On 5 June 2015 at 16:02, Paolo Bonzini <pbonz...@redhat.com> wrote: > > > On 05/06/2015 16:40, Peter Maydell wrote: >> > Speaking in general, I find that this makes code worse. If you're using >> > ~0 you probably want the value to extend with infinite ones. >> > >> > Using ~0u instead of ~0ull may cause problems down the line, and ~0ul >> > is even worse because it is not 64-bit safe. >> >> I agree that C's semantics are terrible here (ideally >> left shift of negative values should Just Work in the 2s >> complement style, and right shift of negative values should >> be an arithmetic shift). Unfortunately we're stuck with >> the standard, which says this is undefined behaviour :-( > > But this is not something that C compiler writers can reasonably change.
Right, which is why we need to change our code to not invoke undefined behaviour. (More generally, C compiler writers can agitate with the C standards bodies to get ideas like "friendly C" dialects accepted, http://blog.regehr.org/archives/1180, and they can provide them as vendor extensions too.) > Can someone add a checkpatch rule that forbids shifting left U or UL > constants (i.e. only ULL)? That would alleviate my concerns with these > ubsan warnings. ...but things like "(1U << 31)" are entirely valid. That's the reason these warnings are runtime rather than compile time in the first place... thanks -- PMM
