Date: Tue, 8 Nov 2011 00:02:52 GMT From: Alexander Best <arundel@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/162366: [ath] several shifts overflowing in sys/dev/ath code Message-ID: <201111080002.pA802quv069245@red.freebsd.org> Resent-Message-ID: <201111080010.pA80A67L004633@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 162366
>Category: kern
>Synopsis: [ath] several shifts overflowing in sys/dev/ath code
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 08 00:10:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Alexander Best
>Release: 10.0-CURRENT
>Organization:
>Environment:
FreeBSD otaku 10.0-CURRENT FreeBSD 10.0-CURRENT #6: Fri Nov 4 14:33:13 CET 2011 arundel@otaku:/usr/obj/usr/git-freebsd-head/sys/ARUNDEL amd64
>Description:
clang warns about several shift overflows in sys/dev/ath code:
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ar5210/ar5210_power.c:36:3: warning: signed shift result (0x200000000) requires 35 bits to represent, but 'int' only has 32 bits [-Wshift-overflow]
OS_REG_RMW_FIELD(ah, AR_SCR, AR_SCR_SLE, AR_SCR_SLE_ALLOW);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ah_internal.h:471:42: note: expanded from macro 'OS_REG_RMW_FIELD'
(OS_REG_READ(_a, _r) &~ (_f)) | (((_v) << _f##_S) & (_f)))
^
/usr/git-freebsd-head/sys/dev/ath/ah_osdep.h:127:49: note: expanded from macro 'OS_REG_WRITE'
(bus_space_handle_t)(_ah)->ah_sh, (_reg), (_val))
^~~~
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ar5210/ar5210_power.c:90:3: warning: signed shift result (0x100000000) requires 34 bits to represent, but 'int' only has 32 bits [-Wshift-overflow]
OS_REG_RMW_FIELD(ah, AR_SCR, AR_SCR_SLE, AR_SCR_SLE_SLP);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ah_internal.h:471:42: note: expanded from macro 'OS_REG_RMW_FIELD'
(OS_REG_READ(_a, _r) &~ (_f)) | (((_v) << _f##_S) & (_f)))
^
/usr/git-freebsd-head/sys/dev/ath/ah_osdep.h:127:49: note: expanded from macro 'OS_REG_WRITE'
(bus_space_handle_t)(_ah)->ah_sh, (_reg), (_val))
^~~~
2 warnings generated.
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ar5211/ar5211_power.c:79:3: warning: signed shift result (0x100000000) requires 34 bits to represent, but 'int' only has 32 bits [-Wshift-overflow]
OS_REG_RMW_FIELD(ah, AR_SCR, AR_SCR_SLE, AR_SCR_SLE_SLP);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ah_internal.h:471:42: note: expanded from macro 'OS_REG_RMW_FIELD'
(OS_REG_READ(_a, _r) &~ (_f)) | (((_v) << _f##_S) & (_f)))
^
/usr/git-freebsd-head/sys/dev/ath/ah_osdep.h:127:49: note: expanded from macro 'OS_REG_WRITE'
(bus_space_handle_t)(_ah)->ah_sh, (_reg), (_val))
^~~~
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ar5211/ar5211_power.c:92:3: warning: signed shift result (0x200000000) requires 35 bits to represent, but 'int' only has 32 bits [-Wshift-overflow]
OS_REG_RMW_FIELD(ah, AR_SCR, AR_SCR_SLE, AR_SCR_SLE_NORM);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/git-freebsd-head/sys/dev/ath/ath_hal/ah_internal.h:471:42: note: expanded from macro 'OS_REG_RMW_FIELD'
(OS_REG_READ(_a, _r) &~ (_f)) | (((_v) << _f##_S) & (_f)))
^
/usr/git-freebsd-head/sys/dev/ath/ah_osdep.h:127:49: note: expanded from macro 'OS_REG_WRITE'
(bus_space_handle_t)(_ah)->ah_sh, (_reg), (_val))
^~~~
2 warnings generated.
dimitry andric explained in [1] that at least the first case appears to be a real bug and not a bogus compiler warning. the other cases need to be investigated in detail, too.
[1] http://lists.freebsd.org/pipermail/freebsd-toolchain/2011-November/000282.html
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111080002.pA802quv069245>