[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] osdep: Make MIN/MAX evaluate arguments only once
From: |
Richard Henderson |
Subject: |
Re: [PATCH v3] osdep: Make MIN/MAX evaluate arguments only once |
Date: |
Tue, 2 Jun 2020 19:07:18 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
On 6/2/20 6:36 PM, Eric Blake wrote:
> --- a/include/exec/cpu-all.h
> +++ b/include/exec/cpu-all.h
> @@ -176,11 +176,9 @@ extern unsigned long reserved_va;
> * avoid setting bits at the top of guest addresses that might need
> * to be used for tags.
> */
> -#if MIN(TARGET_VIRT_ADDR_SPACE_BITS, TARGET_ABI_BITS) <= 32
> -# define GUEST_ADDR_MAX_ UINT32_MAX
> -#else
> -# define GUEST_ADDR_MAX_ (~0ul)
> -#endif
> +#define GUEST_ADDR_MAX_ \
> + ((MIN_CONST(TARGET_VIRT_ADDR_SPACE_BITS, TARGET_ABI_BITS) <= 32) ? \
> + UINT32_MAX : ~0ul)
This new expression is a type promotion to unsigned long...
> #define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : GUEST_ADDR_MAX_)
... which is probably ok, since it would be done here anyway.
But I did wonder why the change.
> +/*
> + * Two variations of MIN/MAX macros. The first is for runtime use, and
> + * evaluates arguments only once (so it is safe even with side
> + * effects), but will not work in constant contexts (such as array
> + * size declarations). The second is for compile-time use, where
> + * evaluating arguments twice is safe because the result is going to
> + * be constant anyway.
> + */
> +#undef MIN
> +#define MIN(a, b) \
> + ({ \
> + typeof(1 ? (a) : (b)) _a = (a), _b = (b); \
> + _a < _b ? _a : _b; \
> + })
> +#define MIN_CONST(a, b) \
> + __builtin_choose_expr( \
> + __builtin_constant_p(a) && __builtin_constant_p(b), \
> + (a) < (b) ? (a) : (b), \
> + __builtin_unreachable())
Is it possible to use qemu_build_not_reached?
I'd prefer we generate a compile-time error than a runtime trap (or nothing,
depending on compiler flags controlling __builtin_unreachable).
> diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
> index 42ce1dfcff77..d77add79b218 100644
> --- a/accel/tcg/translate-all.c
> +++ b/accel/tcg/translate-all.c
> @@ -2565,9 +2565,9 @@ int page_check_range(target_ulong start, target_ulong
> len, int flags)
> /* This function should never be called with addresses outside the
> guest address space. If this assert fires, it probably indicates
> a missing call to h2g_valid. */
> -#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
> - assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
> -#endif
> + if (TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS) {
> + assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
> + }
IIRC the ifdef is required for clang warnings vs the shift.
Have you tested that?
r~