This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Question on Undefined Right Shifts

From: Jeffrey Walton <noloader at gmail dot com>
To: gcc at gcc dot gnu dot org
Date: Tue, 19 Feb 2013 19:19:08 -0500
Subject: Question on Undefined Right Shifts
Reply-to: noloader at gmail dot com

Hi All,

I've been using John Regehr's Integer Overflow Checker (IOC) on a few
libraries. It is a Clang plug-in and can be found at
http://embed.cs.utah.edu/ioc/.

The checker has flagged two libraries I use for performing undefined
right shifts:

CLANG ARITHMETIC UNDEFINED at <./xxx, (595:22)> : Op: >>, Reason :
Unsigned Right Shift: Right operand is negative or is greater than or
equal to the width of the promoted left operand, BINARY OPERATION:
left (uint32): 2196358166 right (uint32): 32

The fix seems easy enough on the surface: simply validate the
parameters before performing the shift. However, that could introduce
a timing difference in the function.

How could one fix the issue without introducing timing differences?

Jeff

Follow-Ups:
- Re: Question on Undefined Right Shifts
  - From: Ian Lance Taylor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]