This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Question on Undefined Right Shifts

From: Ian Lance Taylor <iant at google dot com>
To: noloader at gmail dot com
Cc: gcc at gcc dot gnu dot org
Date: Tue, 19 Feb 2013 17:52:18 -0800
Subject: Re: Question on Undefined Right Shifts
References: <CAH8yC8nVvUV_SfbpGtrX4kRnM1-TCGOc_Yn7o__VZWdpZbgPBA@mail.gmail.com>

On Tue, Feb 19, 2013 at 4:19 PM, Jeffrey Walton <noloader@gmail.com> wrote:
>
> I've been using John Regehr's Integer Overflow Checker (IOC) on a few
> libraries. It is a Clang plug-in and can be found at
> http://embed.cs.utah.edu/ioc/.
>
> The checker has flagged two libraries I use for performing undefined
> right shifts:
>
> CLANG ARITHMETIC UNDEFINED at <./xxx, (595:22)> : Op: >>, Reason :
> Unsigned Right Shift: Right operand is negative or is greater than or
> equal to the width of the promoted left operand, BINARY OPERATION:
> left (uint32): 2196358166 right (uint32): 32
>
> The fix seems easy enough on the surface: simply validate the
> parameters before performing the shift. However, that could introduce
> a timing difference in the function.
>
> How could one fix the issue without introducing timing differences?

As the saying goes, I can write code that runs as fast as you like, if
it doesn't have to be correct.

If you care about the result of the shift, you need to ensure that the
right operand is within bounds, one way or another.

Ian

Follow-Ups:
- Re: Question on Undefined Right Shifts
  - From: Jeffrey Walton

References:
- Question on Undefined Right Shifts
  - From: Jeffrey Walton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]