On 30/03/2023 9:50 am, Juergen Gross wrote:
> +static void wrl_xfer_credit(wrl_creditt *debit, wrl_creditt debit_floor,
> + wrl_creditt *credit, wrl_creditt credit_ceil)
> + /*
> + * Transfers zero or more credit from "debit" to "credit".
> + * Transfers as much as possible while maintaining
> + * debit >= debit_floor and credit <= credit_ceil.
> + * (If that's violated already, does nothing.)
> + *
> + * Sufficient conditions to avoid overflow, either of:
> + * |every argument| <= 0x3fffffff
> + * |every argument| <= 1E9
> + * |every argument| <= WRL_CREDIT_MAX
> + * (And this condition is preserved.)
> + */
> +{
> + wrl_creditt xfer = MIN( *debit - debit_floor,
> + credit_ceil - *credit );
MIN() evaluates its parameters multiple times. I believe the only legal
way for the compiler to emit this code is to interleave double reads.
As with pretty much any C code, you want to read the pointers into
locals first, then operate on them, then write them out at the end.
~Andrew
