[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts
From: |
Markus Armbruster |
Subject: |
Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values |
Date: |
Tue, 17 Nov 2015 18:39:10 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Paolo Bonzini <address@hidden> writes:
> It seems like there's no good reason for the compiler to exploit the
> undefinedness of left shifts. GCC explicitly documents that they do not
> use at all this possibility and, while they also say this is subject
> to change, they have been saying this for 10 years (since the wording
> appeared in the GCC 4.0 manual).
>
> Any workaround for this particular case of undefined behavior uglifies the
> code. Using unsigned is unsafe (https://github.com/madler/zlib/pull/112
> is the proof) because the value becomes positive when extended; -(a << b)
> works but does not express that the intention is to compute -a * 2^N,
> especially if "a" is a constant.
>
> <rant>
> The straw that broke the camel back is Clang's latest obnoxious,
> pointless, unsafe---and did I mention *totally* useless---warning about
> left shifting a negative integer. It's obnoxious and pointless because
> the compiler is not using the latitude that the standard gives it, so
> the warning just adds noise. It is useless and unsafe because it does
> not catch the widely more common case where the LHS is a variable, and
> thus gives a false sense of security. The noisy nature of the warning
> means that it should have never been added to -Wall. The uselessness
> means that it probably should not have even been added to -Wextra.
>
> (It would have made sense to enable the warning for -fsanitize=shift,
> as the program would always crash if the point is reached. But this was
> probably too sophisticated to come up with, when you're so busy giving
> birth to gems such as -Wabsolute-value).
> </rant>
>
> Ubsan also has warnings for undefined behavior of left shifts. Checks for
> left shift overflow and left shift of negative numbers, unfortunately,
> cannot be silenced without also silencing the useful ones about out-of-range
> shift amounts. -fwrapv ought to shut them up, but doesn't yet
> (https://llvm.org/bugs/show_bug.cgi?id=25552; I am taking care of fixing
> the same issues in GCC). Luckily ubsan is optional, and the easy
> workaround is to use -fsanitize-recover.
>
> Anyhow, this patch documents our assumptions explicitly, and shuts up the
> stupid warning. -fwrapv is a bit of a heavy hammer, but it is the safest
> option and it ought to just work long term as the compilers improve.
The kernel switched from -fwrapv to -fno-strict-overflow in '09, because
-fwrapv was buggy in gcc 4.1 (already old then, completely irrelevant
now), and because it "seems to be much less disturbing to gcc too: the
difference in the generated code by -fno-strict-overflow are smaller
(compared to using neither flag) than when using -fwrapv", which may or
may not be still the case with compilers that matter today.
Could you briefly explain why you picked -fwrapv and not
-fno-strict-overflow?
> Thanks to everyone involved in the discussion!
>
> Cc: Peter Maydell <address@hidden>
> Cc: Markus Armbruster <address@hidden>
> Cc: Laszlo Ersek <address@hidden>
> Signed-off-by: Paolo Bonzini <address@hidden>
- [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Paolo Bonzini, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values,
Markus Armbruster <=
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Paolo Bonzini, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Peter Maydell, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Paolo Bonzini, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Peter Maydell, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Paolo Bonzini, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Peter Maydell, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Markus Armbruster, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Paolo Bonzini, 2015/11/17
- Re: [Qemu-devel] [PATCH v2 for 2.5] QEMU does not care about left shifts of signed negative values, Markus Armbruster, 2015/11/17