Re: [PATCH bpf-next 1/4] bpf: Improve bounds when s64 crosses sign boundary

Eduard Zingerman <eddyz87@xxxxxxxxx> · Mon, 21 Jul 2025 14:29:36 -0700

On Sat, 2025-07-19 at 16:22 +0200, Paul Chaignon wrote:

Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>

[...]

> +		/* If the s64 range crosses the sign boundary, then it's split
> +		 * between the beginning and end of the U64 domain. In that
> +		 * case, we can derive new bounds if the u64 range overlaps
> +		 * with only one end of the s64 range.
> +		 *
> +		 * In the following example, the u64 range overlaps only with
> +		 * positive portion of the s64 range.
> +		 *
> +		 * 0                                                   U64_MAX
> +		 * |  [xxxxxxxxxxxxxx u64 range xxxxxxxxxxxxxx]              |
> +		 * |----------------------------|----------------------------|
> +		 * |xxxxx s64 range xxxxxxxxx]                       [xxxxxxx|
> +		 * 0                     S64_MAX S64_MIN                    -1
> +		 *
> +		 * We can thus derive the following new s64 and u64 ranges.
> +		 *
> +		 * 0                                                   U64_MAX
> +		 * |  [xxxxxx u64 range xxxxx]                               |
> +		 * |----------------------------|----------------------------|
> +		 * |  [xxxxxx s64 range xxxxx]                               |
> +		 * 0                     S64_MAX S64_MIN                    -1
> +		 *
> +		 * If they overlap in two places, we can't derive anything
> +		 * because reg_state can't represent two ranges per numeric
> +		 * domain.
> +		 *
> +		 * 0                                                   U64_MAX
> +		 * |  [xxxxxxxxxxxxxxxxx u64 range xxxxxxxxxxxxxxxxx]        |
> +		 * |----------------------------|----------------------------|
> +		 * |xxxxx s64 range xxxxxxxxx]                    [xxxxxxxxxx|
> +		 * 0                     S64_MAX S64_MIN                    -1
> +		 *
> +		 * The first condition below corresponds to the diagram above.
> +		 * The second condition considers the case where the u64 range
> +		 * overlaps with the negative porition of the s64 range.
> +		 */
> +		if (reg->umax_value < (u64)reg->smin_value) {
> +			reg->smin_value = (s64)reg->umin_value;
> +			reg->umax_value = min_t(u64, reg->umax_value, reg->smax_value);
> +		} else if ((u64)reg->smax_value < reg->umin_value) {

Nit: I'd add a drawing here as well:

		 * 0                                                   U64_MAX
		 * |              [xxxxxxxxxxxxxx u64 range xxxxxxxxxxxxxx]  |
		 * |----------------------------|----------------------------|
		 * |xxxxxxxxx]                       [xxxxxxxxxxxx s64 range |
		 * 0                     S64_MAX S64_MIN                    -1

> +			reg->smax_value = (s64)reg->umax_value;
> +			reg->umin_value = max_t(u64, reg->umin_value, reg->smin_value);
> +		}
>  	}
>  }
>  