Re: [PATCH 4/9] drivers/iio: Sign extend without triggering implementation-defined behavior

[Douglas Gilbert]

On 2019-10-30 4:02 p.m., Peter Zijlstra wrote:
> On Mon, Oct 28, 2019 at 01:06:55PM -0700, Bart Van Assche wrote:
> >  From the C standard: "The result of E1 >> E2 is E1 right-shifted E2 bit
> > positions. If E1 has an unsigned type or if E1 has a signed type and a
> > nonnegative value, the value of the result is the integral part of the
> > quotient of E1 / 2E2 . If E1 has a signed type and a negative value, the
> > resulting value is implementation-defined."
>
> FWIW, we actually hard rely on this implementation defined behaviour all
> over the kernel. See for example the generic sign_extend{32,64}()
> functions.
>
> AFAIR the only reason the C standard says this is implementation defined
> is because it wants to support daft things like 1s complement and
> saturating integers.

See:
   http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2218.htm

That is in C++20 and on the agenda for C2x:
   https://gustedt.wordpress.com/2018/11/12/c2x/

Doug Gilbert

> Luckily, Linux doesn't run on any such hardware and we hard rely on
> signed being 2s complement and tell the compiler that by using
> -fno-strict-overflow (which implies -fwrapv).
>
> And the only sane choice for 2s complement signed shift right is
> arithmetic shift right.
>
> (this recently came up in another thread, which I can't remember enough
> of to find just now, and I'm not sure we got a GCC person to confirm if
> -fwrapv does indeed guarantee arithmetic shift, the GCC documentation
> does not mention this)