From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=9VWM=6X=arm.com=richard.sandiford@sourceware.org>
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
	by sourceware.org (Postfix) with ESMTP id 062E63858D32
	for <gcc-patches@gcc.gnu.org>; Mon, 27 Feb 2023 20:43:30 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 062E63858D32
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D5D76C14;
	Mon, 27 Feb 2023 12:44:12 -0800 (PST)
Received: from localhost (e121540-lin.manchester.arm.com [10.32.99.50])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 083FD3F881;
	Mon, 27 Feb 2023 12:43:28 -0800 (PST)
From: Richard Sandiford <richard.sandiford@arm.com>
To: Jakub Jelinek <jakub@redhat.com>
Mail-Followup-To: Jakub Jelinek <jakub@redhat.com>,Richard Biener <rguenther@suse.de>,  gcc-patches@gcc.gnu.org,  Segher Boessenkool <segher@kernel.crashing.org>, richard.sandiford@arm.com
Cc: Richard Biener <rguenther@suse.de>,  gcc-patches@gcc.gnu.org,  Segher Boessenkool <segher@kernel.crashing.org>
Subject: Re: [PATCH] optabs: Fix up expand_doubleword_shift_condmove for shift_mask == 0 [PR108803]
References: <Y+9TodOHE09e9Vwq@tucnak> <mpth6v7ruks.fsf@arm.com>
	<Y/0ATZRIRTt76W7B@tucnak> <mpt7cw2rio6.fsf@arm.com>
	<Y/0McLSL4kNVA6Up@tucnak>
Date: Mon, 27 Feb 2023 20:43:27 +0000
In-Reply-To: <Y/0McLSL4kNVA6Up@tucnak> (Jakub Jelinek's message of "Mon, 27
	Feb 2023 21:02:56 +0100")
Message-ID: <mptzg8yq1ow.fsf@arm.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-28.7 required=5.0 tests=BAYES_00,KAM_DMARC_NONE,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

Jakub Jelinek <jakub@redhat.com> writes:
> On Mon, Feb 27, 2023 at 07:51:21PM +0000, Richard Sandiford wrote:
>> I think RTL and gimple are different in that respect.
>> SHIFT_COUNT_TRUNCATED's effect on shifts is IMO a bit like
>> CTZ_DEFINED_VALUE_AT_ZERO's effect on CTZ: it enumerates common
>> target-specific behaviour, but doesn't turn invalid/should-not-be-evaluated
>> values into valid values.  Not defining SHIFT_COUNT_TRUNCATED is like
>> defining CTZ_DEFINED_VALUE_AT_ZERO to 0.
>> 
>> The docs say:
>> 
>>   Note that regardless of this macro the ``definedness'' of @code{clz}
>>   and @code{ctz} at zero do @emph{not} extend to the builtin functions
>>   visible to the user.  Thus one may be free to adjust the value at will
>>   to match the target expansion of these operations without fear of
>>   breaking the API@.
>> 
>> So for CTZ this really is an RTL thing, which can leak into gimple
>> through ifns.  I'd argue that the same is true for SHIFT_COUNT_TRUNCATED
>> and conditional shifts like COND_SHL: normal gimple shifts aren't guaranteed
>> to honour SHIFT_COUNT_TRUNCATED, but COND_SHL should be.
>
> I understand that if SHIFT_COUNT_TRUNCATED 1 is defined, then formerly
> out of bounds shift is well defined on RTL. after all, for
> SHIFT_COUNT_TRUNCATED the generic code removes shift count masking as
> redundant, so code without UB in the source could otherwise appear to have
> UB on RTL.
> The question is what happens with SHIFT_COUNT_TRUNCATED 0 or
> C?Z_DEFINED_VALUE_AT_ZERO 0, if encountering the RTL with invalid operand(s)
> is undefined behavior, or simply undefined value but no other side-effects.
> There are many RTL expressions which invoke on invalid values really
> undefined behavior, it can crash the program etc.  The question is if
> out of bounds shifts are like that too or not.  Ditto for CLZ/CTZ.

My argument was that !SHIFT_COUNT_TRUNCATED and
C?Z_DEFINED_VALUE_AT_ZERO==0 mean that the behaviour is undefined
only in the sense that target-independent code doesn't know what
the behaviour is.  !SHIFT_COUNT_TRUNCATED doesn't mean that
target-independent code can assume that out-of-range shift values
invoke program UB (and therefore target-independent code can optimise
shifts on the principle that all shifts are in-range).  Similarly
CTZ_DEFINED_VALUE_AT_ZERO==0 doesn't mean the corresponding thing for CTZ.

If !SHIFT_COUNT_TRUNCATED meant that all out-of-range shifts are UB then:

	    wide_int wop1 = pop1;
	    if (SHIFT_COUNT_TRUNCATED)
	      wop1 = wi::umod_trunc (wop1, GET_MODE_PRECISION (int_mode));
	    else if (wi::geu_p (wop1, GET_MODE_PRECISION (int_mode)))
	      return NULL_RTX;

in simplify_const_binary_operation wouldn't be necessary.  We could
just fold constant shifts in the SHIFT_COUNT_TRUNCATED way for all
values, like wide_int_binop folds all nonnegative shifts on trees.

As I say, arm_emit_coreregs_64bit_shift relies on being able to create
RTL shifts whose counts might be out-of-range (to a certain degree),
because the arm port knows how arm shifts behave.  Treating the
out-of-range shifts as UB would break the DI shift expansions.

Thanks,
Richard