Date: Fri, 19 Jan 2018 14:56:54 +0000 From: David Chisnall <theraven@FreeBSD.org> To: cem@freebsd.org Cc: Benjamin Kaduk <bjkfbsd@gmail.com>, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328159 - head/sys/modules Message-ID: <244014BB-C492-48A9-9F28-0A5E713DE5EB@FreeBSD.org> In-Reply-To: <CAG6CVpWVstTHW2OkNTu9Yj7eZgcFNUvyZhB-P6EOB1gwLOcuBQ@mail.gmail.com> References: <201801190434.w0J4Y6i7086677@repo.freebsd.org> <CAJ5_RoAhGgkQTLXgHpYYOiupA=c6wK%2BpeAdT0Zjaw0n-ggAd1g@mail.gmail.com> <CAG6CVpVhLcY5ohnHW32raKic7MT5Q%2B7C9EA9dzwpQvbUXVH%2Big@mail.gmail.com> <CAJ5_RoDQqBkPoDh5RH452zswKTX34O5eYeimGUwBps50FHE3Hw@mail.gmail.com> <CAG6CVpWVstTHW2OkNTu9Yj7eZgcFNUvyZhB-P6EOB1gwLOcuBQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 Jan 2018, at 05:07, Conrad Meyer <cem@FreeBSD.org> wrote: >=20 > The spec says the behavior is undefined; not that the compiler has to > produce a warning or error message. The compiler *does* get to > arbitrarily decide what it wants to do when it encounters UB. It is > wholly free to implement this particular UB with the logical result > and no warning/error. First, you are not correct that the only logical outcome of a shift of = greater than the width of a type is 0. In C, a right-shift of a signed = type propagates the sign bit. Right shifting a negative 32-bit int by = 16 and then again by 16 is not undefined behaviour (though doing the = shift as a single operation is) and will give you a value of -1. The spec says that it is undefined, because on some architectures there = is a right-shift instructions that produces non-zero values when = instructed to shift right more than the width of the value. A shift of greater than the width of the size requires special handling = in the compiler for some architectures and is always a logic error. = This gives two cases: Either the compiler can statically prove that the = value is too large, or it is not. Because the C spec says that it is = undefined, if the compiler cannot prove that the value is too large, = then it is free to assume that it isn=E2=80=99t. This means that the = back end can always emit instructions that produce unspecified values = for larger ranges. The compiler is free to do anything it wants in the case of UB, = including make monkeys fly out of your nose. Telling you that you have = done something obviously stupid is generally considered better than just = generating wrong code. David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?244014BB-C492-48A9-9F28-0A5E713DE5EB>