[XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

[XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

[Dmytro Prokopchuk1]

Rule 10.1: Operands shall not be of an
inappropriate essential type

The following are non-compliant:
- unary minus on unsigned type;
- boolean used as a numeric value.

Replace unary '-' operator with multiplying by '-1L' or '-1LL'.
Replace numeric constant '-1UL' with '~0UL'.
Replace numeric constant '-1ULL' with '~0ULL'.
Cast boolean to numeric value.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
---
 xen/arch/arm/gic-vgic.c               | 2 +-
 xen/common/memory.c                   | 2 +-
 xen/common/page_alloc.c               | 6 +++---
 xen/common/time.c                     | 2 +-
 xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
 xen/lib/strtol.c                      | 2 +-
 xen/lib/strtoll.c                     | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/xen/arch/arm/gic-vgic.c b/xen/arch/arm/gic-vgic.c
index ea48c5375a..a35f33c5f2 100644
--- a/xen/arch/arm/gic-vgic.c
+++ b/xen/arch/arm/gic-vgic.c
@@ -17,7 +17,7 @@
 #include <asm/vgic.h>
 
 #define lr_all_full()                                           \
-    (this_cpu(lr_mask) == (-1ULL >> (64 - gic_get_nr_lrs())))
+    (this_cpu(lr_mask) == (~0ULL >> (64 - gic_get_nr_lrs())))
 
 #undef GIC_DEBUG
 
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 46620ed825..96086704cb 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -773,7 +773,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
 
                 nrspin_lock(&d->page_alloc_lock);
                 drop_dom_ref = (dec_count &&
-                                !domain_adjust_tot_pages(d, -dec_count));
+                                !domain_adjust_tot_pages(d, (-1L) * dec_count));
                 nrspin_unlock(&d->page_alloc_lock);
 
                 if ( drop_dom_ref )
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 8f93a4c354..da8dddf934 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -691,7 +691,7 @@ size_param("low_mem_virq_limit", opt_low_mem_virq);
 /* Thresholds to control hysteresis. In pages */
 /* When memory grows above this threshold, reset hysteresis.
  * -1 initially to not reset until at least one virq issued. */
-static unsigned long low_mem_virq_high      = -1UL;
+static unsigned long low_mem_virq_high      = ~0UL;
 /* Threshold at which we issue virq */
 static unsigned long low_mem_virq_th        = 0;
 /* Original threshold after all checks completed */
@@ -710,7 +710,7 @@ static void __init setup_low_mem_virq(void)
      * to ever trigger. */
     if ( opt_low_mem_virq == 0 )
     {
-        low_mem_virq_th = -1UL;
+        low_mem_virq_th = ~0UL;
         return;
     }
 
@@ -778,7 +778,7 @@ static void check_low_mem_virq(void)
         low_mem_virq_th_order++;
         low_mem_virq_th = 1UL << low_mem_virq_th_order;
         if ( low_mem_virq_th == low_mem_virq_orig )
-            low_mem_virq_high = -1UL;
+            low_mem_virq_high = ~0UL;
         else
             low_mem_virq_high = 1UL << (low_mem_virq_th_order + 2);
     }
diff --git a/xen/common/time.c b/xen/common/time.c
index 92f7b72464..a6eda82f8d 100644
--- a/xen/common/time.c
+++ b/xen/common/time.c
@@ -84,7 +84,7 @@ struct tm gmtime(unsigned long t)
     }
     tbuf.tm_year = y - 1900;
     tbuf.tm_yday = days;
-    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
+    ip = (const unsigned short int *)__mon_lengths[(int)__isleap(y)];
     for ( y = 0; days >= ip[y]; ++y )
         days -= ip[y];
     tbuf.tm_mon = y;
diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c
index df16235057..4058b18f2c 100644
--- a/xen/drivers/passthrough/arm/smmu-v3.c
+++ b/xen/drivers/passthrough/arm/smmu-v3.c
@@ -315,7 +315,7 @@ static int queue_poll_cons(struct arm_smmu_queue *q, bool sync, bool wfe)
 
 	while (queue_sync_cons_in(q),
 	      (sync ? !queue_empty(&q->llq) : queue_full(&q->llq))) {
-		if ((NOW() > timeout) > 0)
+		if (NOW() > timeout)
 			return -ETIMEDOUT;
 
 		if (wfe) {
diff --git a/xen/lib/strtol.c b/xen/lib/strtol.c
index 30dca779cf..5f9d691727 100644
--- a/xen/lib/strtol.c
+++ b/xen/lib/strtol.c
@@ -13,7 +13,7 @@
 long simple_strtol(const char *cp, const char **endp, unsigned int base)
 {
     if ( *cp == '-' )
-        return -simple_strtoul(cp + 1, endp, base);
+        return (-1L) * simple_strtoul(cp + 1, endp, base);
     return simple_strtoul(cp, endp, base);
 }
 
diff --git a/xen/lib/strtoll.c b/xen/lib/strtoll.c
index 5d23fd80e8..e87007eddd 100644
--- a/xen/lib/strtoll.c
+++ b/xen/lib/strtoll.c
@@ -13,7 +13,7 @@
 long long simple_strtoll(const char *cp, const char **endp, unsigned int base)
 {
     if ( *cp == '-' )
-        return -simple_strtoull(cp + 1, endp, base);
+        return (-1LL) * simple_strtoull(cp + 1, endp, base);
     return simple_strtoull(cp, endp, base);
 }
 
-- 
2.43.0

Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

[Dmytro Prokopchuk1]

CI tests:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1919687496

On 7/11/25 01:10, Dmytro Prokopchuk1 wrote:
> Rule 10.1: Operands shall not be of an
> inappropriate essential type
> 
> The following are non-compliant:
> - unary minus on unsigned type;
> - boolean used as a numeric value.
> 
> Replace unary '-' operator with multiplying by '-1L' or '-1LL'.
> Replace numeric constant '-1UL' with '~0UL'.
> Replace numeric constant '-1ULL' with '~0ULL'.
> Cast boolean to numeric value.
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
> ---
>   xen/arch/arm/gic-vgic.c               | 2 +-
>   xen/common/memory.c                   | 2 +-
>   xen/common/page_alloc.c               | 6 +++---
>   xen/common/time.c                     | 2 +-
>   xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
>   xen/lib/strtol.c                      | 2 +-
>   xen/lib/strtoll.c                     | 2 +-
>   7 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/xen/arch/arm/gic-vgic.c b/xen/arch/arm/gic-vgic.c
> index ea48c5375a..a35f33c5f2 100644
> --- a/xen/arch/arm/gic-vgic.c
> +++ b/xen/arch/arm/gic-vgic.c
> @@ -17,7 +17,7 @@
>   #include <asm/vgic.h>
>   
>   #define lr_all_full()                                           \
> -    (this_cpu(lr_mask) == (-1ULL >> (64 - gic_get_nr_lrs())))
> +    (this_cpu(lr_mask) == (~0ULL >> (64 - gic_get_nr_lrs())))
>   
>   #undef GIC_DEBUG
>   
> diff --git a/xen/common/memory.c b/xen/common/memory.c
> index 46620ed825..96086704cb 100644
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -773,7 +773,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
>   
>                   nrspin_lock(&d->page_alloc_lock);
>                   drop_dom_ref = (dec_count &&
> -                                !domain_adjust_tot_pages(d, -dec_count));
> +                                !domain_adjust_tot_pages(d, (-1L) * dec_count));
>                   nrspin_unlock(&d->page_alloc_lock);
>   
>                   if ( drop_dom_ref )
> diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
> index 8f93a4c354..da8dddf934 100644
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -691,7 +691,7 @@ size_param("low_mem_virq_limit", opt_low_mem_virq);
>   /* Thresholds to control hysteresis. In pages */
>   /* When memory grows above this threshold, reset hysteresis.
>    * -1 initially to not reset until at least one virq issued. */
> -static unsigned long low_mem_virq_high      = -1UL;
> +static unsigned long low_mem_virq_high      = ~0UL;
>   /* Threshold at which we issue virq */
>   static unsigned long low_mem_virq_th        = 0;
>   /* Original threshold after all checks completed */
> @@ -710,7 +710,7 @@ static void __init setup_low_mem_virq(void)
>        * to ever trigger. */
>       if ( opt_low_mem_virq == 0 )
>       {
> -        low_mem_virq_th = -1UL;
> +        low_mem_virq_th = ~0UL;
>           return;
>       }
>   
> @@ -778,7 +778,7 @@ static void check_low_mem_virq(void)
>           low_mem_virq_th_order++;
>           low_mem_virq_th = 1UL << low_mem_virq_th_order;
>           if ( low_mem_virq_th == low_mem_virq_orig )
> -            low_mem_virq_high = -1UL;
> +            low_mem_virq_high = ~0UL;
>           else
>               low_mem_virq_high = 1UL << (low_mem_virq_th_order + 2);
>       }
> diff --git a/xen/common/time.c b/xen/common/time.c
> index 92f7b72464..a6eda82f8d 100644
> --- a/xen/common/time.c
> +++ b/xen/common/time.c
> @@ -84,7 +84,7 @@ struct tm gmtime(unsigned long t)
>       }
>       tbuf.tm_year = y - 1900;
>       tbuf.tm_yday = days;
> -    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
> +    ip = (const unsigned short int *)__mon_lengths[(int)__isleap(y)];
>       for ( y = 0; days >= ip[y]; ++y )
>           days -= ip[y];
>       tbuf.tm_mon = y;
> diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c
> index df16235057..4058b18f2c 100644
> --- a/xen/drivers/passthrough/arm/smmu-v3.c
> +++ b/xen/drivers/passthrough/arm/smmu-v3.c
> @@ -315,7 +315,7 @@ static int queue_poll_cons(struct arm_smmu_queue *q, bool sync, bool wfe)
>   
>   	while (queue_sync_cons_in(q),
>   	      (sync ? !queue_empty(&q->llq) : queue_full(&q->llq))) {
> -		if ((NOW() > timeout) > 0)
> +		if (NOW() > timeout)
>   			return -ETIMEDOUT;
>   
>   		if (wfe) {
> diff --git a/xen/lib/strtol.c b/xen/lib/strtol.c
> index 30dca779cf..5f9d691727 100644
> --- a/xen/lib/strtol.c
> +++ b/xen/lib/strtol.c
> @@ -13,7 +13,7 @@
>   long simple_strtol(const char *cp, const char **endp, unsigned int base)
>   {
>       if ( *cp == '-' )
> -        return -simple_strtoul(cp + 1, endp, base);
> +        return (-1L) * simple_strtoul(cp + 1, endp, base);
>       return simple_strtoul(cp, endp, base);
>   }
>   
> diff --git a/xen/lib/strtoll.c b/xen/lib/strtoll.c
> index 5d23fd80e8..e87007eddd 100644
> --- a/xen/lib/strtoll.c
> +++ b/xen/lib/strtoll.c
> @@ -13,7 +13,7 @@
>   long long simple_strtoll(const char *cp, const char **endp, unsigned int base)
>   {
>       if ( *cp == '-' )
> -        return -simple_strtoull(cp + 1, endp, base);
> +        return (-1LL) * simple_strtoull(cp + 1, endp, base);
>       return simple_strtoull(cp, endp, base);
>   }
>   

Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

[Stefano Stabellini]

On Thu, 10 Jul 2025, Dmytro Prokopchuk1 wrote:
> Rule 10.1: Operands shall not be of an
> inappropriate essential type
> 
> The following are non-compliant:
> - unary minus on unsigned type;
> - boolean used as a numeric value.
> 
> Replace unary '-' operator with multiplying by '-1L' or '-1LL'.
> Replace numeric constant '-1UL' with '~0UL'.
> Replace numeric constant '-1ULL' with '~0ULL'.
> Cast boolean to numeric value.
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
> ---
>  xen/arch/arm/gic-vgic.c               | 2 +-
>  xen/common/memory.c                   | 2 +-
>  xen/common/page_alloc.c               | 6 +++---
>  xen/common/time.c                     | 2 +-
>  xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
>  xen/lib/strtol.c                      | 2 +-
>  xen/lib/strtoll.c                     | 2 +-
>  7 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/xen/arch/arm/gic-vgic.c b/xen/arch/arm/gic-vgic.c
> index ea48c5375a..a35f33c5f2 100644
> --- a/xen/arch/arm/gic-vgic.c
> +++ b/xen/arch/arm/gic-vgic.c
> @@ -17,7 +17,7 @@
>  #include <asm/vgic.h>
>  
>  #define lr_all_full()                                           \
> -    (this_cpu(lr_mask) == (-1ULL >> (64 - gic_get_nr_lrs())))
> +    (this_cpu(lr_mask) == (~0ULL >> (64 - gic_get_nr_lrs())))

I understand this change, I think it is good



>  #undef GIC_DEBUG
>  
> diff --git a/xen/common/memory.c b/xen/common/memory.c
> index 46620ed825..96086704cb 100644
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -773,7 +773,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
>  
>                  nrspin_lock(&d->page_alloc_lock);
>                  drop_dom_ref = (dec_count &&
> -                                !domain_adjust_tot_pages(d, -dec_count));
> +                                !domain_adjust_tot_pages(d, (-1L) * dec_count));

...but I don't understand this? It looks like it would also break 10.1
and/or 10.3 as well?

I would rather use casts if needed, which wouldn't change the behavior
but would highlight the unsigned->signed conversion, making it more
visible:

    !domain_adjust_tot_pages(d, -(int)dec_count));


>                  nrspin_unlock(&d->page_alloc_lock);
>  
>                  if ( drop_dom_ref )
> diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
> index 8f93a4c354..da8dddf934 100644
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -691,7 +691,7 @@ size_param("low_mem_virq_limit", opt_low_mem_virq);
>  /* Thresholds to control hysteresis. In pages */
>  /* When memory grows above this threshold, reset hysteresis.
>   * -1 initially to not reset until at least one virq issued. */
> -static unsigned long low_mem_virq_high      = -1UL;
> +static unsigned long low_mem_virq_high      = ~0UL;
>  /* Threshold at which we issue virq */
>  static unsigned long low_mem_virq_th        = 0;
>  /* Original threshold after all checks completed */
> @@ -710,7 +710,7 @@ static void __init setup_low_mem_virq(void)
>       * to ever trigger. */
>      if ( opt_low_mem_virq == 0 )
>      {
> -        low_mem_virq_th = -1UL;
> +        low_mem_virq_th = ~0UL;
>          return;
>      }
>  
> @@ -778,7 +778,7 @@ static void check_low_mem_virq(void)
>          low_mem_virq_th_order++;
>          low_mem_virq_th = 1UL << low_mem_virq_th_order;
>          if ( low_mem_virq_th == low_mem_virq_orig )
> -            low_mem_virq_high = -1UL;
> +            low_mem_virq_high = ~0UL;
>          else
>              low_mem_virq_high = 1UL << (low_mem_virq_th_order + 2);
>      }
> diff --git a/xen/common/time.c b/xen/common/time.c
> index 92f7b72464..a6eda82f8d 100644
> --- a/xen/common/time.c
> +++ b/xen/common/time.c
> @@ -84,7 +84,7 @@ struct tm gmtime(unsigned long t)
>      }
>      tbuf.tm_year = y - 1900;
>      tbuf.tm_yday = days;
> -    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
> +    ip = (const unsigned short int *)__mon_lengths[(int)__isleap(y)];

__isleap return bool and we deviated bool conversions in logical
operations but not here, so I understand why this is needed. OK.


>      for ( y = 0; days >= ip[y]; ++y )
>          days -= ip[y];
>      tbuf.tm_mon = y;
> diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c
> index df16235057..4058b18f2c 100644
> --- a/xen/drivers/passthrough/arm/smmu-v3.c
> +++ b/xen/drivers/passthrough/arm/smmu-v3.c
> @@ -315,7 +315,7 @@ static int queue_poll_cons(struct arm_smmu_queue *q, bool sync, bool wfe)
>  
>  	while (queue_sync_cons_in(q),
>  	      (sync ? !queue_empty(&q->llq) : queue_full(&q->llq))) {
> -		if ((NOW() > timeout) > 0)
> +		if (NOW() > timeout)
>  			return -ETIMEDOUT;
>  
>  		if (wfe) {
> diff --git a/xen/lib/strtol.c b/xen/lib/strtol.c
> index 30dca779cf..5f9d691727 100644
> --- a/xen/lib/strtol.c
> +++ b/xen/lib/strtol.c
> @@ -13,7 +13,7 @@
>  long simple_strtol(const char *cp, const char **endp, unsigned int base)
>  {
>      if ( *cp == '-' )
> -        return -simple_strtoul(cp + 1, endp, base);
> +        return (-1L) * simple_strtoul(cp + 1, endp, base);
>      return simple_strtoul(cp, endp, base);
>  }
>  
> diff --git a/xen/lib/strtoll.c b/xen/lib/strtoll.c
> index 5d23fd80e8..e87007eddd 100644
> --- a/xen/lib/strtoll.c
> +++ b/xen/lib/strtoll.c
> @@ -13,7 +13,7 @@
>  long long simple_strtoll(const char *cp, const char **endp, unsigned int base)
>  {
>      if ( *cp == '-' )
> -        return -simple_strtoull(cp + 1, endp, base);
> +        return (-1LL) * simple_strtoull(cp + 1, endp, base);
>      return simple_strtoull(cp, endp, base);
>  }
>  
> -- 
> 2.43.0
> 

Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

[Demi Marie Obenour]

[-- Attachment #1.1.1: Type: text/plain, Size: 2552 bytes --]

On 7/10/25 20:15, Stefano Stabellini wrote:
> On Thu, 10 Jul 2025, Dmytro Prokopchuk1 wrote:
>> Rule 10.1: Operands shall not be of an
>> inappropriate essential type
>>
>> The following are non-compliant:
>> - unary minus on unsigned type;
>> - boolean used as a numeric value.
>>
>> Replace unary '-' operator with multiplying by '-1L' or '-1LL'.
>> Replace numeric constant '-1UL' with '~0UL'.
>> Replace numeric constant '-1ULL' with '~0ULL'.
>> Cast boolean to numeric value.
>>
>> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
>> ---
>>  xen/arch/arm/gic-vgic.c               | 2 +-
>>  xen/common/memory.c                   | 2 +-
>>  xen/common/page_alloc.c               | 6 +++---
>>  xen/common/time.c                     | 2 +-
>>  xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
>>  xen/lib/strtol.c                      | 2 +-
>>  xen/lib/strtoll.c                     | 2 +-
>>  7 files changed, 9 insertions(+), 9 deletions(-)
>>
>> diff --git a/xen/arch/arm/gic-vgic.c b/xen/arch/arm/gic-vgic.c
>> index ea48c5375a..a35f33c5f2 100644
>> --- a/xen/arch/arm/gic-vgic.c
>> +++ b/xen/arch/arm/gic-vgic.c
>> @@ -17,7 +17,7 @@
>>  #include <asm/vgic.h>
>>  
>>  #define lr_all_full()                                           \
>> -    (this_cpu(lr_mask) == (-1ULL >> (64 - gic_get_nr_lrs())))
>> +    (this_cpu(lr_mask) == (~0ULL >> (64 - gic_get_nr_lrs())))
> 
> I understand this change, I think it is good
> 
> 
> 
>>  #undef GIC_DEBUG
>>  
>> diff --git a/xen/common/memory.c b/xen/common/memory.c
>> index 46620ed825..96086704cb 100644
>> --- a/xen/common/memory.c
>> +++ b/xen/common/memory.c
>> @@ -773,7 +773,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
>>  
>>                  nrspin_lock(&d->page_alloc_lock);
>>                  drop_dom_ref = (dec_count &&
>> -                                !domain_adjust_tot_pages(d, -dec_count));
>> +                                !domain_adjust_tot_pages(d, (-1L) * dec_count));
> 
> ...but I don't understand this? It looks like it would also break 10.1
> and/or 10.3 as well?
> 
> I would rather use casts if needed, which wouldn't change the behavior
> but would highlight the unsigned->signed conversion, making it more
> visible:
> 
>     !domain_adjust_tot_pages(d, -(int)dec_count));

-INT_MIN is undefined behavior, whereas -(unsigned)INT_MIN should be
well-defined.  I'm not sure if that matters here, though.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

[Jan Beulich]

On 11.07.2025 02:15, Stefano Stabellini wrote:
> On Thu, 10 Jul 2025, Dmytro Prokopchuk1 wrote:
>> --- a/xen/common/memory.c
>> +++ b/xen/common/memory.c
>> @@ -773,7 +773,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
>>  
>>                  nrspin_lock(&d->page_alloc_lock);
>>                  drop_dom_ref = (dec_count &&
>> -                                !domain_adjust_tot_pages(d, -dec_count));
>> +                                !domain_adjust_tot_pages(d, (-1L) * dec_count));
> 
> ...but I don't understand this? It looks like it would also break 10.1
> and/or 10.3 as well?
> 
> I would rather use casts if needed, which wouldn't change the behavior
> but would highlight the unsigned->signed conversion, making it more
> visible:
> 
>     !domain_adjust_tot_pages(d, -(int)dec_count));

Except that, as more often than not anyway, such casts are fragile.

>> --- a/xen/common/page_alloc.c
>> +++ b/xen/common/page_alloc.c
>> @@ -691,7 +691,7 @@ size_param("low_mem_virq_limit", opt_low_mem_virq);
>>  /* Thresholds to control hysteresis. In pages */
>>  /* When memory grows above this threshold, reset hysteresis.
>>   * -1 initially to not reset until at least one virq issued. */
>> -static unsigned long low_mem_virq_high      = -1UL;
>> +static unsigned long low_mem_virq_high      = ~0UL;
>>  /* Threshold at which we issue virq */
>>  static unsigned long low_mem_virq_th        = 0;
>>  /* Original threshold after all checks completed */
>> @@ -710,7 +710,7 @@ static void __init setup_low_mem_virq(void)
>>       * to ever trigger. */
>>      if ( opt_low_mem_virq == 0 )
>>      {
>> -        low_mem_virq_th = -1UL;
>> +        low_mem_virq_th = ~0UL;
>>          return;
>>      }
>>  
>> @@ -778,7 +778,7 @@ static void check_low_mem_virq(void)
>>          low_mem_virq_th_order++;
>>          low_mem_virq_th = 1UL << low_mem_virq_th_order;
>>          if ( low_mem_virq_th == low_mem_virq_orig )
>> -            low_mem_virq_high = -1UL;
>> +            low_mem_virq_high = ~0UL;
>>          else
>>              low_mem_virq_high = 1UL << (low_mem_virq_th_order + 2);
>>      }
>> --- a/xen/common/time.c
>> +++ b/xen/common/time.c
>> @@ -84,7 +84,7 @@ struct tm gmtime(unsigned long t)
>>      }
>>      tbuf.tm_year = y - 1900;
>>      tbuf.tm_yday = days;
>> -    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
>> +    ip = (const unsigned short int *)__mon_lengths[(int)__isleap(y)];
> 
> __isleap return bool and we deviated bool conversions in logical
> operations but not here, so I understand why this is needed. OK.

No. If a cast is unavoidable here (which I question), it wants to be to
an unsigned type.

I'm glad I looked at the patch, btw, since these files - contrary to the
patch subject prefix - aren't Arm files.

>> --- a/xen/lib/strtol.c
>> +++ b/xen/lib/strtol.c
>> @@ -13,7 +13,7 @@
>>  long simple_strtol(const char *cp, const char **endp, unsigned int base)
>>  {
>>      if ( *cp == '-' )
>> -        return -simple_strtoul(cp + 1, endp, base);
>> +        return (-1L) * simple_strtoul(cp + 1, endp, base);
>>      return simple_strtoul(cp, endp, base);
>>  }
>>  
>> --- a/xen/lib/strtoll.c
>> +++ b/xen/lib/strtoll.c
>> @@ -13,7 +13,7 @@
>>  long long simple_strtoll(const char *cp, const char **endp, unsigned int base)
>>  {
>>      if ( *cp == '-' )
>> -        return -simple_strtoull(cp + 1, endp, base);
>> +        return (-1LL) * simple_strtoull(cp + 1, endp, base);
>>      return simple_strtoull(cp, endp, base);
>>  }
>>  

Nor are these two.

As to the kind of change here - didn't we deviate applying unary minus to
unsigned types?

Jan