From 6bfa0d9ab0203ca02daa0c240603bdb87108e0b5 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Wed, 21 Sep 2016 21:50:02 -0400 Subject: [PATCH] Cleared Coverity finding CID 170383 (INTEGER_OVERFLOW) (295) ModPowerOf2 was changed to include a saturating subtract. Unintuitively, the code got faster rather than slower. The saturating operation appears to have helped the optimizer --- misc.h | 61 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/misc.h b/misc.h index 7394cc1f..3dfff68f 100644 --- a/misc.h +++ b/misc.h @@ -827,6 +827,35 @@ inline bool IsPowerOf2(const word64 &value) # endif #endif +//! \brief Performs a saturating subtract clamped at 0 +//! \param a the minuend +//! \param b the subtrahend +//! \returns the difference produced by the saturating subtract +//! \details Saturating arithmetic restricts results to a fixed range. Results that are less than 0 are clamped at 0. +//! \details Use of saturating arithmetic in places can be advantageous because it can +//! avoid a branch by using an instruction like a conditional move (CMOVE). +template +inline T1 SaturatingSubtract(const T1 &a, const T2 &b) +{ + // Generated ASM of a typical clamp, http://gcc.gnu.org/ml/gcc-help/2014-10/msg00112.html + return T1((a > b) ? (a - b) : 0); +} + +//! \brief Performs a saturating subtract clamped at 1 +//! \param a the minuend +//! \param b the subtrahend +//! \returns the difference produced by the saturating subtract +//! \details Saturating arithmetic restricts results to a fixed range. Results that are less than +//! 1 are clamped at 1. +//! \details Use of saturating arithmetic in places can be advantageous because it can +//! avoid a branch by using an instruction like a conditional move (CMOVE). +template +inline T1 SaturatingSubtract1(const T1 &a, const T2 &b) +{ + // Generated ASM of a typical clamp, http://gcc.gnu.org/ml/gcc-help/2014-10/msg00112.html + return T1((a > b) ? (a - b) : 1); +} + //! \brief Reduces a value to a power of 2 //! \param a the first value //! \param b the second value @@ -837,7 +866,8 @@ template inline T2 ModPowerOf2(const T1 &a, const T2 &b) { CRYPTOPP_ASSERT(IsPowerOf2(b)); - return T2(a) & (b-1); + // Coverity finding CID 170383 Overflowed return value (INTEGER_OVERFLOW) + return T2(a) & SaturatingSubtract(b,1); } //! \brief Rounds a value down to a multiple of a second value @@ -959,35 +989,6 @@ inline bool NativeByteOrderIs(ByteOrder order) return order == GetNativeByteOrder(); } -//! \brief Performs a saturating subtract clamped at 0 -//! \param a the minuend -//! \param b the subtrahend -//! \returns the difference produced by the saturating subtract -//! \details Saturating arithmetic restricts results to a fixed range. Results that are less than 0 are clamped at 0. -//! \details Use of saturating arithmetic in places can be advantageous because it can -//! avoid a branch by using an instruction like a conditional move (CMOVE). -template -inline T1 SaturatingSubtract(const T1 &a, const T2 &b) -{ - // Generated ASM of a typical clamp, http://gcc.gnu.org/ml/gcc-help/2014-10/msg00112.html - return T1((a > b) ? (a - b) : 0); -} - -//! \brief Performs a saturating subtract clamped at 1 -//! \param a the minuend -//! \param b the subtrahend -//! \returns the difference produced by the saturating subtract -//! \details Saturating arithmetic restricts results to a fixed range. Results that are less than -//! 1 are clamped at 1. -//! \details Use of saturating arithmetic in places can be advantageous because it can -//! avoid a branch by using an instruction like a conditional move (CMOVE). -template -inline T1 SaturatingSubtract1(const T1 &a, const T2 &b) -{ - // Generated ASM of a typical clamp, http://gcc.gnu.org/ml/gcc-help/2014-10/msg00112.html - return T1((a > b) ? (a - b) : 1); -} - //! \brief Returns the direction the cipher is being operated //! \param obj the cipher object being queried //! \returns \p ENCRYPTION if the cipher obj is being operated in its forward direction,