On 17 November 2015 at 09:59, Paolo Bonzini <pbonz...@redhat.com> wrote: > There's no reason for the compiler to exploit the undefinedness of left > shifts, In fact GCC explicitly documents that they do not use at all > all this possibility. They also say this is subject to change, but > they have been saying this for 10 years (since the wording appeared in > the GCC 4.0 manual). > > Any workaround for this particular case of undefined behavior uglifies > the code: using unsigned is unsafe because the value becomes positive > when extended; using -(a << b) does not express as well that the > intention is to compute -a * 2^N. > > Clang has just added an obnoxious, pointless, *totally useless*, unsafe > warning about this. It's obnoxious and pointless because the compiler > is not using the latitude that the standard gives it, so it just adds > noise. It is useless and unsafe because it does not catch the widely > more common case where the LHS is a variable, and thus gives a false > sense of security.
I think we should only take this patch if you can get a cast-iron guarantee from both clang and gcc that they will never use this UB to drive optimizations. As you say gcc already say this more or less, but clang doesn't, and if they're warning about it that to me suggests that they will feel freer to rely on the UB in future. GCC is not our only supported compiler; UB is a real thing that compilers in general take advantage of; we should be trying to reduce our reliance on UB, not carving out extra areas where we feel free to use it. thanks -- PMM
