Editing Bitwise operation (section)

=====Circular shifts=====
{{anchor|Circular shifts in C-family languages}}
The C-family of languages lack a rotate operator (although C++20 provides <code>std::rotl</code> and <code>std::rotr</code>), but one can be synthesized from the shift operators. Care must be taken to ensure the statement is well formed to avoid [[undefined behavior]] and [[timing attack]]s in software with security requirements.<ref name="StackOverflow">{{cite web|url=https://stackoverflow.com/q/31387778|title=Near constant time rotate that does not violate the standards?|access-date=12 August 2015|publisher=Stack Exchange Network}}</ref> For example, a naive implementation that left-rotates a 32-bit unsigned value <code>x</code> by <code>n</code> positions is simply
<syntaxhighlight lang="c">
uint32_t x = ..., n = ...;
uint32_t y = (x << n) | (x >> (32 - n));
</syntaxhighlight>

However, a shift by <code>0</code> bits results in undefined behavior in the right-hand expression <code>(x >> (32 - n))</code> because <code>32 - 0</code> is <code>32</code>, and <code>32</code> is outside the range 0–31 inclusive. A second try might result in
<syntaxhighlight lang="c">
uint32_t x = ..., n = ...;
uint32_t y = n ? (x << n) | (x >> (32 - n)) : x;
</syntaxhighlight>
where the shift amount is tested to ensure that it does not introduce undefined behavior. However, the branch adds an additional code path and presents an opportunity for timing analysis and attack, which is often not acceptable in high-integrity software.<ref name="StackOverflow" /> In addition, the code compiles to multiple machine instructions, which is often less efficient than the processor's native instruction.

To avoid the undefined behavior and branches under [[GNU Compiler Collection|GCC]] and [[Clang]], the following is recommended. The pattern is recognized by many compilers, and the compiler will emit a single rotate instruction:<ref>{{cite web|url=https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157|title=Poor optimization of portable rotate idiom|access-date=11 August 2015|publisher=GNU GCC Project}}</ref><ref>{{cite web|url=https://software.intel.com/en-us/forums/topic/580884|title=Circular rotate that does not violate C/C++ standard?|access-date=12 August 2015|publisher=Intel Developer Forums}}</ref><ref name=LLVM>{{cite web|url=https://llvm.org/bugs/show_bug.cgi?id=24226|title=Constant not propagated into inline assembly, results in &quot;constraint 'I' expects an integer constant expression&quot;|access-date=11 August 2015|publisher=LLVM Project}}</ref>
<syntaxhighlight lang="c">
uint32_t x = ..., n = ...;
uint32_t y = (x << n) | (x >> (-n & 31));
</syntaxhighlight>

There are also compiler-specific [[Intrinsic function|intrinsics]] implementing [[circular shift]]s, like [http://msdn.microsoft.com/en-us/library/t5e2f3sc(VS.80).aspx _rotl8, _rotl16], [http://msdn.microsoft.com/en-us/library/yy0728bz(VS.80).aspx _rotr8, _rotr16] in Microsoft [[Visual C++]]. Clang provides some rotate intrinsics for Microsoft compatibility that suffers the problems above.<ref name=LLVM /> GCC does not offer rotate intrinsics. Intel also provides x86 [https://software.intel.com/sites/landingpage/IntrinsicsGuide/#text=rot&techs=Other intrinsics].