| Message ID | 1464760982-3721-1-git-send-email-rui.teng@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Jun 01, 2016 at 02:03:02PM +0800, Rui Teng wrote: > Sparse spits out the following warning: > security/commoncap.c:989:41: warning: dubious: !x | y > > Bitwise and logical are equivalent here, but logical was intended. > Replacing the bit-wise '|' with the boolean '||' silences the sparse warning. Hi, this looks ok, but I'm worried by > The generated code for both cases is the same. That cannot be. The logical result should be the same, but the generated code cannot be. I'm cc:ing Andy as this code came in with his patch. Is there an actual reason for having used bitwise here? thanks, -serge > Signed-off-by: Rui Teng <rui.teng@linux.vnet.ibm.com> > --- > security/commoncap.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/commoncap.c b/security/commoncap.c > index e7fadde..8f6fb24 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -976,7 +976,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, > > case PR_CAP_AMBIENT: > if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) { > - if (arg3 | arg4 | arg5) > + if (arg3 || arg4 || arg5) > return -EINVAL; > > new = prepare_creds(); > @@ -986,7 +986,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, > return commit_creds(new); > } > > - if (((!cap_valid(arg3)) | arg4 | arg5)) > + if (((!cap_valid(arg3)) || arg4 || arg5)) > return -EINVAL; > > if (arg2 == PR_CAP_AMBIENT_IS_SET) { > -- > 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 6/2/16 10:13 PM, Serge E. Hallyn wrote: > On Wed, Jun 01, 2016 at 02:03:02PM +0800, Rui Teng wrote: >> Sparse spits out the following warning: >> security/commoncap.c:989:41: warning: dubious: !x | y >> >> Bitwise and logical are equivalent here, but logical was intended. >> Replacing the bit-wise '|' with the boolean '||' silences the sparse warning. > > Hi, > > this looks ok, but I'm worried by > >> The generated code for both cases is the same. > > That cannot be. The logical result should be the same, but the > generated code cannot be. Thanks for cc:ing the author. I tried to write a sample code to verify it before. Both || and | will generate the same assembly code. For example, compiling following code with "gcc -O2 -S main.c", and replacing || with | can generate the same assembly code. - main.c ------------ int parse(int a, int b, int c) { if (a || b || c) return 1; else return 0; } Of cause, it is only a sample on x86, but even if the generated code is not the same, the logical will be better than bitwise. Because (a || b || c) means (a != 0 || b != 0 || c != 0), once a != 0, the whole expression will be true(short-circuit evaluation). and (a | b | c) means calculate the bitwise first and check the result in the end. And since the args are all integer, there is no need to avoid any short-circuit. > > I'm cc:ing Andy as this code came in with his patch. Is there an > actual reason for having used bitwise here? > > thanks, > -serge > >> Signed-off-by: Rui Teng <rui.teng@linux.vnet.ibm.com> >> --- >> security/commoncap.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/security/commoncap.c b/security/commoncap.c >> index e7fadde..8f6fb24 100644 >> --- a/security/commoncap.c >> +++ b/security/commoncap.c >> @@ -976,7 +976,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, >> >> case PR_CAP_AMBIENT: >> if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) { >> - if (arg3 | arg4 | arg5) >> + if (arg3 || arg4 || arg5) >> return -EINVAL; >> >> new = prepare_creds(); >> @@ -986,7 +986,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, >> return commit_creds(new); >> } >> >> - if (((!cap_valid(arg3)) | arg4 | arg5)) >> + if (((!cap_valid(arg3)) || arg4 || arg5)) >> return -EINVAL; >> >> if (arg2 == PR_CAP_AMBIENT_IS_SET) { >> -- >> 2.7.4 > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jun 03, 2016 at 12:53:07AM +0800, Rui Teng wrote: > Of cause, it is only a sample on x86, but even if the generated code is > not the same, the logical will be better than bitwise. > Because (a || b || c) means (a != 0 || b != 0 || c != 0), once a != 0, > the whole expression will be true(short-circuit evaluation). > and (a | b | c) means calculate the bitwise first and check the result > in the end. And since the args are all integer, there is no need to > avoid any short-circuit. Not obvious at all. Comparison of the cost of two OR plus one conditional branch vs. that of "short-circuited" variant is almost certainly going to be in favour of compiler using bitwise operations anyway. At the very least you'll need to examine the first value, so even in the fastest case it's test + branch taken. The rest is going to be worse and the whole thing is going to be not fun for the pipeline either, not to mention higher icache footprint, etc. So I would be quite surprised if cc(1) would use short-circuit there, whichever form you use in the source. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/commoncap.c b/security/commoncap.c index e7fadde..8f6fb24 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -976,7 +976,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, case PR_CAP_AMBIENT: if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) { - if (arg3 | arg4 | arg5) + if (arg3 || arg4 || arg5) return -EINVAL; new = prepare_creds(); @@ -986,7 +986,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, return commit_creds(new); } - if (((!cap_valid(arg3)) | arg4 | arg5)) + if (((!cap_valid(arg3)) || arg4 || arg5)) return -EINVAL; if (arg2 == PR_CAP_AMBIENT_IS_SET) {
Sparse spits out the following warning: security/commoncap.c:989:41: warning: dubious: !x | y Bitwise and logical are equivalent here, but logical was intended. Replacing the bit-wise '|' with the boolean '||' silences the sparse warning. The generated code for both cases is the same. Signed-off-by: Rui Teng <rui.teng@linux.vnet.ibm.com> --- security/commoncap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)