On 11/20/19 6:30 PM, Fangrui Song wrote:
> On 2019-11-20, Juan Quintela wrote:
>> Markus Armbruster <arm...@redhat.com> wrote:
>>> Fangrui Song <i...@maskray.me> writes:
>>>
>>>> The warning will be enabled by default in clang 10. It is not
>>>> available for clang <= 9.
>>>>
>>>> qemu/migration/migration.c:2038:24: error: implicit conversion from
>>>> 'long' to 'double' changes value from 9223372036854775807 to
>>>> 9223372036854775808 [-Werror,-Wimplicit-int-float-conversion]
>>>> ...
>>>> qemu/util/cutils.c:245:23: error: implicit conversion from 'unsigned
>>>> long' to 'double' changes value from 18446744073709550592 to
>>>> 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
>>>>
>>>> Signed-off-by: Fangrui Song <i...@maskray.me>
>>>> ---
>>>> migration/migration.c | 4 ++--
>>>> util/cutils.c | 4 ++--
>>>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/migration/migration.c b/migration/migration.c
>>>> index 354ad072fa..ac3ea2934a 100644
>>>> --- a/migration/migration.c
>>>> +++ b/migration/migration.c
>>>> @@ -53,6 +53,7 @@
>>>> #include "monitor/monitor.h"
>>>> #include "net/announce.h"
>>>> #include "qemu/queue.h"
>>>> +#include <math.h>
>>>>
>>>> #define MAX_THROTTLE (32 << 20) /* Migration transfer speed
>>>> throttling */
>>>>
>>>> @@ -2035,11 +2036,10 @@ void qmp_migrate_set_downtime(double value, Error
>>>> **errp)
>>> if (value < 0 || value > MAX_MIGRATE_DOWNTIME_SECONDS) {
>>> error_setg(errp, "Parameter 'downtime_limit' expects an integer
>>> in "
>>> "the range of 0 to %d seconds",
>>> MAX_MIGRATE_DOWNTIME_SECONDS);
>>> return;
>>>> }
>>>
>>> @value is now in [0,2000].
>>>
>>>>
>>>> value *= 1000; /* Convert to milliseconds */
>>>
>>> @value is in [0,2000000]
>>>
>>>> - value = MAX(0, MIN(INT64_MAX, value));
>>>
>>> This does nothing.
>>>
>>>>
>>>> MigrateSetParameters p = {
>>>> .has_downtime_limit = true,
>>>> - .downtime_limit = value,
>>>> + .downtime_limit = (int64_t)fmin(value, nextafter(0x1p63, 0)),
>>>
>>> This does nothing and is hard to read :)
>>>
>>> Can we simply drop the offending line statement instead?
>>
>> Agreed aboutdropping the whole bussines for migration.
>>
>>
>>>> };
>>>>
>>>> qmp_migrate_set_parameters(&p, errp);
>>>> diff --git a/util/cutils.c b/util/cutils.c
>>>> index fd591cadf0..2b4484c015 100644
>>>> --- a/util/cutils.c
>>>> +++ b/util/cutils.c
>>>> @@ -239,10 +239,10 @@ static int do_strtosz(const char *nptr, const char
>>>> **end,
>>>> goto out;
>>>> }
>>>> /*
>>>> - * Values >= 0xfffffffffffffc00 overflow uint64_t after their trip
>>>> + * Values > nextafter(0x1p64, 0) overflow uint64_t after their trip
>>>> * through double (53 bits of precision).
>>>> */
>>>> - if ((val * mul >= 0xfffffffffffffc00) || val < 0) {
>>>> + if ((val * mul > nextafter(0x1p64, 0)) || val < 0) {
>>>> retval = -ERANGE;
>>>> goto out;
>>>> }
>>
>> This comment was really bad (it says the same that the code).
>> On the other hand, I can *kind of* understand what does 0xffff<more
>> f's here>.
>>
>> But I am at a complete loss about what value is:
>>
>> nextafter(0x1p64, 0).
>>
>> Can we put what value is that instead?
>
> It is a C99 hexadecimal floating-point literal.
> 0x1p64 represents hex fraction 1.0 scaled by 2**64, that is 2**64.
>
> We can write this as `val * mul > 0xfffffffffffff800p0`, but I feel that
> counting the number of f's is error-prone and is not fun.
>
> (We cannot use val * mul >= 0x1p64.
> If FLT_EVAL_METHOD == 2, the intermediate computation val * mul will be
> performed at long double precision, val * mul may not by representable
> by a double and will overflow as (double)0x1p64.)
I agree about not spelling out the f's, or the 0x800 at the end. That's
something that the compiler can do for us, resolving this standard library
function at compile-time.
We just need a better comment. Perhaps:
/*
* Values near UINT64_MAX overflow to 2**64 when converting
* to double precision. Compare against the maximum representable
* double precision value below 2**64, computed as "the next value
* after 2**64 (0x1p64) in the direction of 0".
*/
r~
