Fix signed compare warning

Submitted by Daniel Santos on June 24, 2020, 11:20 p.m.

Details

Message ID 20200624232008.4093-1-daniel.santos@pobox.com
State New
Series "Fix signed compare warning"
Headers show

Commit Message

Daniel Santos June 24, 2020, 11:20 p.m.
Signed-off-by: Daniel Santos <daniel.santos@pobox.com>
---
 src/thread/__timedwait.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/src/thread/__timedwait.c b/src/thread/__timedwait.c
index 666093be..9829b93e 100644
--- a/src/thread/__timedwait.c
+++ b/src/thread/__timedwait.c
@@ -38,7 +38,7 @@  int __timedwait_cp(volatile int *addr, int val,
 	if (priv) priv = FUTEX_PRIVATE;
 
 	if (at) {
-		if (at->tv_nsec >= 1000000000UL) return EINVAL;
+		if ((unsigned long)at->tv_nsec >= 1000000000UL) return EINVAL;
 		if (__clock_gettime(clk, &to)) return EINVAL;
 		to.tv_sec = at->tv_sec - to.tv_sec;
 		if ((to.tv_nsec = at->tv_nsec - to.tv_nsec) < 0) {

Comments

Khem Raj June 25, 2020, 3:58 p.m.
On 6/24/20 4:20 PM, Daniel Santos wrote:
> Signed-off-by: Daniel Santos <daniel.santos@pobox.com>
> ---
>  src/thread/__timedwait.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/thread/__timedwait.c b/src/thread/__timedwait.c
> index 666093be..9829b93e 100644
> --- a/src/thread/__timedwait.c
> +++ b/src/thread/__timedwait.c
> @@ -38,7 +38,7 @@ int __timedwait_cp(volatile int *addr, int val,
>  	if (priv) priv = FUTEX_PRIVATE;
>  
>  	if (at) {
> -		if (at->tv_nsec >= 1000000000UL) return EINVAL;
> +		if ((unsigned long)at->tv_nsec >= 1000000000UL) return EINVAL;
>  		if (__clock_gettime(clk, &to)) return EINVAL;
>  		to.tv_sec = at->tv_sec - to.tv_sec;
>  		if ((to.tv_nsec = at->tv_nsec - to.tv_nsec) < 0) {
> 
may be use < 0 || >= 1000000000L and avoid the cast.
there is a similar issue in src/thread/pthread_cond_timedwait.c as well
Rich Felker June 25, 2020, 5:33 p.m.
On Thu, Jun 25, 2020 at 08:58:41AM -0700, Khem Raj wrote:
> 
> 
> On 6/24/20 4:20 PM, Daniel Santos wrote:
> > Signed-off-by: Daniel Santos <daniel.santos@pobox.com>
> > ---
> >  src/thread/__timedwait.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/thread/__timedwait.c b/src/thread/__timedwait.c
> > index 666093be..9829b93e 100644
> > --- a/src/thread/__timedwait.c
> > +++ b/src/thread/__timedwait.c
> > @@ -38,7 +38,7 @@ int __timedwait_cp(volatile int *addr, int val,
> >  	if (priv) priv = FUTEX_PRIVATE;
> >  
> >  	if (at) {
> > -		if (at->tv_nsec >= 1000000000UL) return EINVAL;
> > +		if ((unsigned long)at->tv_nsec >= 1000000000UL) return EINVAL;
> >  		if (__clock_gettime(clk, &to)) return EINVAL;
> >  		to.tv_sec = at->tv_sec - to.tv_sec;
> >  		if ((to.tv_nsec = at->tv_nsec - to.tv_nsec) < 0) {
> > 
> may be use < 0 || >= 1000000000L and avoid the cast.
> there is a similar issue in src/thread/pthread_cond_timedwait.c as well

This is not a bug but intentional usage of the language.
Daniel Santos June 26, 2020, 4:31 a.m.
On 6/25/20 10:58 AM, Khem Raj wrote:
>
> On 6/24/20 4:20 PM, Daniel Santos wrote:
>> Signed-off-by: Daniel Santos <daniel.santos@pobox.com>
>> ---
>>  src/thread/__timedwait.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/src/thread/__timedwait.c b/src/thread/__timedwait.c
>> index 666093be..9829b93e 100644
>> --- a/src/thread/__timedwait.c
>> +++ b/src/thread/__timedwait.c
>> @@ -38,7 +38,7 @@ int __timedwait_cp(volatile int *addr, int val,
>>  	if (priv) priv = FUTEX_PRIVATE;
>>  
>>  	if (at) {
>> -		if (at->tv_nsec >= 1000000000UL) return EINVAL;
>> +		if ((unsigned long)at->tv_nsec >= 1000000000UL) return EINVAL;
>>  		if (__clock_gettime(clk, &to)) return EINVAL;
>>  		to.tv_sec = at->tv_sec - to.tv_sec;
>>  		if ((to.tv_nsec = at->tv_nsec - to.tv_nsec) < 0) {
>>
> may be use < 0 || >= 1000000000L and avoid the cast.
> there is a similar issue in src/thread/pthread_cond_timedwait.c as well
Thank you for that.  I'll resubmit changing both instances.

In this case, the POSIX spec requires nt_nsec to be a long (
https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/time.h.html
).  Either way, a good optimizer should convert this into an unsigned
compare.  My early years in 6502 assembly sort-of shapes my thinking, as
I try to write higher level code as similarly to the assembly I presume
the compiler will emit.  But if the project has a strong preference to
avoid casts, I can change it.

Thanks!
Daniel
Jeffrey Walton June 26, 2020, 6:26 a.m.
On Fri, Jun 26, 2020 at 2:20 AM Daniel Santos <daniel@gsat.us> wrote:
>
> ...
> >>      if (at) {
> >> -            if (at->tv_nsec >= 1000000000UL) return EINVAL;
> >> +            if ((unsigned long)at->tv_nsec >= 1000000000UL) return EINVAL;
> >>              if (__clock_gettime(clk, &to)) return EINVAL;
> >>              to.tv_sec = at->tv_sec - to.tv_sec;
> >>              if ((to.tv_nsec = at->tv_nsec - to.tv_nsec) < 0) {
> >>
> > may be use < 0 || >= 1000000000L and avoid the cast.
> > there is a similar issue in src/thread/pthread_cond_timedwait.c as well
> Thank you for that.  I'll resubmit changing both instances.
>
> In this case, the POSIX spec requires nt_nsec to be a long (
> https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/time.h.html
> ).  Either way, a good optimizer should convert this into an unsigned

I believe the C language says the signed value gets promoted to an
unsigned value. I don't believe the optimizer has anything to do with
it.

That's why -1 is greater than 1 in C:

    int x = -1;
    unsigned int y = 1;
    if (x > y)
        printf("WTF???\n");

Jeff
Daniel Santos July 4, 2020, 9:13 p.m.
On 6/26/20 1:26 AM, Jeffrey Walton wrote:
> On Fri, Jun 26, 2020 at 2:20 AM Daniel Santos <daniel@gsat.us> wrote:
>> ...
>>>>      if (at) {
>>>> -            if (at->tv_nsec >= 1000000000UL) return EINVAL;
>>>> +            if ((unsigned long)at->tv_nsec >= 1000000000UL) return EINVAL;
>>>>              if (__clock_gettime(clk, &to)) return EINVAL;
>>>>              to.tv_sec = at->tv_sec - to.tv_sec;
>>>>              if ((to.tv_nsec = at->tv_nsec - to.tv_nsec) < 0) {
>>>>
>>> may be use < 0 || >= 1000000000L and avoid the cast.
>>> there is a similar issue in src/thread/pthread_cond_timedwait.c as well
>> Thank you for that.  I'll resubmit changing both instances.
>>
>> In this case, the POSIX spec requires nt_nsec to be a long (
>> https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/time.h.html
>> ).  Either way, a good optimizer should convert this into an unsigned
> I believe the C language says the signed value gets promoted to an
> unsigned value. I don't believe the optimizer has anything to do with
> it.
>
> That's why -1 is greater than 1 in C:
>
>     int x = -1;
>     unsigned int y = 1;
>     if (x > y)
>         printf("WTF???\n");
>
> Jeff
Yes, I was referring to Khem's suggestion:

may be use < 0 || >= 1000000000L and avoid the cast.

The optimizer should convert this into a single unsigned compare on just
about any modern processor (e.g., two's compliment).

I suppose the real solution is to not add -Wextra to CFLAGS unless you
add -Wno-sign-compare, as musl intentionally uses this promotion rule.

Thanks!
Daniel