[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1

To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Thu, 10 Jul 2025 17:15:08 -0700 (PDT)
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>
Delivery-date: Fri, 11 Jul 2025 00:15:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, 10 Jul 2025, Dmytro Prokopchuk1 wrote:
> Rule 10.1: Operands shall not be of an
> inappropriate essential type
> 
> The following are non-compliant:
> - unary minus on unsigned type;
> - boolean used as a numeric value.
> 
> Replace unary '-' operator with multiplying by '-1L' or '-1LL'.
> Replace numeric constant '-1UL' with '~0UL'.
> Replace numeric constant '-1ULL' with '~0ULL'.
> Cast boolean to numeric value.
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
> ---
>  xen/arch/arm/gic-vgic.c               | 2 +-
>  xen/common/memory.c                   | 2 +-
>  xen/common/page_alloc.c               | 6 +++---
>  xen/common/time.c                     | 2 +-
>  xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
>  xen/lib/strtol.c                      | 2 +-
>  xen/lib/strtoll.c                     | 2 +-
>  7 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/xen/arch/arm/gic-vgic.c b/xen/arch/arm/gic-vgic.c
> index ea48c5375a..a35f33c5f2 100644
> --- a/xen/arch/arm/gic-vgic.c
> +++ b/xen/arch/arm/gic-vgic.c
> @@ -17,7 +17,7 @@
>  #include <asm/vgic.h>
>  
>  #define lr_all_full()                                           \
> -    (this_cpu(lr_mask) == (-1ULL >> (64 - gic_get_nr_lrs())))
> +    (this_cpu(lr_mask) == (~0ULL >> (64 - gic_get_nr_lrs())))

I understand this change, I think it is good



>  #undef GIC_DEBUG
>  
> diff --git a/xen/common/memory.c b/xen/common/memory.c
> index 46620ed825..96086704cb 100644
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -773,7 +773,7 @@ static long 
> memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
>  
>                  nrspin_lock(&d->page_alloc_lock);
>                  drop_dom_ref = (dec_count &&
> -                                !domain_adjust_tot_pages(d, -dec_count));
> +                                !domain_adjust_tot_pages(d, (-1L) * 
> dec_count));

...but I don't understand this? It looks like it would also break 10.1
and/or 10.3 as well?

I would rather use casts if needed, which wouldn't change the behavior
but would highlight the unsigned->signed conversion, making it more
visible:

    !domain_adjust_tot_pages(d, -(int)dec_count));


>                  nrspin_unlock(&d->page_alloc_lock);
>  
>                  if ( drop_dom_ref )
> diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
> index 8f93a4c354..da8dddf934 100644
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -691,7 +691,7 @@ size_param("low_mem_virq_limit", opt_low_mem_virq);
>  /* Thresholds to control hysteresis. In pages */
>  /* When memory grows above this threshold, reset hysteresis.
>   * -1 initially to not reset until at least one virq issued. */
> -static unsigned long low_mem_virq_high      = -1UL;
> +static unsigned long low_mem_virq_high      = ~0UL;
>  /* Threshold at which we issue virq */
>  static unsigned long low_mem_virq_th        = 0;
>  /* Original threshold after all checks completed */
> @@ -710,7 +710,7 @@ static void __init setup_low_mem_virq(void)
>       * to ever trigger. */
>      if ( opt_low_mem_virq == 0 )
>      {
> -        low_mem_virq_th = -1UL;
> +        low_mem_virq_th = ~0UL;
>          return;
>      }
>  
> @@ -778,7 +778,7 @@ static void check_low_mem_virq(void)
>          low_mem_virq_th_order++;
>          low_mem_virq_th = 1UL << low_mem_virq_th_order;
>          if ( low_mem_virq_th == low_mem_virq_orig )
> -            low_mem_virq_high = -1UL;
> +            low_mem_virq_high = ~0UL;
>          else
>              low_mem_virq_high = 1UL << (low_mem_virq_th_order + 2);
>      }
> diff --git a/xen/common/time.c b/xen/common/time.c
> index 92f7b72464..a6eda82f8d 100644
> --- a/xen/common/time.c
> +++ b/xen/common/time.c
> @@ -84,7 +84,7 @@ struct tm gmtime(unsigned long t)
>      }
>      tbuf.tm_year = y - 1900;
>      tbuf.tm_yday = days;
> -    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
> +    ip = (const unsigned short int *)__mon_lengths[(int)__isleap(y)];

__isleap return bool and we deviated bool conversions in logical
operations but not here, so I understand why this is needed. OK.


>      for ( y = 0; days >= ip[y]; ++y )
>          days -= ip[y];
>      tbuf.tm_mon = y;
> diff --git a/xen/drivers/passthrough/arm/smmu-v3.c 
> b/xen/drivers/passthrough/arm/smmu-v3.c
> index df16235057..4058b18f2c 100644
> --- a/xen/drivers/passthrough/arm/smmu-v3.c
> +++ b/xen/drivers/passthrough/arm/smmu-v3.c
> @@ -315,7 +315,7 @@ static int queue_poll_cons(struct arm_smmu_queue *q, bool 
> sync, bool wfe)
>  
>       while (queue_sync_cons_in(q),
>             (sync ? !queue_empty(&q->llq) : queue_full(&q->llq))) {
> -             if ((NOW() > timeout) > 0)
> +             if (NOW() > timeout)
>                       return -ETIMEDOUT;
>  
>               if (wfe) {
> diff --git a/xen/lib/strtol.c b/xen/lib/strtol.c
> index 30dca779cf..5f9d691727 100644
> --- a/xen/lib/strtol.c
> +++ b/xen/lib/strtol.c
> @@ -13,7 +13,7 @@
>  long simple_strtol(const char *cp, const char **endp, unsigned int base)
>  {
>      if ( *cp == '-' )
> -        return -simple_strtoul(cp + 1, endp, base);
> +        return (-1L) * simple_strtoul(cp + 1, endp, base);
>      return simple_strtoul(cp, endp, base);
>  }
>  
> diff --git a/xen/lib/strtoll.c b/xen/lib/strtoll.c
> index 5d23fd80e8..e87007eddd 100644
> --- a/xen/lib/strtoll.c
> +++ b/xen/lib/strtoll.c
> @@ -13,7 +13,7 @@
>  long long simple_strtoll(const char *cp, const char **endp, unsigned int 
> base)
>  {
>      if ( *cp == '-' )
> -        return -simple_strtoull(cp + 1, endp, base);
> +        return (-1LL) * simple_strtoull(cp + 1, endp, base);
>      return simple_strtoull(cp, endp, base);
>  }
>  
> -- 
> 2.43.0
>

Follow-Ups:
- Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1
  - From: Jan Beulich
- Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1
  - From: Demi Marie Obenour

References:
- [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1
  - From: Dmytro Prokopchuk1

Prev by Date: Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1
Next by Date: [PATCH v2] xen/arm: fix arm_iommu_map_page after f9f6b22ab
Previous by thread: Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1
Next by thread: Re: [XEN PATCH] xen/arm: address violation of MISRA C Rule 10.1
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.