[Qemu-devel] [PATCH for 2.5] QEMU does not care about left shifts of signed negative values

[Paolo Bonzini <pbonzini@redhat.com>]

There's no reason for the compiler to exploit the undefinedness of left
shifts, In fact GCC explicitly documents that they do not use at all
all this possibility.  They also say this is subject to change, but
they have been saying this for 10 years (since the wording appeared in
the GCC 4.0 manual).

Any workaround for this particular case of undefined behavior uglifies
the code: using unsigned is unsafe because the value becomes positive
when extended; using -(a << b) does not express as well that the
intention is to compute -a * 2^N.

Clang has just added an obnoxious, pointless, *totally useless*, unsafe
warning about this.  It's obnoxious and pointless because the compiler
is not using the latitude that the standard gives it, so it just adds
noise.  It is useless and unsafe because it does not catch the widely
more common case where the LHS is a variable, and thus gives a false
sense of security.

The noisy nature of the warning means that it should have never been
added to -Wall.  The uselessness means that it probably should not
have even been added to -Wextra.

Document this explicitly, and shut up the stupid warning.
</rant>

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 HACKING   | 4 ++++
 configure | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/HACKING b/HACKING
index 12fbc8a..ece6d5b 100644
--- a/HACKING
+++ b/HACKING
@@ -157,3 +157,7 @@ painful. These are:
  * you may assume that integers are 2s complement representation
  * you may assume that right shift of a signed integer duplicates
    the sign bit (ie it is an arithmetic shift, not a logical shift)
+
+In addition, QEMU assumes that the compiler does not use the latitude
+given in C99 and C11 to treat aspects of signed '<<' as undefined, as
+documented in the GNU Compiler Collection manual starting at version 4.0.
diff --git a/configure b/configure
index 6bfa6f5..e54c2ed 100755
--- a/configure
+++ b/configure
@@ -1428,7 +1428,7 @@ fi
 gcc_flags="-Wold-style-declaration -Wold-style-definition -Wtype-limits"
 gcc_flags="-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers $gcc_flags"
 gcc_flags="-Wmissing-include-dirs -Wempty-body -Wnested-externs $gcc_flags"
-gcc_flags="-Wendif-labels $gcc_flags"
+gcc_flags="-Wendif-labels -Wno-shift-negative-value $gcc_flags"
 gcc_flags="-Wno-initializer-overrides $gcc_flags"
 gcc_flags="-Wno-string-plus-int $gcc_flags"
 # Note that we do not add -Werror to gcc_flags here, because that would
-- 
2.5.0