This is an archive of the discontinued LLVM Phabricator instance.

Differential D14845

[Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable Unit Tests
ClosedPublic

Authored by slingn on Nov 19 2015, 3:00 PM.

Details

Reviewers
davidxl
silvas
Commits
rG8a0654836e46: [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable Unit…
rL253870: [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable…
Summary

This change fixes the SaturatingMultiply<T>() function template to not cause undefined behavior with T=uint16_t.
Thanks to Richard Smith's contribution, it also no longer requires an integer division.

Patch by Richard Smith.

Diff Detail

Repository
rL LLVM

Event Timeline

slingn updated this revision to Diff 40709.Nov 19 2015, 3:00 PM
slingn retitled this revision from to [Support] Fix SaturatingMultiply<T>() to never cause overflow, Re-enable Unit Tests.
slingn updated this object.
slingn added reviewers: davidxl, silvas.
slingn added a subscriber: llvm-commits.
davidxl edited edge metadata.Nov 19 2015, 3:14 PM

Is there a bug in UBSan?

davidxl added a comment.Nov 19 2015, 4:02 PM

integer division is expensive. I wonder if we can take some fast path to by pass it

T Upper = Max >> (sizeof(T)*4);
if (X <= Upper && Y <= Upper)

return X * Y;

// regular stuff

slingn added a comment.Nov 19 2015, 5:36 PM

https://llvm.org/bugs/show_bug.cgi?id=25580

Apparently not a bug with UBSan - there was a valid problem with signed integer overflow due to up-conversion of integer types with the previous implementation.

davidxl added a subscriber: davidxl.Nov 19 2015, 5:54 PM

ok makes sense.

davidxl accepted this revision.Nov 19 2015, 5:55 PM
davidxl edited edge metadata.

If you have time, finding a way to speed up the method will be welcome (such as the fast path suggestion).

This revision is now accepted and ready to land.Nov 19 2015, 5:55 PM
rsmith added a subscriber: rsmith.Nov 19 2015, 7:27 PM

See the patch I posted on the other thread for this issue -- that should
avoid the UB and the division in all cases.

slingn updated this revision to Diff 40803.Nov 20 2015, 10:48 AM
slingn edited edge metadata.

Updated with Richard Smith's patch for SaturatingMultiply().

slingn retitled this revision from [Support] Fix SaturatingMultiply<T>() to never cause overflow, Re-enable Unit Tests to [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable Unit Tests.Nov 20 2015, 10:49 AM
slingn updated this object.
davidxl added a comment.Nov 20 2015, 11:17 AM

neat - count leading zeros instructions is very fast on intel platforms. The implementation completely removed the need for idiv.

rsmith added inline comments.Nov 20 2015, 11:39 AM
unittests/Support/MathExtrasTest.cpp
220 ↗(On Diff #40803)

It'd be useful to also test cases like ((1 << A) - 1) * ((1 << B) + K), for K in [-1, 0, 1] and A + B == numeric_limits<T>::digits, as those are interesting transition cases for the new algorithm (you get overflow iff A > B and K = 1). More generally, testcases where overflow almost happens or only just happens would be good here.

Also, coverage for 0 * Max and 0 * 0 would be good.

slingn updated this revision to Diff 40821.Nov 20 2015, 1:15 PM

Added unit tests based on rsmith's suggestions.

slingn marked an inline comment as done.Nov 20 2015, 1:16 PM
davidxl added a comment.Nov 20 2015, 4:41 PM

lgtm.

Closed by commit rL253870: [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable… (authored by slingn). · Explain WhyNov 23 2015, 7:36 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
include/
llvm/
Support/
30 lines
unittests/
Support/
48 lines

Diff 40932

llvm/trunk/include/llvm/Support/MathExtras.h

Show First 20 LinesShow All 665 Lines▼ Show 20 Lines else
return Z; return Z;
} }
/// \brief Multiply two unsigned integers, X and Y, of type T. /// \brief Multiply two unsigned integers, X and Y, of type T.
/// Clamp the result to the maximum representable value of T on overflow. /// Clamp the result to the maximum representable value of T on overflow.
template <typename T> template <typename T>
typename std::enable_if<std::is_unsigned<T>::value, T>::type typename std::enable_if<std::is_unsigned<T>::value, T>::type
SaturatingMultiply(T X, T Y) { SaturatingMultiply(T X, T Y) {
// Hacker's Delight, p. 30 // Hacker's Delight, p. 30 has a different algorithm, but we don't use that
T Z = X * Y; // because it fails for uint16_t (where multiplication can have undefined
if (Y != 0 && Z / Y != X) // behavior due to promotion to int), and requires a division in addition
return std::numeric_limits<T>::max(); // to the multiplication.
else
return Z; // Log2(Z) would be either Log2Z or Log2Z + 1.
// Special case: if X or Y is 0, Log2_64 gives -1, and Log2Z
// will necessarily be less than Log2Max as desired.
int Log2Z = Log2_64(X) + Log2_64(Y);
const T Max = std::numeric_limits<T>::max();
int Log2Max = Log2_64(Max);
if (Log2Z < Log2Max)
return X * Y;
if (Log2Z > Log2Max)
return Max;
// We're going to use the top bit, and maybe overflow one
// bit past it. Multiply all but the bottom bit then add
// that on at the end.
T Z = (X >> 1) * Y;
if (Z & ~(Max >> 1))
return Max;
Z <<= 1;
return (X & 1) ? SaturatingAdd(Z, Y) : Z;
} }
extern const float huge_valf; extern const float huge_valf;
} // End llvm namespace } // End llvm namespace
#endif #endif

llvm/trunk/unittests/Support/MathExtrasTest.cpp

Show First 20 LinesShow All 201 Lines▼ Show 20 Lines
TEST(MathExtras, SaturatingAdd) { TEST(MathExtras, SaturatingAdd) {
SaturatingAddTestHelper<uint8_t>(); SaturatingAddTestHelper<uint8_t>();
SaturatingAddTestHelper<uint16_t>(); SaturatingAddTestHelper<uint16_t>();
SaturatingAddTestHelper<uint32_t>(); SaturatingAddTestHelper<uint32_t>();
SaturatingAddTestHelper<uint64_t>(); SaturatingAddTestHelper<uint64_t>();
} }
template<typename T>
void SaturatingMultiplyTestHelper()
{
const T Max = std::numeric_limits<T>::max();
// Test basic multiplication.
EXPECT_EQ(T(6), SaturatingMultiply(T(2), T(3)));
EXPECT_EQ(T(6), SaturatingMultiply(T(3), T(2)));
// Test multiplication by zero.
EXPECT_EQ(T(0), SaturatingMultiply(T(0), T(0)));
EXPECT_EQ(T(0), SaturatingMultiply(T(1), T(0)));
EXPECT_EQ(T(0), SaturatingMultiply(T(0), T(1)));
EXPECT_EQ(T(0), SaturatingMultiply(Max, T(0)));
EXPECT_EQ(T(0), SaturatingMultiply(T(0), Max));
// Test multiplication by maximum value.
EXPECT_EQ(Max, SaturatingMultiply(Max, T(2)));
EXPECT_EQ(Max, SaturatingMultiply(T(2),Max));
EXPECT_EQ(Max, SaturatingMultiply(Max, Max));
// Test interesting boundary conditions for algorithm -
// ((1 << A) - 1) * ((1 << B) + K) for K in [-1, 0, 1]
// and A + B == std::numeric_limits<T>::digits.
// We expect overflow iff A > B and K = 1.
const int Digits = std::numeric_limits<T>::digits;
for (int A = 1, B = Digits - 1; B >= 1; ++A, --B) {
for (int K = -1; K <= 1; ++K) {
T X = (T(1) << A) - T(1);
T Y = (T(1) << B) + K;
bool OverflowExpected = A > B && K == 1;
if(OverflowExpected) {
EXPECT_EQ(Max, SaturatingMultiply(X, Y));
} else {
EXPECT_EQ(X * Y, SaturatingMultiply(X, Y));
}
}
}
}
TEST(MathExtras, SaturatingMultiply) {
SaturatingMultiplyTestHelper<uint8_t>();
SaturatingMultiplyTestHelper<uint16_t>();
SaturatingMultiplyTestHelper<uint32_t>();
SaturatingMultiplyTestHelper<uint64_t>();
}
} }