (t) -1 \ + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) typedef int verify_min[2 * (LONG_MIN <= TYPE_MINIMUM (time_t)) - 1]; typedef int verify_max[2 * (TYPE_MAXIMUM (time_t) <= LONG_MAX) - 1]; ]])], diff --git a/m4/stdint.m4 b/m4/stdint.m4 index 43e1f70..26654c6 100644 --- a/m4/stdint.m4 +++ b/m4/stdint.m4 @@ -1,4 +1,4 @@ -# stdint.m4 serial 36 +# stdint.m4 serial 37 dnl Copyright (C) 2001-2011 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, @@ -145,9 +145,11 @@ uintmax_t j = UINTMAX_MAX; #include /* for CHAR_BIT */ #define TYPE_MINIMUM(t) \ - ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1))) + ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ TYPE_MAXIMUM (t))) #define TYPE_MAXIMUM(t) \ - ((t) ((t) 0 < (t) -1 ? (t) -1 : ~ (~ (t) 0 << (sizeof (t) * CHAR_BIT - 1)))) + ((t) ((t) 0 < (t) -1 \ + ? (t) -1 \ + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) struct s { int check_PTRDIFF: PTRDIFF_MIN == TYPE_MINIMUM (ptrdiff_t) -- 1.7.3 From unknown Tue Aug 19 07:27:18 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 27 Feb 2011 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator