From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45062)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1WPutG-0000y1-7p
	for qemu-devel@nongnu.org; Tue, 18 Mar 2014 10:21:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1WPut7-0008OD-Q4
	for qemu-devel@nongnu.org; Tue, 18 Mar 2014 10:21:14 -0400
Received: from mail-qc0-x22b.google.com ([2607:f8b0:400d:c01::22b]:33440)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1WPut7-0008O4-La
	for qemu-devel@nongnu.org; Tue, 18 Mar 2014 10:21:05 -0400
Received: by mail-qc0-f171.google.com with SMTP id c9so1961188qcz.2
	for <qemu-devel@nongnu.org>; Tue, 18 Mar 2014 07:21:05 -0700 (PDT)
Sender: Richard Henderson <rth7680@gmail.com>
Message-ID: <5328564A.8060409@twiddle.net>
Date: Tue, 18 Mar 2014 07:20:58 -0700
From: Richard Henderson <rth@twiddle.net>
MIME-Version: 1.0
References: <CAFEAcA-i-=c9tW6jX__mB1QqdLPtEt24HisBbbv+iqY0Bsd7vw@mail.gmail.com>
In-Reply-To: <CAFEAcA-i-=c9tW6jX__mB1QqdLPtEt24HisBbbv+iqY0Bsd7vw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] target-i386: guest variable shift by 0 provokes
	shift by -1
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>, QEMU Developers <qemu-devel@nongnu.org>

On 03/18/2014 05:33 AM, Peter Maydell wrote:
>  ---- 0x7fe9a5f
>  82  mov_i64 tmp1,rcx
>  83  mov_i64 tmp0,rax
>  84  movi_i64 tmp13,$0x1f
>  85  and_i64 tmp1,tmp1,tmp13
>  86  movi_i64 tmp13,$0x1
>  87  sub_i64 tmp3,tmp1,tmp13
>  88  shl_i64 tmp3,tmp0,tmp3
>  89  shl_i64 tmp0,tmp0,tmp1
>  90  ext32u_i64 rax,tmp0
>  91  movi_i64 tmp13,$0x0
>  92  mov_i64 cc_dst,tmp0
>  93  mov_i64 cc_src,tmp3
>  94  movi_i32 tmp5,$0x24
>  95  movi_i32 tmp6,$0x31
>  96  movi_i32 tmp11,$0x0
>  97  mov_i32 tmp12,tmp1
>  98  movcond_i32 cc_op,tmp12,tmp11,tmp5,tmp6,ne
> 
> In this case the constant propagation code is smart
> enough to figure out that tmp1 is always zero at op 85,
> and therefore tmp3 is -1 at op 87. It then tries to use
> the shift constant of -1 in C when looking at op 88, and
> clang complains about the C undefined behaviour.

The tcg ops are fine here.

We've determined that cc_dst and cc_src are not live at the moment, since the
xor set cc_op to CC_OP_CLR which does not use them.  We optimistically store
into them, and then conditionally store into cc_op itself at the end.

So the shift is undefined (even by tcg's rules), but the result is unused.

So the complaint must be within tcg/optimizer.c?  We can shut up clang by
masking the shift operand while performing constant folding.


r~