| Re: [hatari-devel] undefined behaviour fixes |
[ Thread Index |
Date Index
| More lists.tuxfamily.org/hatari-devel Archives
]
- To: hatari-devel@xxxxxxxxxxxxxxxxxxx
- Subject: Re: [hatari-devel] undefined behaviour fixes
- From: Thomas Huth <th.huth@xxxxxxxxx>
- Date: Sat, 18 Jan 2025 11:29:28 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1737199770; bh=Fh3zrOKP95c8HYPiTzed5E+ykJp82Akxz3Ngwl7Ruxw=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding:From; b=a20es++UjUqMxT92lt+Qdq46/DbaktKKTZj48T4nohK6YBJSr3RfTa1wK8Pjk+HO/ BKLSYME2yXsXMGPawJGpJsbHegvEc95RzlREIjKi13cTSPhoA8yqZYIO+BQZX9azcY HIa9jQs6aFyz4WeiEloC44SujtccGaxb5Pv3b/ew4T/OUo9AhGf9UGZfaGq8LB2ZQl yX1eTMiTRFOgsogrpPz/L5+Nrs9KSgCgzNm/WYBUaEpW+TsxhYkyJbVrFu6fMCXkwX UiuQjS5OlwdclxLgt4RCHvwHzd/JDSWpovk7A2p4xwYcKsjqdWp9O544187jimzq1+ lY/Wu6kAi7u+w==
Am Wed, 15 Jan 2025 15:40:07 -0800
schrieb David Savinkoff <dsavnkff@xxxxxxxxx>:
> On Sun, Jan 12, 2025 at 5:34 AM Nicolas Pomarède <npomarede@xxxxxxxxxxxx> wrote:
> >
> > Le 12/01/2025 à 13:56, Thomas Huth a écrit :
> > > Am Sat, 11 Jan 2025 13:10:51 -0800
> > > schrieb David Savinkoff <dsavnkff@xxxxxxxxx>:
> > >
> > >> Hi,
> > >> This filter's function call is passed an int16_t and returns an int16_t.
> > >> The filter calculates using int32_t so that there is no possibility of
> > >> shifting too much.
> > >
> > > This is not about shifting too much, it's about shifting signed (negative)
> > > values which is undefined behavior in C.
> > >
> > >> This is why there is no warning.
> > >
> > > There is a warning when compiling with "-fsanitize=undefined".
> > >
> > >> I love the 1 clock cycle barrel shifter in non-legacy CPUs.
> > >
> > > I think modern C compilers are smart enough to convert multiplications by
> > > 32768 into the corresponding shift assembly instruction.
> > >
> >
> > Hi
> >
> > After reading several specs / use cases here and there, it seems indeed
> > a better way to not use shift operators when the involved variable is
> > negative.
> >
> > C specs warns about several "undefined" behaviour that we can't handle
> > in our code, but on the other hand any modern C compiler should know
> > when a multiplication / division is a power of 2 and adjust the
> > resulting asm code to use arithmetic shift if the variable is signed.
> >
> > So, I'm also in favor of dropping << / >> in sound.c ; it will certainly
> > be optimised to "ASR/ASL" equivalent by the compiler, and even if not,
> > this part in sound.c is rather small performance-wise compared to the
> > whole cpu and video emulation, so I'm not even sure loss of performance
> > here would be visible in the end.
> >
> > Nicolas
> >
>
> Hi,
> Using signed multiplies in this code allows this code to work with
> one's complement, and signed magnitude CPUs. I thought Hatari
> is small endian / big endian, and two's complement only.
> Note that signed integer, arithmetic left/right shifting of negative
> numbers is fully supported with two's complement math.
Hi David,
the point is that shifting negative numbers is undefined behavior according
to the C standard. So theoretically, the compiler is allowed to do anything
here, like optimizing the code away. Fortunately, no modern compiler is
doing this right now, but to be on the save side, it's better to avoid this
pattern in the code.
Thomas