[v2,1/1] utils: Use fixed-point arithmetic in qemu_strtosz

Message ID	20210315155835.1970210-2-richard.henderson@linaro.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=ofIk=IN=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6A39E64EF8 From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Subject: [PATCH v2 1/1] utils: Use fixed-point arithmetic in qemu_strtosz Date: Mon, 15 Mar 2021 09:58:35 -0600 Message-Id: <20210315155835.1970210-2-richard.henderson@linaro.org> In-Reply-To: <20210315155835.1970210-1-richard.henderson@linaro.org> References: <20210315155835.1970210-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::336; envelope-from=richard.henderson@linaro.org; helo=mail-ot1-x336.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: philmd@redhat.com, thuth@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	Fix qemu_strtosz regression \| expand [v2,0/1] Fix qemu_strtosz regression [v2,1/1] utils: Use fixed-point arithmetic in qemu_strtosz

Richard Henderson March 15, 2021, 3:58 p.m. UTC

Once we've parsed the fractional value, extract it into an integral
64-bit fraction.  Perform the scaling with integer arithemetic, and
simplify the overflow detection.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tests/unit/test-cutils.c |  2 +-
 util/cutils.c            | 50 ++++++++++++++++++++++++++++------------
 2 files changed, 36 insertions(+), 16 deletions(-)

Philippe Mathieu-Daudé March 15, 2021, 4:17 p.m. UTC | #1

On 3/15/21 4:58 PM, Richard Henderson wrote:
> Once we've parsed the fractional value, extract it into an integral
> 64-bit fraction.  Perform the scaling with integer arithemetic, and

Typo "arithmetic"

> simplify the overflow detection.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  tests/unit/test-cutils.c |  2 +-
>  util/cutils.c            | 50 ++++++++++++++++++++++++++++------------
>  2 files changed, 36 insertions(+), 16 deletions(-)
> 
> diff --git a/tests/unit/test-cutils.c b/tests/unit/test-cutils.c
> index bad3a60993..e025b54c05 100644
> --- a/tests/unit/test-cutils.c
> +++ b/tests/unit/test-cutils.c
> @@ -2128,7 +2128,7 @@ static void test_qemu_strtosz_float(void)
>      str = "12.345M";
>      err = qemu_strtosz(str, &endptr, &res);
>      g_assert_cmpint(err, ==, 0);
> -    g_assert_cmpint(res, ==, (uint64_t) (12.345 * MiB));
> +    g_assert_cmpint(res, ==, (uint64_t) (12.345 * MiB + 0.5));
>      g_assert(endptr == str + 7);
>  }
>  
> diff --git a/util/cutils.c b/util/cutils.c
> index d89a40a8c3..c442882b88 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
> @@ -275,10 +275,9 @@ static int do_strtosz(const char *nptr, const char **end,
>      int retval;
>      const char *endptr, *f;
>      unsigned char c;
> -    bool mul_required = false, hex = false;
> -    uint64_t val;
> +    bool hex = false;
> +    uint64_t val, valf = 0;
>      int64_t mul;
> -    double fraction = 0.0;
>  
>      /* Parse integral portion as decimal. */
>      retval = qemu_strtou64(nptr, &endptr, 10, &val);
> @@ -308,17 +307,19 @@ static int do_strtosz(const char *nptr, const char **end,
>           * without fractional digits.  If we see an exponent, treat
>           * the entire input as invalid instead.
>           */
> +        double fraction;
> +
>          f = endptr;
>          retval = qemu_strtod_finite(f, &endptr, &fraction);
>          if (retval) {
> -            fraction = 0.0;
>              endptr++;
>          } else if (memchr(f, 'e', endptr - f) || memchr(f, 'E', endptr - f)) {
>              endptr = nptr;
>              retval = -EINVAL;
>              goto out;
> -        } else if (fraction != 0) {
> -            mul_required = true;

I'm glad you removed this float-equal warning:

util/cutils.c: In function ‘do_strtosz’:
util/cutils.c:320:29: error: comparing floating-point with ‘==’ or ‘!=’
is unsafe [-Werror=float-equal]
  320 |         } else if (fraction != 0) {
      |                             ^~
cc1: all warnings being treated as errors

> +        } else {
> +            /* Extract into a 64-bit fixed-point fraction. */
> +            valf = (uint64_t)(fraction * 0x1p64);
>          }
>      }
>      c = *endptr;
> @@ -333,16 +334,35 @@ static int do_strtosz(const char *nptr, const char **end,
>          mul = suffix_mul(default_suffix, unit);
>          assert(mul > 0);
>      }
> -    if (mul == 1 && mul_required) {
> -        endptr = nptr;
> -        retval = -EINVAL;
> -        goto out;
> +    if (mul == 1) {
> +        /* When a fraction is present, a scale is required. */
> +        if (valf != 0) {
> +            endptr = nptr;
> +            retval = -EINVAL;
> +            goto out;
> +        }
> +    } else {
> +        uint64_t valh, tmp;
> +
> +        /* Compute exact result: 64.64 x 64.0 -> 128.64 fixed point */
> +        mulu64(&val, &valh, val, mul);
> +        mulu64(&valf, &tmp, valf, mul);
> +        val += tmp;
> +        valh += val < tmp;
> +
> +        /* Round 0.5 upward. */
> +        tmp = valf >> 63;
> +        val += tmp;
> +        valh += val < tmp;
> +
> +        /* Report overflow. */
> +        if (valh != 0) {
> +            retval = -ERANGE;
> +            goto out;
> +        }
>      }
> -    if (val > (UINT64_MAX - ((uint64_t) (fraction * mul))) / mul) {
> -        retval = -ERANGE;
> -        goto out;
> -    }
> -    *result = val * mul + (uint64_t) (fraction * mul);
> +
> +    *result = val;
>      retval = 0;
>  
>  out:
>

Eric Blake March 15, 2021, 4:30 p.m. UTC | #2

On 3/15/21 10:58 AM, Richard Henderson wrote:
> Once we've parsed the fractional value, extract it into an integral
> 64-bit fraction.  Perform the scaling with integer arithemetic, and
> simplify the overflow detection.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  tests/unit/test-cutils.c |  2 +-
>  util/cutils.c            | 50 ++++++++++++++++++++++++++++------------
>  2 files changed, 36 insertions(+), 16 deletions(-)
> 
> diff --git a/tests/unit/test-cutils.c b/tests/unit/test-cutils.c
> index bad3a60993..e025b54c05 100644
> --- a/tests/unit/test-cutils.c
> +++ b/tests/unit/test-cutils.c
> @@ -2128,7 +2128,7 @@ static void test_qemu_strtosz_float(void)
>      str = "12.345M";
>      err = qemu_strtosz(str, &endptr, &res);
>      g_assert_cmpint(err, ==, 0);
> -    g_assert_cmpint(res, ==, (uint64_t) (12.345 * MiB));
> +    g_assert_cmpint(res, ==, (uint64_t) (12.345 * MiB + 0.5));

This tweak makes sense ;)

>      g_assert(endptr == str + 7);
>  }
>  
> diff --git a/util/cutils.c b/util/cutils.c
> index d89a40a8c3..c442882b88 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
> @@ -275,10 +275,9 @@ static int do_strtosz(const char *nptr, const char **end,
>      int retval;
>      const char *endptr, *f;
>      unsigned char c;
> -    bool mul_required = false, hex = false;
> -    uint64_t val;
> +    bool hex = false;
> +    uint64_t val, valf = 0;
>      int64_t mul;
> -    double fraction = 0.0;
>  
>      /* Parse integral portion as decimal. */
>      retval = qemu_strtou64(nptr, &endptr, 10, &val);
> @@ -308,17 +307,19 @@ static int do_strtosz(const char *nptr, const char **end,
>           * without fractional digits.  If we see an exponent, treat
>           * the entire input as invalid instead.
>           */
> +        double fraction;
> +
>          f = endptr;
>          retval = qemu_strtod_finite(f, &endptr, &fraction);
>          if (retval) {
> -            fraction = 0.0;

dropped, because valf is already 0. Okay.

>              endptr++;
>          } else if (memchr(f, 'e', endptr - f) || memchr(f, 'E', endptr - f)) {
>              endptr = nptr;
>              retval = -EINVAL;
>              goto out;
> -        } else if (fraction != 0) {
> -            mul_required = true;
> +        } else {
> +            /* Extract into a 64-bit fixed-point fraction. */
> +            valf = (uint64_t)(fraction * 0x1p64);

Nice.

>          }
>      }
>      c = *endptr;
> @@ -333,16 +334,35 @@ static int do_strtosz(const char *nptr, const char **end,
>          mul = suffix_mul(default_suffix, unit);
>          assert(mul > 0);
>      }
> -    if (mul == 1 && mul_required) {
> -        endptr = nptr;
> -        retval = -EINVAL;
> -        goto out;
> +    if (mul == 1) {
> +        /* When a fraction is present, a scale is required. */
> +        if (valf != 0) {
> +            endptr = nptr;
> +            retval = -EINVAL;
> +            goto out;
> +        }
> +    } else {
> +        uint64_t valh, tmp;
> +
> +        /* Compute exact result: 64.64 x 64.0 -> 128.64 fixed point */
> +        mulu64(&val, &valh, val, mul);
> +        mulu64(&valf, &tmp, valf, mul);
> +        val += tmp;
> +        valh += val < tmp;
> +
> +        /* Round 0.5 upward. */
> +        tmp = valf >> 63;
> +        val += tmp;
> +        valh += val < tmp;
> +
> +        /* Report overflow. */
> +        if (valh != 0) {
> +            retval = -ERANGE;
> +            goto out;
> +        }

More verbose, but definitely exact.

>      }
> -    if (val > (UINT64_MAX - ((uint64_t) (fraction * mul))) / mul) {
> -        retval = -ERANGE;
> -        goto out;
> -    }
> -    *result = val * mul + (uint64_t) (fraction * mul);
> +
> +    *result = val;
>      retval = 0;
>  
>  out:
> 

Reviewed-by: Eric Blake <eblake@redhat.com>

Thomas Huth March 17, 2021, 7:09 a.m. UTC | #3

On 15/03/2021 16.58, Richard Henderson wrote:
> Once we've parsed the fractional value, extract it into an integral
> 64-bit fraction.  Perform the scaling with integer arithemetic, and
> simplify the overflow detection.

I've put this patch in my local branch, but I'm still getting a failure in 
the cutils test, this time in the Cirrus-CI with the MinGW build:

  https://cirrus-ci.com/task/5413753530351616?command=test#L543

Is it related or is this a different bug?

  Thomas

Eric Blake March 17, 2021, 11:16 a.m. UTC | #4

On 3/17/21 2:09 AM, Thomas Huth wrote:
> On 15/03/2021 16.58, Richard Henderson wrote:
>> Once we've parsed the fractional value, extract it into an integral
>> 64-bit fraction.  Perform the scaling with integer arithemetic, and
>> simplify the overflow detection.
> 
> I've put this patch in my local branch, but I'm still getting a failure
> in the cutils test, this time in the Cirrus-CI with the MinGW build:
> 
>  https://cirrus-ci.com/task/5413753530351616?command=test#L543
> 
> Is it related or is this a different bug?

ERROR test-cutils - Bail out!
ERROR:../tests/unit/test-cutils.c:2233:test_qemu_strtosz_trailing:
assertion failed (res == 0): (1024 == 0)

That's testing behavior on:

    str = "0x";
    err = qemu_strtosz(str, &endptr, &res);

which should parse as "0" with a suffix of 'x'.  It is an independent
issue (unrelated to the rounding issues fixed in rth's patch), and
rather appears to be a bug in mingw's libc for strtoull although I have
not actually set up an environment to test that assumption yet.

Eric Blake March 17, 2021, 1:02 p.m. UTC | #5

On 3/17/21 6:16 AM, Eric Blake wrote:
> On 3/17/21 2:09 AM, Thomas Huth wrote:
>> On 15/03/2021 16.58, Richard Henderson wrote:
>>> Once we've parsed the fractional value, extract it into an integral
>>> 64-bit fraction.  Perform the scaling with integer arithemetic, and
>>> simplify the overflow detection.
>>
>> I've put this patch in my local branch, but I'm still getting a failure
>> in the cutils test, this time in the Cirrus-CI with the MinGW build:
>>
>>  https://cirrus-ci.com/task/5413753530351616?command=test#L543
>>
>> Is it related or is this a different bug?
> 
> ERROR test-cutils - Bail out!
> ERROR:../tests/unit/test-cutils.c:2233:test_qemu_strtosz_trailing:
> assertion failed (res == 0): (1024 == 0)
> 
> That's testing behavior on:
> 
>     str = "0x";
>     err = qemu_strtosz(str, &endptr, &res);
> 
> which should parse as "0" with a suffix of 'x'.  It is an independent
> issue (unrelated to the rounding issues fixed in rth's patch), and
> rather appears to be a bug in mingw's libc for strtoull although I have
> not actually set up an environment to test that assumption yet.

Confirmed:
$ cat foo.c
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>

int main(void)
{
    unsigned long u;
    const char *str = "0x";
    char *end;
    errno = 0;
    u = strtoul(str, &end, 10);
    printf("%lu %s %d\n", u, end, errno);
    errno = 0;
    u = strtoul(str, &end, 16);
    printf("%lu %s %d\n", u, end, errno);

    str = "0xq";
    errno = 0;
    u = strtoul(str, &end, 10);
    printf("%lu %s %d\n", u, end, errno);
    errno = 0;
    u = strtoul(str, &end, 16);
    printf("%lu %s %d\n", u, end, errno);
    return 0;
}
$ gcc -o foo-linux -Wall foo.c
$ x86_64-w64-mingw32-gcc -o foo-mingw -Wall foo.c
$ ./foo-linux
0 x 0
0 x 0
0 xq 0
0 xq 0
$ wine ./foo-mingw 2>/dev/null
0 x 0
0 0x 0
0 xq 0
0 0xq 0

Mingw has a bug (and therefore so do all our qemu_strto* functions) when
parsing "0xgarbage" with a base of 0 or 16, in that it fails to advance
past the leading '0' (which is a valid parse).  Patch coming up.

[v2,1/1] utils: Use fixed-point arithmetic in qemu_strtosz

Commit Message

Comments

Patch