anv/grl: add some validation that we're not going to overflow

Coverity has spotted a place where we could in theory overflow. In reality it wont happen as the potential overflow is a bitfield with a maximum of two values. Add an `assume()` statement to help out the compiler and document our assumption. fixes: dc1aedef2b Reviewed-by: Kenneth Graunke <kenneth@whitecape.org> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/29825> (cherry picked from commit dc604f340a)
2026-01-19 02:20:27 +01:00 · 2024-06-20 13:34:10 -07:00 · 2024-06-20 13:34:10 -07:00 · 7ea0c538e3
commit 7ea0c538e3
parent 0f423474b8
2 changed files with 7 additions and 2 deletions
--- a/.pick_status.json
+++ b/.pick_status.json
@ -134,7 +134,7 @@
        "description": "anv/grl: add some validation that we're not going to overflow",
        "nominated": true,
        "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
        "main_sha": null,
        "because_sha": "dc1aedef2bd054884685ad971a3ef5be07ecd101",
        "notes": null
--- a/src/intel/vulkan/grl/grl_metakernel_gen.py
+++ b/src/intel/vulkan/grl/grl_metakernel_gen.py
@ -239,8 +239,13 @@ class Expression(SSAStatement):

    def write_c(self, w):
        if self.zone == 'cpu':
-            w.write('uint64_t {} = ', self.c_name)
            c_cpu_vals = [s.c_cpu_val() for s in self.srcs]
+            # There is one bitfield that is a uint64_t, but only holds 2 bits.
+            # In practice we won't overflow, but let's help the compiler (and
+            # coverity) out here.
+            if self.op == '<<':
+                w.write(f'assume({c_cpu_vals[0]} < (1 << 8));')
+            w.write('uint64_t {} = ', self.c_name)
            if len(self.srcs) == 1:
                w.write('({} {})', self.op, c_cpu_vals[0])
            elif len(self.srcs) == 2: