[Webkit-unassigned] [Bug 224835] New: Improve the precision of Checked operation with 64-bit types.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 20 15:32:02 PDT 2021


https://bugs.webkit.org/show_bug.cgi?id=224835

            Bug ID: 224835
           Summary: Improve the precision of Checked operation with 64-bit
                    types.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Basuke.Suzuki at sony.com

When building with clang 11 for PlayStation, it generates warning like this:

WTF/Headers\wtf/CheckedArithmetic.h:836:58: warning: implicit conversion from 'std::numeric_limits<unsigned long>::_Ty' (aka 'unsigned long') to 'double' changes value from 18446744073709551615 to 18446744073709551616 [-Wimplicit-const-int-float-conversion]
        if (!(std::numeric_limits<T>::min() <= result && std::numeric_limits<T>::max() >= result))
                                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~
../../Tools/TestWebKitAPI/Tests/WTF/CheckedArithmeticOperations.cpp:511:10: note: in instantiation of member function 'WTF::Checked<uint64_t, WTF::RecordOverflow>::operator/=' requested here
    size /= 10.5;
         ^
1 warning generated.

In file included from WebCore/DerivedSources/unified-sources/UnifiedSource-043dd90b-5.cpp:8:
../../Source/WebCore\rendering/RenderBlockFlow.cpp:1785:25: warning: implicit conversion from 'const int' to 'const float' changes value from 33554431 to 33554432 [-Wimplicit-const-int-float-conversion]
        logicalOffset = intMaxForLayoutUnit;
                      ~ ^~~~~~~~~~~~~~~~~~~
1 warning generated.

https://github.com/WebKit/WebKit/blob/f3be0ab411b677048ba40b760a6a65760ca64c1c/Source/WTF/wtf/CheckedArithmetic.h#L836

It says when converting the maximum number of unsigned long (8 byte) which is 0xffff'ffff'ffff'ffff (18'446'744'073'709'551'615) to double, that value is converted to 18'446'744'073'709'551'616 which is 0x1'0000'0000'0000'0000. This won't catch the case when result is 0x1'0000'0000'0000'0000.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210420/a61a87ac/attachment-0001.htm>


More information about the webkit-unassigned mailing list