From: Bernd Edlinger <bernd.edlinger@hotmail.de>
To: Jason Merrill <jason@redhat.com>
Cc: Florian Weimer <fw@deneb.enyo.de>,
"gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>,
Jeff Law <law@redhat.com>
Subject: Re: [PATCH] Make -Wint-in-bool-context warn on suspicious shift ops
Date: Thu, 29 Sep 2016 19:07:00 -0000 [thread overview]
Message-ID: <AM4PR0701MB216289DC52D6AA7A184F9821E4CE0@AM4PR0701MB2162.eurprd07.prod.outlook.com> (raw)
In-Reply-To: <CADzB+2kzJk5N5RctXS_SM1b2FKH8R8hAkbXK7RxzEtNaD2iqPg@mail.gmail.com>
On 09/29/16 20:03, Jason Merrill wrote:
> On Wed, Sep 28, 2016 at 12:09 PM, Bernd Edlinger
> <bernd.edlinger@hotmail.de> wrote:
>> On 09/28/16 16:41, Jason Merrill wrote:
>>> On Tue, Sep 27, 2016 at 11:10 AM, Bernd Edlinger
>>> <bernd.edlinger@hotmail.de> wrote:
>>>> On 09/27/16 16:42, Jason Merrill wrote:
>>>>> On Tue, Sep 27, 2016 at 10:28 AM, Bernd Edlinger
>>>>> <bernd.edlinger@hotmail.de> wrote:
>>>>>> On 09/27/16 16:10, Florian Weimer wrote:
>>>>>>> * Bernd Edlinger:
>>>>>>>
>>>>>>>>> “0 << 0” is used in a similar context, to create a zero constant for a
>>>>>>>>> multi-bit subfield of an integer.
>>>>>>>>>
>>>>>>>>> This example comes from GDB, in bfd/elf64-alpha.c:
>>>>>>>>>
>>>>>>>>> | insn = INSN_ADDQ | (16 << 21) | (0 << 16) | (0 << 0);
>>>>>>>>>
>>>>>>>>
>>>>>>>> Of course that is not a boolean context, and will not get a warning.
>>>>>>>>
>>>>>>>> Question is if "if (1 << 0)" is possibly a miss-spelled "if (1 < 0)".
>>>>>>>>
>>>>>>>> Maybe 1 and 0 come from macro expansion....
>>>>>>>
>>>>>>> But what's the intent of treating 1 << 0 and 0 << 0 differently in the
>>>>>>> patch, then?
>>>>>>
>>>>>> I am not sure if it was a good idea.
>>>>>>
>>>>>> I saw, we had code of the form
>>>>>> bool flag = 1 << 2;
>>>>>>
>>>>>> another value LOOKUP_PROTECT is 1 << 0, and
>>>>>> bool flag = 1 << 0;
>>>>>>
>>>>>> would at least not overflow the allowed value range of a boolean.
>>>>>
>>>>> Assigning a bit mask to a bool variable is still probably not what was
>>>>> intended, even if it doesn't change the value.
>>>>
>>>> That works for me too.
>>>> I can simply remove that exception.
>>>
>>> Sounds good.
>>
>> Great. Is that an "OK with that change"?
>
> What do you think about dropping the TYPE_UNSIGNED exception as well?
> I don't see what difference that makes.
>
If I drop that exception, then I could also drop the check for
INTEGER_TYPE and the whole if, because I think other types can not
happen, but if they are allowed they are as well bogus here.
I can try a bootstrap and see if there are false positives.
But I can do that as well in a follow-up patch, this should probably
be done step by step, especially when it may trigger some false
positives.
I think I could also add more stuff, like unary + or - ?
or maybe also binary +, -, * and / ?
We already discussed making this a multi-level option,
and maybe enabling the higher level explicitly in the
boot-strap.
As long as the warning continues to find more bugs than false
positives, it is probably worth extending it to more cases.
However unsigned integer shift are not undefined if they overflow.
It is possible that this warning will then trigger also on valid
code that does loop termination with unsigned int left shifting.
I dont have a real example, but maybe like this hypothetical C-code:
unsigned int x=1, bits=0;
while (x << bits) bits++;
printf("bits=%d\n", bits);
Is it OK for everybody to warn for this on -Wall, or maybe only
when -Wextra or for instance -Wint-in-bool-context=2 is used ?
Bernd.
next prev parent reply other threads:[~2016-09-29 18:53 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-25 9:14 Bernd Edlinger
2016-09-27 12:45 ` Jason Merrill
2016-09-27 12:58 ` Florian Weimer
2016-09-27 13:56 ` Bernd Edlinger
2016-09-27 14:34 ` Florian Weimer
2016-09-27 14:42 ` Bernd Edlinger
2016-09-27 14:51 ` Jason Merrill
2016-09-27 15:19 ` Bernd Edlinger
2016-09-28 14:44 ` Jason Merrill
2016-09-28 16:17 ` Bernd Edlinger
2016-09-29 18:10 ` Jason Merrill
2016-09-29 19:07 ` Bernd Edlinger [this message]
2016-09-29 20:08 ` Bernd Edlinger
2016-09-29 20:53 ` Jason Merrill
2016-09-30 7:05 ` Bernd Edlinger
2016-10-02 18:38 ` Jason Merrill
2016-10-08 17:40 ` Jason Merrill
2016-10-08 20:05 ` Bernd Edlinger
2016-10-09 2:42 ` Jason Merrill
2016-10-17 15:23 ` Markus Trippelsdorf
2016-10-17 16:51 ` Bernd Edlinger
2016-10-17 17:11 ` Markus Trippelsdorf
2016-10-17 17:30 ` Bernd Edlinger
2016-10-17 17:44 ` Markus Trippelsdorf
2016-10-18 17:04 ` Bernd Edlinger
2016-10-18 17:05 ` Joseph Myers
2016-10-18 18:14 ` Bernd Edlinger
2016-10-19 20:13 ` Jeff Law
2016-10-20 8:05 ` Markus Trippelsdorf
2016-10-20 14:00 ` Bernd Edlinger
2016-09-27 13:48 ` Michael Matz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM4PR0701MB216289DC52D6AA7A184F9821E4CE0@AM4PR0701MB2162.eurprd07.prod.outlook.com \
--to=bernd.edlinger@hotmail.de \
--cc=fw@deneb.enyo.de \
--cc=gcc-patches@gcc.gnu.org \
--cc=jason@redhat.com \
--cc=law@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).