svn commit: r328159 - head/sys/modules

[David Chisnall]

On 19 Jan 2018, at 05:07, Conrad Meyer <cem at FreeBSD.org> wrote:
> 
> The spec says the behavior is undefined; not that the compiler has to
> produce a warning or error message.  The compiler *does* get to
> arbitrarily decide what it wants to do when it encounters UB.  It is
> wholly free to implement this particular UB with the logical result
> and no warning/error.

First, you are not correct that the only logical outcome of a shift of greater than the width of a type is 0.  In C, a right-shift of a signed type propagates the sign bit.  Right shifting a negative 32-bit int by 16 and then again by 16 is not undefined behaviour (though doing the shift as a single operation is) and will give you a value of -1.

The spec says that it is undefined, because on some architectures there is a right-shift instructions that produces non-zero values when instructed to shift right more than the width of the value.

A shift of greater than the width of the size requires special handling in the compiler for some architectures and is always a logic error.  This gives two cases: Either the compiler can statically prove that the value is too large, or it is not.  Because the C spec says that it is undefined, if the compiler cannot prove that the value is too large, then it is free to assume that it isn’t.  This means that the back end can always emit instructions that produce unspecified values for larger ranges.

The compiler is free to do anything it wants in the case of UB, including make monkeys fly out of your nose.  Telling you that you have done something obviously stupid is generally considered better than just generating wrong code.

David