From 8a5e398c52c7f8ca3e1a0e574cc2ba38224b759b Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Thu, 22 Dec 2022 00:03:06 +0100 Subject: Avoid negation of signed integers in C that may hold INT*_MIN. Reported by minoki. Recent C compilers 'take advantage' of the undefined behavior. This completely changes the meaning of expressions like (k == -k). --- src/lib_bit.c | 4 ++-- src/lj_asm_mips.h | 2 +- src/lj_carith.c | 2 +- src/lj_cparse.c | 2 +- src/lj_ctype.c | 2 +- src/lj_emit_arm.h | 2 +- src/lj_obj.h | 2 +- src/lj_opt_fold.c | 6 +++--- src/lj_parse.c | 12 ++++++------ src/lj_str.c | 2 +- src/lj_strscan.c | 20 ++++++++++---------- src/lj_vmmath.c | 8 ++++---- 12 files changed, 32 insertions(+), 32 deletions(-) diff --git a/src/lib_bit.c b/src/lib_bit.c index 9e75eef3..b7988d70 100644 --- a/src/lib_bit.c +++ b/src/lib_bit.c @@ -55,8 +55,8 @@ LJLIB_CF(bit_tohex) int32_t i, n = L->base+1 >= L->top ? 8 : lj_lib_checkbit(L, 2); const char *hexdigits = "0123456789abcdef"; char buf[8]; - if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; } - if (n > 8) n = 8; + if (n < 0) { n = (int32_t)(~(uint32_t)n+1u); hexdigits = "0123456789ABCDEF"; } + if ((uint32_t)n > 8) n = 8; for (i = n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; } lua_pushlstring(L, buf, (size_t)n); return 1; diff --git a/src/lj_asm_mips.h b/src/lj_asm_mips.h index c0e491a6..1d4c8a25 100644 --- a/src/lj_asm_mips.h +++ b/src/lj_asm_mips.h @@ -1227,7 +1227,7 @@ static void asm_arithov(ASMState *as, IRIns *ir) Reg right, left, tmp, dest = ra_dest(as, ir, RSET_GPR); if (irref_isk(ir->op2)) { int k = IR(ir->op2)->i; - if (ir->o == IR_SUBOV) k = -k; + if (ir->o == IR_SUBOV) k = (int)(~(unsigned int)k+1u); if (checki16(k)) { /* (dest < left) == (k >= 0 ? 1 : 0) */ left = ra_alloc1(as, ir->op1, RSET_GPR); asm_guard(as, k >= 0 ? MIPSI_BNE : MIPSI_BEQ, RID_TMP, RID_ZERO); diff --git a/src/lj_carith.c b/src/lj_carith.c index 462dbae4..231d7a8a 100644 --- a/src/lj_carith.c +++ b/src/lj_carith.c @@ -205,7 +205,7 @@ static int carith_int64(lua_State *L, CTState *cts, CDArith *ca, MMS mm) else *up = lj_carith_powu64(u0, u1); break; - case MM_unm: *up = (uint64_t)-(int64_t)u0; break; + case MM_unm: *up = ~u0+1u; break; default: lua_assert(0); break; } lj_gc_check(L); diff --git a/src/lj_cparse.c b/src/lj_cparse.c index df85d23b..8c681c56 100644 --- a/src/lj_cparse.c +++ b/src/lj_cparse.c @@ -477,7 +477,7 @@ static void cp_expr_prefix(CPState *cp, CPValue *k) } else if (cp_opt(cp, '+')) { cp_expr_unary(cp, k); /* Nothing to do (well, integer promotion). */ } else if (cp_opt(cp, '-')) { - cp_expr_unary(cp, k); k->i32 = -k->i32; + cp_expr_unary(cp, k); k->i32 = (int32_t)(~(uint32_t)k->i32+1); } else if (cp_opt(cp, '~')) { cp_expr_unary(cp, k); k->i32 = ~k->i32; } else if (cp_opt(cp, '!')) { diff --git a/src/lj_ctype.c b/src/lj_ctype.c index adbacaec..04e8c35c 100644 --- a/src/lj_ctype.c +++ b/src/lj_ctype.c @@ -577,7 +577,7 @@ GCstr *lj_ctype_repr_int64(lua_State *L, uint64_t n, int isunsigned) if (isunsigned) { *--p = 'U'; } else if ((int64_t)n < 0) { - n = (uint64_t)-(int64_t)n; + n = ~n+1u; sign = 1; } do { *--p = (char)('0' + n % 10); } while (n /= 10); diff --git a/src/lj_emit_arm.h b/src/lj_emit_arm.h index 2db07ef6..633afb49 100644 --- a/src/lj_emit_arm.h +++ b/src/lj_emit_arm.h @@ -154,7 +154,7 @@ static int emit_kdelta2(ASMState *as, Reg d, int32_t i) if (other) { int32_t delta = i - other; uint32_t sh, inv = 0, k2, k; - if (delta < 0) { delta = -delta; inv = ARMI_ADD^ARMI_SUB; } + if (delta < 0) { delta = (int32_t)(~(uint32_t)delta+1u); inv = ARMI_ADD^ARMI_SUB; } sh = lj_ffs(delta) & ~1; k2 = emit_isk12(0, delta & (255 << sh)); k = emit_isk12(0, delta & ~(255 << sh)); diff --git a/src/lj_obj.h b/src/lj_obj.h index ea8fe870..ef45ae12 100644 --- a/src/lj_obj.h +++ b/src/lj_obj.h @@ -327,7 +327,7 @@ typedef struct GCproto { #define PROTO_UV_IMMUTABLE 0x4000 /* Immutable upvalue. */ #define proto_kgc(pt, idx) \ - check_exp((uintptr_t)(intptr_t)(idx) >= (uintptr_t)-(intptr_t)(pt)->sizekgc, \ + check_exp((uintptr_t)(intptr_t)(idx) >= ~(uintptr_t)(pt)->sizekgc+1u, \ gcref(mref((pt)->k, GCRef)[(idx)])) #define proto_knumtv(pt, idx) \ check_exp((uintptr_t)(idx) < (pt)->sizekn, &mref((pt)->k, TValue)[(idx)]) diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c index e9a6532a..482abdef 100644 --- a/src/lj_opt_fold.c +++ b/src/lj_opt_fold.c @@ -236,7 +236,7 @@ static int32_t kfold_intop(int32_t k1, int32_t k2, IROp op) case IR_SUB: k1 -= k2; break; case IR_MUL: k1 *= k2; break; case IR_MOD: k1 = lj_vm_modi(k1, k2); break; - case IR_NEG: k1 = -k1; break; + case IR_NEG: k1 = (int32_t)(~(uint32_t)k1+1u); break; case IR_BAND: k1 &= k2; break; case IR_BOR: k1 |= k2; break; case IR_BXOR: k1 ^= k2; break; @@ -1160,7 +1160,7 @@ LJFOLDF(simplify_intsub_k) if (fright->i == 0) /* i - 0 ==> i */ return LEFTFOLD; fins->o = IR_ADD; /* i - k ==> i + (-k) */ - fins->op2 = (IRRef1)lj_ir_kint(J, -fright->i); /* Overflow for -2^31 ok. */ + fins->op2 = (IRRef1)lj_ir_kint(J, (int32_t)(~(uint32_t)fright->i+1u)); /* Overflow for -2^31 ok. */ return RETRYFOLD; } @@ -1191,7 +1191,7 @@ LJFOLDF(simplify_intsub_k64) if (k == 0) /* i - 0 ==> i */ return LEFTFOLD; fins->o = IR_ADD; /* i - k ==> i + (-k) */ - fins->op2 = (IRRef1)lj_ir_kint64(J, (uint64_t)-(int64_t)k); + fins->op2 = (IRRef1)lj_ir_kint64(J, ~k+1u); return RETRYFOLD; } diff --git a/src/lj_parse.c b/src/lj_parse.c index 5a8bcff9..57eb11cc 100644 --- a/src/lj_parse.c +++ b/src/lj_parse.c @@ -951,22 +951,22 @@ static void bcemit_unop(FuncState *fs, BCOp op, ExpDesc *e) #if LJ_HASFFI if (e->k == VKCDATA) { /* Fold in-place since cdata is not interned. */ GCcdata *cd = cdataV(&e->u.nval); - int64_t *p = (int64_t *)cdataptr(cd); + uint64_t *p = (uint64_t *)cdataptr(cd); if (cd->ctypeid == CTID_COMPLEX_DOUBLE) - p[1] ^= (int64_t)U64x(80000000,00000000); + p[1] ^= U64x(80000000,00000000); else - *p = -*p; + *p = ~*p+1u; return; } else #endif if (expr_isnumk(e) && !expr_numiszero(e)) { /* Avoid folding to -0. */ TValue *o = expr_numtv(e); if (tvisint(o)) { - int32_t k = intV(o); - if (k == -k) + int32_t k = intV(o), negk = (int32_t)(~(uint32_t)k+1u); + if (k == negk) setnumV(o, -(lua_Number)k); else - setintV(o, -k); + setintV(o, negk); return; } else { o->u64 ^= U64x(80000000,00000000); diff --git a/src/lj_str.c b/src/lj_str.c index 60912aed..f1fc8ee1 100644 --- a/src/lj_str.c +++ b/src/lj_str.c @@ -190,7 +190,7 @@ size_t LJ_FASTCALL lj_str_bufnum(char *s, cTValue *o) /* Print integer to buffer. Returns pointer to start. */ char * LJ_FASTCALL lj_str_bufint(char *p, int32_t k) { - uint32_t u = (uint32_t)(k < 0 ? -k : k); + uint32_t u = k < 0 ? ~(uint32_t)k+1u : (uint32_t)k; p += 1+10; do { *--p = (char)('0' + u % 10); } while (u /= 10); if (k < 0) *--p = '-'; diff --git a/src/lj_strscan.c b/src/lj_strscan.c index 914cfb7a..9e8023b5 100644 --- a/src/lj_strscan.c +++ b/src/lj_strscan.c @@ -124,19 +124,19 @@ static StrScanFmt strscan_hex(const uint8_t *p, TValue *o, case STRSCAN_INT: if (!(opt & STRSCAN_OPT_TONUM) && x < 0x80000000u+neg && !(x == 0 && neg)) { - o->i = neg ? -(int32_t)x : (int32_t)x; + o->i = neg ? (int32_t)(~x+1u) : (int32_t)x; return STRSCAN_INT; /* Fast path for 32 bit integers. */ } if (!(opt & STRSCAN_OPT_C)) { fmt = STRSCAN_NUM; break; } /* fallthrough */ case STRSCAN_U32: if (dig > 8) return STRSCAN_ERROR; - o->i = neg ? -(int32_t)x : (int32_t)x; + o->i = neg ? (int32_t)(~x+1u) : (int32_t)x; return STRSCAN_U32; case STRSCAN_I64: case STRSCAN_U64: if (dig > 16) return STRSCAN_ERROR; - o->u64 = neg ? (uint64_t)-(int64_t)x : x; + o->u64 = neg ? ~x+1u : x; return fmt; default: break; @@ -168,12 +168,12 @@ static StrScanFmt strscan_oct(const uint8_t *p, TValue *o, /* fallthrough */ case STRSCAN_U32: if ((x >> 32)) return STRSCAN_ERROR; - o->i = neg ? -(int32_t)x : (int32_t)x; + o->i = neg ? (int32_t)(~(uint32_t)x+1u) : (int32_t)x; break; default: case STRSCAN_I64: case STRSCAN_U64: - o->u64 = neg ? (uint64_t)-(int64_t)x : x; + o->u64 = neg ? ~x+1u : x; break; } return fmt; @@ -229,18 +229,18 @@ static StrScanFmt strscan_dec(const uint8_t *p, TValue *o, switch (fmt) { case STRSCAN_INT: if (!(opt & STRSCAN_OPT_TONUM) && x < 0x80000000u+neg) { - o->i = neg ? -(int32_t)x : (int32_t)x; + o->i = neg ? (int32_t)(~x+1u) : (int32_t)x; return STRSCAN_INT; /* Fast path for 32 bit integers. */ } if (!(opt & STRSCAN_OPT_C)) { fmt = STRSCAN_NUM; goto plainnumber; } /* fallthrough */ case STRSCAN_U32: if ((x >> 32) != 0) return STRSCAN_ERROR; - o->i = neg ? -(int32_t)x : (int32_t)x; + o->i = neg ? (int32_t)(~x+1u) : (int32_t)x; return STRSCAN_U32; case STRSCAN_I64: case STRSCAN_U64: - o->u64 = neg ? (uint64_t)-(int64_t)x : x; + o->u64 = neg ? ~x+1u : x; return fmt; default: plainnumber: /* Fast path for plain numbers < 2^63. */ @@ -418,7 +418,7 @@ StrScanFmt lj_strscan_scan(const uint8_t *p, TValue *o, uint32_t opt) if (xx >= STRSCAN_MAXEXP) return STRSCAN_ERROR; p++; } - ex += negx ? -(int32_t)xx : (int32_t)xx; + ex += negx ? (int32_t)(~xx+1u) : (int32_t)xx; } /* Parse suffix. */ @@ -456,7 +456,7 @@ StrScanFmt lj_strscan_scan(const uint8_t *p, TValue *o, uint32_t opt) o->n = -0.0; return STRSCAN_NUM; } else { - o->i = neg ? -(int32_t)x : (int32_t)x; + o->i = neg ? (int32_t)(~x+1u) : (int32_t)x; return STRSCAN_INT; } } diff --git a/src/lj_vmmath.c b/src/lj_vmmath.c index ff41ba28..6369bc6b 100644 --- a/src/lj_vmmath.c +++ b/src/lj_vmmath.c @@ -66,11 +66,11 @@ int32_t LJ_FASTCALL lj_vm_modi(int32_t a, int32_t b) { uint32_t y, ua, ub; lua_assert(b != 0); /* This must be checked before using this function. */ - ua = a < 0 ? (uint32_t)-a : (uint32_t)a; - ub = b < 0 ? (uint32_t)-b : (uint32_t)b; + ua = a < 0 ? ~(uint32_t)a+1u : (uint32_t)a; + ub = b < 0 ? ~(uint32_t)b+1u : (uint32_t)b; y = ua % ub; if (y != 0 && (a^b) < 0) y = y - ub; - if (((int32_t)y^b) < 0) y = (uint32_t)-(int32_t)y; + if (((int32_t)y^b) < 0) y = ~y+1u; return (int32_t)y; } #endif @@ -105,7 +105,7 @@ double lj_vm_powi(double x, int32_t k) else if (k == 0) return 1.0; else - return 1.0 / lj_vm_powui(x, (uint32_t)-k); + return 1.0 / lj_vm_powui(x, ~(uint32_t)k+1u); } /* Computes fpm(x) for extended math functions. */ -- cgit v1.2.1