Add lint for checking exceeding bitshifts #17713

[hirschenberger]

Add lint for checking exceeding bitshifts #17713

It also const-evaluates the shift width (RHS) to check more complex shifts like 1u8 << (4+5).
The lint-level is set to Warn but perhaps it must be Deny as in llvm exceeding bitshifts are undefined as @ben0x539 stated in #17713

[thestinger]

It should be set to deny by default because it's always a logic error. The undefined behaviour issue is entirely separate from the concerns of a lint checking for it statically.

[hirschenberger]

Should I change the level to Deny?

r?

[thestinger]

@hirschenberger: I'll r+ it with the default set to Deny.

[hirschenberger]

@thestinger done.

[hirschenberger]

Perhaps we could spawn an extra lint message on negative shifts?

[thestinger]

@hirschenberger: AFAIK all shifts are currently by uint so there aren't really any negative shifts.

[hirschenberger]

@thestinger What do you think, should I add a check for negative shifts which also produce undefined behaviour in llvm

    let x = 1u8 << -2;

IL:

  %x = alloca i8
  store i8 undef, i8* %x

If yes, is it a completely new lint or the same with another message?

[thestinger]

@hirschenberger: The handling of indexing and bit shifts is very buggy. The bugs relating to generic integers should be fixed. It doesn't need a lint.

[thestinger]

this does not compile:

1u32 << -1i

this compiles, as if it inferred uint, but really uses int:

1u32 << -1

the same problem occurs in indexing

[hirschenberger]

Ok, then the Problem will solve itself in the Future©

[hirschenberger]

@thestinger hmm, what about the failing test? it relies on undefined behaviour, I think it is invalid.

[hirschenberger]

Fixed failing test
r?

[hirschenberger]

@thestinger Would you please r+ my fixes?

[hirschenberger]

@thestinger Damn, renamed lint. I hope it's now ready to land

[hirschenberger]

Next try to get this landed, it seems was a buildbot problem
r?

[ben0x539]

Shouldn't 1u8 << 8 already trigger the lint, not just << 9? From http://llvm.org/docs/LangRef.html#shl-instruction: "If op2 is (statically or dynamically) negative or equal to or larger than the number of bits in op1, the result is undefined."

[hirschenberger]

Oh, good hint. Look at the IR for

http://is.gd/OkCRea

  %n = alloca i8
  %n1 = alloca i8
  %n2 = alloca i8
  store i8 -128, i8* %n
  store i8 undef, i8* %n1
  store i8 undef, i8* %n2
  ret void

I'll change my code to catch the equal bits case.

2014-11-03 15:17 GMT+01:00 Benjamin Herr notifications@github.com:

Shouldn't 1u8 << 8 already trigger the lint, not just << 9? From
http://llvm.org/docs/LangRef.html#shl-instruction: "If op2 is (statically
or dynamically) negative or equal to or larger than the number of bits
in op1, the result is undefined."

—
Reply to this email directly or view it on GitHub
#18206 (comment).