[Qemu-devel] [PATCH 0/4] arm: Avoid shifting left into sign bit

[Qemu-devel] [PATCH 0/4] arm: Avoid shifting left into sign bit

[Peter Maydell]

Four simple patches which correct situations where we shift left
into the sign bit of a signed integer type, which is undefined
behaviour in C. These are by no means the only examples (even
restricted to ARM board code; try "grep '1 << 31'"), but I'm
vaguely aiming for "get 'make check' to not emit any clang
-fsanitize=undefined warnings".

Peter Maydell (4):
  pxa2xx: Don't shift into sign bit
  hw/arm/omap1.c: Avoid shifting left into sign bit
  hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit
  hw/arm/musicpal: Avoid shifting left into sign bit

 hw/arm/musicpal.c     |  4 ++--
 hw/arm/omap1.c        | 24 ++++++++++++++----------
 hw/arm/pxa2xx.c       |  6 +++---
 hw/arm/pxa2xx_gpio.c  |  2 +-
 hw/arm/pxa2xx_pic.c   |  4 ++--
 hw/ssi/xilinx_spips.c |  4 ++--
 6 files changed, 24 insertions(+), 20 deletions(-)

-- 
1.8.5

[Qemu-devel] [PATCH 1/4] pxa2xx: Don't shift into sign bit

[Peter Maydell]

Add  missing 'U' suffixes to avoid potentially shifting into
the sign bit of a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/pxa2xx.c      | 6 +++---
 hw/arm/pxa2xx_gpio.c | 2 +-
 hw/arm/pxa2xx_pic.c  | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 66bc0dc..f5003ae 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -262,7 +262,7 @@ static int pxa2xx_pwrmode_write(CPUARMState *env, const ARMCPRegInfo *ri,
 
     case 1:
         /* Idle */
-        if (!(s->cm_regs[CCCR >> 2] & (1 << 31))) { /* CPDIS */
+        if (!(s->cm_regs[CCCR >> 2] & (1U << 31))) { /* CPDIS */
             cpu_interrupt(CPU(s->cpu), CPU_INTERRUPT_HALT);
             break;
         }
@@ -506,7 +506,7 @@ typedef struct {
 #define SSCR0_SSE	(1 << 7)
 #define SSCR0_RIM	(1 << 22)
 #define SSCR0_TIM	(1 << 23)
-#define SSCR0_MOD	(1 << 31)
+#define SSCR0_MOD       (1U << 31)
 #define SSCR0_DSS(x)	(((((x) >> 16) & 0x10) | ((x) & 0xf)) + 1)
 #define SSCR1_RIE	(1 << 0)
 #define SSCR1_TIE	(1 << 1)
@@ -1016,7 +1016,7 @@ static void pxa2xx_rtc_write(void *opaque, hwaddr addr,
 
     switch (addr) {
     case RTTR:
-        if (!(s->rttr & (1 << 31))) {
+        if (!(s->rttr & (1U << 31))) {
             pxa2xx_rtc_hzupdate(s);
             s->rttr = value;
             pxa2xx_rtc_alarm_update(s, s->rtsr);
diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c
index ca77f56..0727428 100644
--- a/hw/arm/pxa2xx_gpio.c
+++ b/hw/arm/pxa2xx_gpio.c
@@ -110,7 +110,7 @@ static void pxa2xx_gpio_set(void *opaque, int line, int level)
     }
 
     bank = line >> 5;
-    mask = 1 << (line & 31);
+    mask = 1U << (line & 31);
 
     if (level) {
         s->status[bank] |= s->rising[bank] & mask &
diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
index 46d337c..3a3dbf5 100644
--- a/hw/arm/pxa2xx_pic.c
+++ b/hw/arm/pxa2xx_pic.c
@@ -105,7 +105,7 @@ static inline uint32_t pxa2xx_pic_highest(PXA2xxPICState *s) {
 
     for (i = PXA2XX_PIC_SRCS - 1; i >= 0; i --) {
         irq = s->priority[i] & 0x3f;
-        if ((s->priority[i] & (1 << 31)) && irq < PXA2XX_PIC_SRCS) {
+        if ((s->priority[i] & (1U << 31)) && irq < PXA2XX_PIC_SRCS) {
             /* Source peripheral ID is valid.  */
             bit = 1 << (irq & 31);
             int_set = (irq >= 32);
@@ -119,7 +119,7 @@ static inline uint32_t pxa2xx_pic_highest(PXA2xxPICState *s) {
             if (mask[int_set] & bit & ~s->is_fiq[int_set]) {
                 /* IRQ asserted */
                 ichp &= 0x0000ffff;
-                ichp |= (1 << 31) | (irq << 16);
+                ichp |= (1U << 31) | (irq << 16);
             }
         }
     }
-- 
1.8.5

[Qemu-devel] [PATCH 2/4] hw/arm/omap1.c: Avoid shifting left into sign bit

[Peter Maydell]

Add missing 'U' suffix to avoid shifting left into sign bit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/omap1.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 47511d2..b433748 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -809,22 +809,26 @@ static inline void omap_pin_funcmux1_update(struct omap_mpu_state_s *s,
                 uint32_t diff, uint32_t value)
 {
     if (s->compat1509) {
-        if (diff & (1 << 31))			/* MCBSP3_CLK_HIZ_DI */
-            omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"),
-                            (value >> 31) & 1);
-        if (diff & (1 << 1))			/* CLK32K */
-            omap_clk_onoff(omap_findclk(s, "clk32k_out"),
-                            (~value >> 1) & 1);
+        if (diff & (1U << 31)) {
+            /* MCBSP3_CLK_HIZ_DI */
+            omap_clk_onoff(omap_findclk(s, "mcbsp3.clkx"), (value >> 31) & 1);
+        }
+        if (diff & (1 << 1)) {
+            /* CLK32K */
+            omap_clk_onoff(omap_findclk(s, "clk32k_out"), (~value >> 1) & 1);
+        }
     }
 }
 
 static inline void omap_pin_modconf1_update(struct omap_mpu_state_s *s,
                 uint32_t diff, uint32_t value)
 {
-    if (diff & (1 << 31))			/* CONF_MOD_UART3_CLK_MODE_R */
-         omap_clk_reparent(omap_findclk(s, "uart3_ck"),
-                         omap_findclk(s, ((value >> 31) & 1) ?
-                                 "ck_48m" : "armper_ck"));
+    if (diff & (1U << 31)) {
+        /* CONF_MOD_UART3_CLK_MODE_R */
+        omap_clk_reparent(omap_findclk(s, "uart3_ck"),
+                          omap_findclk(s, ((value >> 31) & 1) ?
+                                       "ck_48m" : "armper_ck"));
+    }
     if (diff & (1 << 30))			/* CONF_MOD_UART2_CLK_MODE_R */
          omap_clk_reparent(omap_findclk(s, "uart2_ck"),
                          omap_findclk(s, ((value >> 30) & 1) ?
-- 
1.8.5

[Qemu-devel] [PATCH 3/4] hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit

[Peter Maydell]

Add missing 'U' suffix to avoid shifting left into sign bit of
a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/ssi/xilinx_spips.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 6a28746..8977243 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -43,7 +43,7 @@
 
 /* config register */
 #define R_CONFIG            (0x00 / 4)
-#define IFMODE              (1 << 31)
+#define IFMODE              (1U << 31)
 #define ENDIAN              (1 << 26)
 #define MODEFAIL_GEN_EN     (1 << 17)
 #define MAN_START_COM       (1 << 16)
@@ -87,7 +87,7 @@
 
 #define R_LQSPI_CFG         (0xa0 / 4)
 #define R_LQSPI_CFG_RESET       0x03A002EB
-#define LQSPI_CFG_LQ_MODE       (1 << 31)
+#define LQSPI_CFG_LQ_MODE       (1U << 31)
 #define LQSPI_CFG_TWO_MEM       (1 << 30)
 #define LQSPI_CFG_SEP_BUS       (1 << 30)
 #define LQSPI_CFG_U_PAGE        (1 << 28)
-- 
1.8.5

[Qemu-devel] [PATCH 4/4] hw/arm/musicpal: Avoid shifting left into sign bit

[Peter Maydell]

Add missing 'U' suffixes to avoid shifting left into sign
bit of a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/musicpal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 50a3b8f..47e3889 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -112,10 +112,10 @@
 #define MP_PHY_88E3015          0x01410E20
 
 /* TX descriptor status */
-#define MP_ETH_TX_OWN           (1 << 31)
+#define MP_ETH_TX_OWN           (1U << 31)
 
 /* RX descriptor status */
-#define MP_ETH_RX_OWN           (1 << 31)
+#define MP_ETH_RX_OWN           (1U << 31)
 
 /* Interrupt cause/mask bits */
 #define MP_ETH_IRQ_RX_BIT       0
-- 
1.8.5

Re: [Qemu-devel] [PATCH 0/4] arm: Avoid shifting left into sign bit

[Peter Maydell]

On 21 February 2014 13:06, Peter Maydell <peter.maydell@linaro.org> wrote:
> Four simple patches which correct situations where we shift left
> into the sign bit of a signed integer type, which is undefined
> behaviour in C. These are by no means the only examples (even
> restricted to ARM board code; try "grep '1 << 31'"), but I'm
> vaguely aiming for "get 'make check' to not emit any clang
> -fsanitize=undefined warnings".
>
> Peter Maydell (4):
>   pxa2xx: Don't shift into sign bit
>   hw/arm/omap1.c: Avoid shifting left into sign bit
>   hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit
>   hw/arm/musicpal: Avoid shifting left into sign bit

Applying these to target-arm.next; no review but they're
pretty trivial.

thanks
-- PMM