Title: Use the new __builtin_mul_overflow() of Clang and GCC 5 to check for integer overflow
Type: performance Stage:
Components: Interpreter Core Versions: Python 3.5
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: serhiy.storchaka, vstinner
Priority: normal Keywords:

Created on 2015-01-19 09:50 by vstinner, last changed 2015-05-25 22:59 by vstinner. This issue is now closed.

Messages (2)
msg234310 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-01-19 09:50
In CPython, almost all memory allocations are protected against integer overflow with code looking like that:

    if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
        return NULL;
    new_size = (struct_size + (length + 1) * char_size);

For performances, GCC 5 introduces __builtin_mul_overflow() which is an integer multiplication with overflow check. On x86/x86_64, it is implemented in hardware (assembler instruction JO, jump if overflow, if I remember correctly).

The function already exists in Clang: "... which existed in Clang/LLVM for a while" says According to this mail sent to the Linux kernel mailing list, the Linux kernel has functions like "check_mul_overflow(X, Y, C)".

For other compilers, it should be easy to reimplement it, but I don't know what is the most efficient implementation (Py_LOCAL_INLINE function in an header?)

GCC 5 changelog:

Note: GCC 5 is not released yet.
msg244065 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-05-25 22:59
I'm no more interested to work on this issue, so I just close it. It was more a reminder for myself than a real issue.
Date User Action Args
2015-05-25 22:59:31vstinnersetstatus: open -> closed
resolution: fixed
messages: + msg244065
2015-01-19 09:51:34vstinnersetnosy: + serhiy.storchaka
type: performance
components: + Interpreter Core
2015-01-19 09:50:10vstinnercreate