This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Use 1U everywhere in elf/elf.h.
- From: Alexander Cherepanov <ch3root at openwall dot com>
- To: libc-alpha at sourceware dot org
- Date: Tue, 21 Apr 2015 23:46:02 +0300
- Subject: Re: [PATCH] Use 1U everywhere in elf/elf.h.
- Authentication-results: sourceware.org; auth=none
- References: <54F9E0CE dot 8070303 at redhat dot com> <20150306180147 dot 7EA492C3B32 at topped-with-meat dot com>
On 2015-03-06 21:01, Roland McGrath wrote:
It you're going to do it, you should be consistent and cover all the ones
that aren't written using << too. (Every bare integer constant has type
int.)
It seems several distinct issues are conflated here.
1. How constants are computed. You cannot test for UB after the fact --
the harm is already is done. But writing a standalone test for it should
be easy -- just compile with UBSAN and run the following code:
#include <elf.h>
int main(void) { SHF_EXCLUDE; }
It should output the following message to stderr:
elf-ub.c:2:18: runtime error: left shift of 1 by 31 places cannot be
represented in type 'int'
IMHO fixing UB is useful independently of the other issues. If the type
of the constant is a concern its value can be replaced with INT32_MIN
without changing its type.
2. Deciding which type constants should have. Assuming that all
constants are positive and their corresponding fields are unsigned and
given that conversion to unsigned types is well-defined there is
probably no much problem here. Hence it's not as important as the first
item.
Further in the thread it's noted that some constants can be used with
different types (Elf32_Word and Elf64_Xword for sh_flags). Hence using
the least unsigned type capable of representing the constant is probably ok.
Also, if this is important you should write a test for it. I'm not
sure what is the easiest or best way to verify that a constant's type is
something in particular. Note that the right type is not necessarily
something like 'unsigned int', but is a type whose signedness matches and
whose width is no larger than, the type of the corresponding struct field.
You can check a constant against a given type:
#define check(x, type) (((x) < 0 || (x) > -1) == ((type)-1 < 0) &&
sizeof(x) <= sizeof(type))
The test can use some scripting to grovel the full set of macro names to
test, with some hand-written rules for choosing the type (e.g. 'R_*' ->
'Elf32_Word').
It this is possible then it can be used to add explicit casts to the
corresponding types to definitions of constant.
HTH.
--
Alexander Cherepanov