This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/llvm/Support/
-
llvm/
-
Support/
-
MathExtras.h
-
unittests/Support/
-
Support/
1/1
MathExtrasTest.cpp

Differential D14845

[Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable Unit Tests
ClosedPublic

Authored by slingn on Nov 19 2015, 3:00 PM.

Download Raw Diff

Details

Reviewers

davidxl
silvas

Commits

rG8a0654836e46: [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable Unit…
rL253870: [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable…

Summary

This change fixes the SaturatingMultiply<T>() function template to not cause undefined behavior with T=uint16_t.
Thanks to Richard Smith's contribution, it also no longer requires an integer division.

Patch by Richard Smith.

Diff Detail

Event Timeline

slingn updated this revision to Diff 40709.Nov 19 2015, 3:00 PM

slingn retitled this revision from to [Support] Fix SaturatingMultiply<T>() to never cause overflow, Re-enable Unit Tests.

slingn updated this object.

slingn added reviewers: davidxl, silvas.

slingn added a subscriber: llvm-commits.

Is there a bug in UBSan?

integer division is expensive. I wonder if we can take some fast path to by pass it

T Upper = Max >> (sizeof(T)*4);
if (X <= Upper && Y <= Upper)

return X * Y;

// regular stuff

https://llvm.org/bugs/show_bug.cgi?id=25580

Apparently not a bug with UBSan - there was a valid problem with signed integer overflow due to up-conversion of integer types with the previous implementation.

ok makes sense.

If you have time, finding a way to speed up the method will be welcome (such as the fast path suggestion).

This revision is now accepted and ready to land.Nov 19 2015, 5:55 PM

See the patch I posted on the other thread for this issue -- that should
avoid the UB and the division in all cases.

Updated with Richard Smith's patch for SaturatingMultiply().

slingn retitled this revision from [Support] Fix SaturatingMultiply<T>() to never cause overflow, Re-enable Unit Tests to [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable Unit Tests.Nov 20 2015, 10:49 AM

slingn updated this object.

neat - count leading zeros instructions is very fast on intel platforms. The implementation completely removed the need for idiv.

rsmith added inline comments.Nov 20 2015, 11:39 AM

unittests/Support/MathExtrasTest.cpp
220	It'd be useful to also test cases like `((1 << A) - 1) * ((1 << B) + K)`, for `K` in [-1, 0, 1] and `A + B == numeric_limits<T>::digits`, as those are interesting transition cases for the new algorithm (you get overflow iff `A > B` and `K = 1`). More generally, testcases where overflow almost happens or only just happens would be good here. Also, coverage for `0 * Max` and `0 * 0` would be good.

Added unit tests based on rsmith's suggestions.

lgtm.

Closed by commit rL253870: [Support] Fix SaturatingMultiply<T>() to be correct (and fast), Re-enable… (authored by slingn). · Explain WhyNov 23 2015, 7:36 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

include/

llvm/

Support/

MathExtras.h

30 lines

unittests/

Support/

MathExtrasTest.cpp

48 lines

Diff 40821

include/llvm/Support/MathExtras.h

Show First 20 Lines • Show All 665 Lines • ▼ Show 20 Lines	else
return Z;		return Z;
}		}

/// \brief Multiply two unsigned integers, X and Y, of type T.		/// \brief Multiply two unsigned integers, X and Y, of type T.
/// Clamp the result to the maximum representable value of T on overflow.		/// Clamp the result to the maximum representable value of T on overflow.
template <typename T>		template <typename T>
typename std::enable_if<std::is_unsigned<T>::value, T>::type		typename std::enable_if<std::is_unsigned<T>::value, T>::type
SaturatingMultiply(T X, T Y) {		SaturatingMultiply(T X, T Y) {
// Hacker's Delight, p. 30		// Hacker's Delight, p. 30 has a different algorithm, but we don't use that
T Z = X * Y;		// because it fails for uint16_t (where multiplication can have undefined
if (Y != 0 && Z / Y != X)		// behavior due to promotion to int), and requires a division in addition
return std::numeric_limits<T>::max();		// to the multiplication.
else
return Z;		// Log2(Z) would be either Log2Z or Log2Z + 1.
		// Special case: if X or Y is 0, Log2_64 gives -1, and Log2Z
		// will necessarily be less than Log2Max as desired.
		int Log2Z = Log2_64(X) + Log2_64(Y);
		const T Max = std::numeric_limits<T>::max();
		int Log2Max = Log2_64(Max);
		if (Log2Z < Log2Max)
		return X * Y;
		if (Log2Z > Log2Max)
		return Max;

		// We're going to use the top bit, and maybe overflow one
		// bit past it. Multiply all but the bottom bit then add
		// that on at the end.
		T Z = (X >> 1) * Y;
		if (Z & ~(Max >> 1))
		return Max;
		Z <<= 1;
		return (X & 1) ? SaturatingAdd(Z, Y) : Z;
}		}

extern const float huge_valf;		extern const float huge_valf;
} // End llvm namespace		} // End llvm namespace

#endif		#endif

unittests/Support/MathExtrasTest.cpp

	Show First 20 Lines • Show All 201 Lines • ▼ Show 20 Lines

	TEST(MathExtras, SaturatingAdd) {			TEST(MathExtras, SaturatingAdd) {
	SaturatingAddTestHelper<uint8_t>();			SaturatingAddTestHelper<uint8_t>();
	SaturatingAddTestHelper<uint16_t>();			SaturatingAddTestHelper<uint16_t>();
	SaturatingAddTestHelper<uint32_t>();			SaturatingAddTestHelper<uint32_t>();
	SaturatingAddTestHelper<uint64_t>();			SaturatingAddTestHelper<uint64_t>();
	}			}

				template<typename T>
				void SaturatingMultiplyTestHelper()
				{
				const T Max = std::numeric_limits<T>::max();

				// Test basic multiplication.
				EXPECT_EQ(T(6), SaturatingMultiply(T(2), T(3)));
				EXPECT_EQ(T(6), SaturatingMultiply(T(3), T(2)));

				// Test multiplication by zero.
				EXPECT_EQ(T(0), SaturatingMultiply(T(0), T(0)));
				rsmithUnsubmitted Done Reply Inline Actions It'd be useful to also test cases like `((1 << A) - 1) * ((1 << B) + K)`, for `K` in [-1, 0, 1] and `A + B == numeric_limits<T>::digits`, as those are interesting transition cases for the new algorithm (you get overflow iff `A > B` and `K = 1`). More generally, testcases where overflow almost happens or only just happens would be good here. Also, coverage for `0 * Max` and `0 * 0` would be good. rsmith: It'd be useful to also test cases like `((1 << A) - 1) * ((1 << B) + K)`, for `K` in [-1, 0, 1]…
				EXPECT_EQ(T(0), SaturatingMultiply(T(1), T(0)));
				EXPECT_EQ(T(0), SaturatingMultiply(T(0), T(1)));
				EXPECT_EQ(T(0), SaturatingMultiply(Max, T(0)));
				EXPECT_EQ(T(0), SaturatingMultiply(T(0), Max));

				// Test multiplication by maximum value.
				EXPECT_EQ(Max, SaturatingMultiply(Max, T(2)));
				EXPECT_EQ(Max, SaturatingMultiply(T(2),Max));
				EXPECT_EQ(Max, SaturatingMultiply(Max, Max));

				// Test interesting boundary conditions for algorithm -
				// ((1 << A) - 1) * ((1 << B) + K) for K in [-1, 0, 1]
				// and A + B == std::numeric_limits<T>::digits.
				// We expect overflow iff A > B and K = 1.
				const int Digits = std::numeric_limits<T>::digits;
				for (int A = 1, B = Digits - 1; B >= 1; ++A, --B) {
				for (int K = -1; K <= 1; ++K) {
				T X = (T(1) << A) - T(1);
				T Y = (T(1) << B) + K;
				bool OverflowExpected = A > B && K == 1;

				if(OverflowExpected) {
				EXPECT_EQ(Max, SaturatingMultiply(X, Y));
				} else {
				EXPECT_EQ(X * Y, SaturatingMultiply(X, Y));
				}
				}
				}
				}

				TEST(MathExtras, SaturatingMultiply) {
				SaturatingMultiplyTestHelper<uint8_t>();
				SaturatingMultiplyTestHelper<uint16_t>();
				SaturatingMultiplyTestHelper<uint32_t>();
				SaturatingMultiplyTestHelper<uint64_t>();
				}

	}			}