range: Replace internal representation of Range

Range represents a range as follows. Member @start is the inclusive
lower bound, member @end is the exclusive upper bound. Zero @end is
special: if @start is also zero, the range is empty, else @end is to
be interpreted as 2^64. No other empty ranges may occur.

The range [0,2^64-1] cannot be represented. If you try to create it
with range_set_bounds1(), you get the empty range instead. If you try
to create it with range_set_bounds() or range_extend(), assertions
fail. Before range_set_bounds() existed, the open-coded creation
usually got you the empty range instead. Open deathtrap.

Moreover, the code dealing with the janus-faced @end is too clever by
half.

Dumb this down to a more pedestrian representation: members @lob and
@upb are inclusive lower and upper bounds. The empty range is encoded
as @lob = 1, @upb = 0.

Backports commit 6dd726a2bf1b800289d90a84d5fcb5ce7b78a8e1 from qemu
This commit is contained in:
Markus Armbruster 2018-02-25 00:43:17 -05:00 committed by Lioncash
parent 8b2a0c4ece
commit eeef227560
No known key found for this signature in database
GPG key ID: 4E3C3CC1031BA9C7
2 changed files with 37 additions and 39 deletions

View file

@ -28,45 +28,46 @@
/*
* Operations on 64 bit address ranges.
* Notes:
* - ranges must not wrap around 0, but can include the last byte ~0x0LL.
* - this can not represent a full 0 to ~0x0LL range.
* - Ranges must not wrap around 0, but can include UINT64_MAX.
*/
/* A structure representing a range of addresses. */
struct Range {
uint64_t begin; /* First byte of the range, or 0 if empty. */
uint64_t end; /* 1 + the last byte. 0 if range empty or ends at ~0x0LL. */
/*
* Do not access members directly, use the functions!
* A non-empty range has @lob <= @upb.
* An empty range has @lob == @upb + 1.
*/
uint64_t lob; /* inclusive lower bound */
uint64_t upb; /* inclusive upper bound */
};
static inline void range_invariant(Range *range)
{
assert((!range->begin && !range->end) /* empty */
|| range->begin <= range->end - 1); /* non-empty */
assert(range->lob <= range->upb || range->lob == range->upb + 1);
}
/* Compound literal encoding the empty range */
// Unicorn: MSVC is in the stone-age and not C99/C11 compliant
//#define range_empty ((Range){ .begin = 0, .end = 0 })
//#define range_empty ((Range){ .lob = 0, .upb = 0 })
/* Is @range empty? */
static inline bool range_is_empty(Range *range)
{
range_invariant(range);
return !range->begin && !range->end;
return range->lob > range->upb;
}
/* Does @range contain @val? */
static inline bool range_contains(Range *range, uint64_t val)
{
return !range_is_empty(range)
&& val >= range->begin && val <= range->end - 1;
return val >= range->lob && val <= range->upb;
}
/* Initialize @range to the empty range */
static inline void range_make_empty(Range *range)
{
range->begin = 0;
range->end = 0;
range->lob = 0;
range->upb = 0;
assert(range_is_empty(range));
}
@ -75,14 +76,11 @@ static inline void range_make_empty(Range *range)
* Both bounds are inclusive.
* The interval must not be empty, i.e. @lob must be less than or
* equal @upb.
* The interval must not be [0,UINT64_MAX], because Range can't
* represent that.
*/
static inline void range_set_bounds(Range *range, uint64_t lob, uint64_t upb)
{
assert(lob <= upb);
range->begin = lob;
range->end = upb + 1; /* may wrap to zero, that's okay */
range->lob = lob;
range->upb = upb;
assert(!range_is_empty(range));
}
@ -95,8 +93,13 @@ static inline void range_set_bounds(Range *range, uint64_t lob, uint64_t upb)
static inline void range_set_bounds1(Range *range,
uint64_t lob, uint64_t upb_plus1)
{
range->begin = lob;
range->end = upb_plus1;
if (!lob && !upb_plus1) {
range->lob = 0;
range->upb = 0;
} else {
range->lob = lob;
range->upb = upb_plus1 - 1;
}
range_invariant(range);
}
@ -104,20 +107,18 @@ static inline void range_set_bounds1(Range *range,
static inline uint64_t range_lob(Range *range)
{
assert(!range_is_empty(range));
return range->begin;
return range->lob;
}
/* Return @range's upper bound. @range must not be empty. */
static inline uint64_t range_upb(Range *range)
{
assert(!range_is_empty(range));
return range->end - 1;
return range->upb;
}
/*
* Extend @range to the smallest interval that includes @extend_by, too.
* This must not extend @range to cover the interval [0,UINT64_MAX],
* because Range can't represent that.
*/
static inline void range_extend(Range *range, Range *extend_by)
{
@ -128,15 +129,14 @@ static inline void range_extend(Range *range, Range *extend_by)
*range = *extend_by;
return;
}
if (range->begin > extend_by->begin) {
range->begin = extend_by->begin;
if (range->lob > extend_by->lob) {
range->lob = extend_by->lob;
}
/* Compare last byte in case region ends at ~0x0LL */
if (range->end - 1 < extend_by->end - 1) {
range->end = extend_by->end;
if (range->upb < extend_by->upb) {
range->upb = extend_by->upb;
}
/* Must not extend to { .begin = 0, .end = 0 }: */
assert(!range_is_empty(range));
range_invariant(range);
}
/* Get last byte of a range from offset + length.

View file

@ -22,20 +22,18 @@
#include "qemu/range.h"
/*
* Operations on 64 bit address ranges.
* Notes:
* - ranges must not wrap around 0, but can include the last byte ~0x0LL.
* - this can not represent a full 0 to ~0x0LL range.
* Return -1 if @a < @b, 1 @a > @b, and 0 if they touch or overlap.
* Both @a and @b must not be empty.
*/
/* Return -1 if @a < @b, 1 if greater, and 0 if they touch or overlap. */
static inline int range_compare(Range *a, Range *b)
{
/* Zero a->end is 2**64, and therefore not less than any b->begin */
if (a->end && a->end < b->begin) {
assert(!range_is_empty(a) && !range_is_empty(b));
/* Careful, avoid wraparound */
if (b->lob && b->lob - 1 > a->upb) {
return -1;
}
if (b->end && a->begin > b->end) {
if (a->lob && a->lob - 1 > b->upb) {
return 1;
}
return 0;