On Tue, Nov 10, 2015 at 10:04:40AM +0000, Peter Maydell wrote: > On 9 November 2015 at 20:17, Michael S. Tsirkin <m...@redhat.com> wrote: > > On Mon, Nov 09, 2015 at 02:56:31PM +0000, Peter Maydell wrote: > >> Signed integer overflow in C is undefined behaviour, and the compiler > >> is at liberty to assume it can never happen and optimize accordingly. > >> In particular, the subtractions in hpet_time_after() and > >> hpet_time_after64() > >> were causing OSX clang to optimize the code such that it was prone to > >> hangs and complaints about the main loop stalling (presumably because > >> we were spending all our time trying to service very high frequency > >> HPET timer callbacks). The clang sanitizer confirms the UB: > >> > >> hw/timer/hpet.c:119:26: runtime error: signed integer overflow: > >> -2146967296 - 2147003978 cannot be represented in type 'int' > >> > >> Fix this by doing the subtraction as an unsigned operation and then > >> converting to signed for the comparison. > >> > >> Reported-by: Aaron Elkins <threc...@yahoo.com> > >> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> > > > > Agree, this makes no sense the way it's written. > > > > Reviewed-by: Michael S. Tsirkin <m...@redhat.com> > > > > I'll pick this up in the next pull if Paolo doesn't > > beat me to it. > > I went ahead and committed it to master yesterday; sorry > if that was a bit hasty of me.
That's fine too. > thanks > -- PMM
