@@ -1602,7 +1602,7 @@ void qmp_memsave(int64_t addr, int64_t size, const char *filename,
bool has_cpu, int64_t cpu_index, Error **errp)
{
FILE *f;
- uint32_t l;
+ size_t l;
CPUState *cpu;
uint8_t buf[1024];
int64_t orig_addr = addr, orig_size = size;
@@ -2555,7 +2555,7 @@ print_insn_cris_generic (bfd_vma memaddr,
disassemble_info *info,
bfd_boolean with_reg_prefix)
{
- int nbytes;
+ unsigned int nbytes;
unsigned int insn;
const struct cris_opcode *matchedp;
int advance = 0;
@@ -287,7 +287,8 @@ print_insn_s390 (bfd_vma memaddr, struct disassemble_info *info)
const struct s390_opcode *opcode;
const struct s390_opcode *opcode_end;
unsigned int value;
- int status, opsize, bufsize;
+ int status;
+ unsigned int opsize, bufsize;
char separator;
if (init_flag == 0)
@@ -2031,7 +2031,7 @@ print_insn_sh (bfd_vma memaddr, struct disassemble_info *info)
if (disp_pc && strcmp (op->name, "mova") != 0)
{
- int size;
+ unsigned int size;
bfd_byte bytes[4];
if (relmask == ~(bfd_vma) 1)
@@ -22,7 +22,7 @@ int dma_memory_set(AddressSpace *as, dma_addr_t addr, uint8_t c, dma_addr_t len)
#define FILLBUF_SIZE 512
uint8_t fillbuf[FILLBUF_SIZE];
- int l;
+ dma_addr_t l;
bool error = false;
memset(fillbuf, c, FILLBUF_SIZE);
@@ -2449,9 +2449,10 @@ MemoryRegion *get_system_io(void)
/* physical memory access (slow version, mainly for debug) */
#if defined(CONFIG_USER_ONLY)
int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
- uint8_t *buf, int len, int is_write)
+ uint8_t *buf, hwaddr len, int is_write)
{
- int l, flags;
+ hwaddr l;
+ int flags;
target_ulong page;
void * p;
@@ -2508,7 +2509,7 @@ static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
}
-static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
+static hwaddr memory_access_size(MemoryRegion *mr, hwaddr l, hwaddr addr)
{
unsigned access_size_max = mr->ops->valid.max_access_size;
@@ -2562,7 +2563,7 @@ static bool prepare_mmio_access(MemoryRegion *mr)
static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs,
const uint8_t *buf,
- int len, hwaddr addr1,
+ hwaddr len, hwaddr addr1,
hwaddr l, MemoryRegion *mr)
{
uint8_t *ptr;
@@ -2633,7 +2634,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
}
MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
- const uint8_t *buf, int len)
+ const uint8_t *buf, hwaddr len)
{
hwaddr l;
hwaddr addr1;
@@ -2655,7 +2656,7 @@ MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
/* Called within RCU critical section. */
MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs, uint8_t *buf,
- int len, hwaddr addr1, hwaddr l,
+ hwaddr len, hwaddr addr1, hwaddr l,
MemoryRegion *mr)
{
uint8_t *ptr;
@@ -2723,7 +2724,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
}
MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
- MemTxAttrs attrs, uint8_t *buf, int len)
+ MemTxAttrs attrs, uint8_t *buf, hwaddr len)
{
hwaddr l;
hwaddr addr1;
@@ -2743,7 +2744,7 @@ MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
}
MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
- uint8_t *buf, int len, bool is_write)
+ uint8_t *buf, hwaddr len, bool is_write)
{
if (is_write) {
return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
@@ -2753,7 +2754,7 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
}
void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
- int len, int is_write)
+ hwaddr len, int is_write)
{
address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
buf, len, is_write);
@@ -2803,12 +2804,12 @@ static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
/* used for ROM loading : can write in RAM and ROM */
void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
- const uint8_t *buf, int len)
+ const uint8_t *buf, hwaddr len)
{
cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
}
-void cpu_flush_icache_range(hwaddr start, int len)
+void cpu_flush_icache_range(hwaddr start, hwaddr len)
{
/*
* This function should do the same thing as an icache flush that was
@@ -3649,14 +3650,14 @@ void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
/* virtual memory access for debug (includes writing to ROM) */
int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
- uint8_t *buf, int len, int is_write)
+ uint8_t *buf, hwaddr len, int is_write)
{
- int l;
+ hwaddr l;
hwaddr phys_addr;
target_ulong page;
while (len > 0) {
- int asidx;
+ hwaddr asidx;
MemTxAttrs attrs;
page = addr & TARGET_PAGE_MASK;
@@ -42,7 +42,8 @@
#endif
static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
- uint8_t *buf, int len, bool is_write)
+ uint8_t *buf, hwaddr len,
+ bool is_write)
{
CPUClass *cc = CPU_GET_CLASS(cpu);
@@ -290,7 +290,7 @@ static void set_kernel_args(const struct arm_boot_info *info)
}
if (info->atag_board) {
/* ATAG_BOARD */
- int atag_board_len;
+ unsigned int atag_board_len;
uint8_t atag_board_buf[0x1000];
atag_board_len = (info->atag_board(info, atag_board_buf) + 3) & ~3;
@@ -248,7 +248,7 @@ static void eth_send(mv88w8618_eth_state *s, int queue_index)
mv88w8618_tx_desc desc;
uint32_t next_desc;
uint8_t buf[2048];
- int len;
+ unsigned int len;
do {
eth_tx_desc_get(desc_addr, &desc);
@@ -64,7 +64,7 @@ static void mv88w8618_audio_callback(void *opaque, int free_out, int free_in)
int16_t *codec_buffer;
int8_t buf[4096];
int8_t *mem_buffer;
- int pos, block_size;
+ unsigned int pos, block_size;
if (!(s->playback_mode & MP_AUDIO_PLAYBACK_EN)) {
return;
@@ -195,7 +195,7 @@ static void ac97_in_cb(void *opaque, int avail_b)
}
while (temp) {
- int acquired, to_copy;
+ unsigned int acquired, to_copy;
to_copy = audio_MIN(temp, sizeof(buf));
acquired = AUD_read(s->voice_in, buf, to_copy);
@@ -238,7 +238,7 @@ static void ac97_out_cb(void *opaque, int free_b)
}
while (temp) {
- int copied, to_copy;
+ unsigned int copied, to_copy;
to_copy = audio_MIN(temp, sizeof(buf));
cpu_physical_memory_read(addr, buf, to_copy);
@@ -293,9 +293,9 @@ static void iommu_bad_addr(IOMMUState *s, hwaddr addr,
}
void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int is_write)
+ uint8_t *buf, hwaddr len, int is_write)
{
- int l;
+ hwaddr l;
uint32_t flags;
hwaddr page, phys_addr;
@@ -194,7 +194,7 @@ static void dp8393x_update_irq(dp8393xState *s)
static void dp8393x_do_load_cam(dp8393xState *s)
{
uint16_t data[8];
- int width, size;
+ unsigned int width, size;
uint16_t index = 0;
width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
@@ -236,7 +236,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
static void dp8393x_do_read_rra(dp8393xState *s)
{
uint16_t data[8];
- int width, size;
+ unsigned int width, size;
/* Read memory */
width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
@@ -347,8 +347,8 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
{
NetClientState *nc = qemu_get_queue(s->nic);
uint16_t data[12];
- int width, size;
- int tx_len, len;
+ unsigned int width, size;
+ unsigned int tx_len, len;
uint16_t i;
width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
@@ -148,8 +148,8 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
{
uint32_t addr;
mcf_fec_bd bd;
- int frame_size;
- int len;
+ unsigned int frame_size;
+ unsigned int len;
uint8_t frame[FEC_MAX_FRAME_SIZE];
uint8_t *ptr;
@@ -26,33 +26,34 @@
*
*/
static inline void
-vmw_shmem_read(hwaddr addr, void *buf, int len)
+vmw_shmem_read(hwaddr addr, void *buf, hwaddr len)
{
- VMW_SHPRN("SHMEM r: %" PRIx64 ", len: %d to %p", addr, len, buf);
+ VMW_SHPRN("SHMEM r: %" PRIx64 ", len: %" PRIu64 " to %p", addr, len, buf);
cpu_physical_memory_read(addr, buf, len);
}
static inline void
-vmw_shmem_write(hwaddr addr, void *buf, int len)
+vmw_shmem_write(hwaddr addr, void *buf, hwaddr len)
{
- VMW_SHPRN("SHMEM w: %" PRIx64 ", len: %d to %p", addr, len, buf);
+ VMW_SHPRN("SHMEM w: %" PRIx64 ", len: %" PRIu64 " to %p", addr, len, buf);
cpu_physical_memory_write(addr, buf, len);
}
static inline void
-vmw_shmem_rw(hwaddr addr, void *buf, int len, int is_write)
+vmw_shmem_rw(hwaddr addr, void *buf, hwaddr len, int is_write)
{
- VMW_SHPRN("SHMEM r/w: %" PRIx64 ", len: %d (to %p), is write: %d",
+ VMW_SHPRN("SHMEM r/w: %" PRIx64 ", len: %" PRIu64 " (to %p), is write: %d",
addr, len, buf, is_write);
cpu_physical_memory_rw(addr, buf, len, is_write);
}
static inline void
-vmw_shmem_set(hwaddr addr, uint8_t val, int len)
+vmw_shmem_set(hwaddr addr, uint8_t val, hwaddr len)
{
int i;
- VMW_SHPRN("SHMEM set: %" PRIx64 ", len: %d (value 0x%X)", addr, len, val);
+ VMW_SHPRN("SHMEM set: %" PRIx64 ", len: %" PRIu64 " (value 0x%X)", addr,
+ len, val);
for (i = 0; i < len; i++) {
cpu_physical_memory_write(addr + i, &val, 1);
@@ -203,8 +203,8 @@ static void xgmac_write_desc(XgmacState *s, struct desc *d, int rx)
static void xgmac_enet_send(XgmacState *s)
{
struct desc bd;
- int frame_size;
- int len;
+ unsigned int frame_size;
+ unsigned int len;
uint8_t frame[8192];
uint8_t *ptr;
@@ -427,7 +427,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
VirtioCcwDevice *dev = sch->driver_data;
VirtIODevice *vdev = virtio_ccw_get_vdev(sch);
bool check_len;
- int len;
+ hwaddr len;
hwaddr hw_len;
VirtioThinintInfo *thinint;
@@ -283,6 +283,6 @@ void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf);
#endif /* !CONFIG_USER_ONLY */
int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
- uint8_t *buf, int len, int is_write);
+ uint8_t *buf, hwaddr len, int is_write);
#endif /* CPU_ALL_H */
@@ -72,14 +72,14 @@ void qemu_ram_unset_idstr(ram_addr_t addr);
const char *qemu_ram_get_idstr(RAMBlock *rb);
void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
- int len, int is_write);
+ hwaddr len, int is_write);
static inline void cpu_physical_memory_read(hwaddr addr,
- void *buf, int len)
+ void *buf, hwaddr len)
{
cpu_physical_memory_rw(addr, buf, len, 0);
}
static inline void cpu_physical_memory_write(hwaddr addr,
- const void *buf, int len)
+ const void *buf, hwaddr len)
{
cpu_physical_memory_rw(addr, (void *)buf, len, 1);
}
@@ -126,8 +126,8 @@ void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val);
#endif
void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
- const uint8_t *buf, int len);
-void cpu_flush_icache_range(hwaddr start, int len);
+ const uint8_t *buf, hwaddr len);
+void cpu_flush_icache_range(hwaddr start, hwaddr len);
extern struct MemoryRegion io_mem_rom;
extern struct MemoryRegion io_mem_notdirty;
@@ -1234,7 +1234,7 @@ void address_space_destroy(AddressSpace *as);
*/
MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs, uint8_t *buf,
- int len, bool is_write);
+ hwaddr len, bool is_write);
/**
* address_space_write: write to address space.
@@ -1250,7 +1250,7 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
*/
MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs,
- const uint8_t *buf, int len);
+ const uint8_t *buf, hwaddr len);
/* address_space_ld*: load from an address space
* address_space_st*: store to an address space
@@ -1385,10 +1385,10 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
/* Internal functions, part of the implementation of address_space_read. */
MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs, uint8_t *buf,
- int len, hwaddr addr1, hwaddr l,
+ hwaddr len, hwaddr addr1, hwaddr l,
MemoryRegion *mr);
MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
- MemTxAttrs attrs, uint8_t *buf, int len);
+ MemTxAttrs attrs, uint8_t *buf, hwaddr len);
void *qemu_get_ram_ptr(ram_addr_t addr);
static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
@@ -1416,7 +1416,7 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
*/
static inline __attribute__((__always_inline__))
MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
- uint8_t *buf, int len)
+ uint8_t *buf, hwaddr len)
{
MemTxResult result = MEMTX_OK;
hwaddr l, addr1;
@@ -9,17 +9,17 @@
/* iommu.c */
void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int is_write);
+ uint8_t *buf, hwaddr len, int is_write);
static inline void sparc_iommu_memory_read(void *opaque,
hwaddr addr,
- uint8_t *buf, int len)
+ uint8_t *buf, hwaddr len)
{
sparc_iommu_memory_rw(opaque, addr, buf, len, 0);
}
static inline void sparc_iommu_memory_write(void *opaque,
hwaddr addr,
- uint8_t *buf, int len)
+ uint8_t *buf, hwaddr len)
{
sparc_iommu_memory_rw(opaque, addr, buf, len, 1);
}
@@ -149,7 +149,7 @@ typedef struct CPUClass {
int is_write, int is_user, uintptr_t retaddr);
bool (*virtio_is_big_endian)(CPUState *cpu);
int (*memory_rw_debug)(CPUState *cpu, vaddr addr,
- uint8_t *buf, int len, bool is_write);
+ uint8_t *buf, hwaddr len, bool is_write);
void (*dump_state)(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
int flags);
void (*dump_statistics)(CPUState *cpu, FILE *f,
@@ -1703,7 +1703,7 @@ void kvm_set_sigmask_len(KVMState *s, unsigned int sigmask_len)
}
static void kvm_handle_io(uint16_t port, MemTxAttrs attrs, void *data, int direction,
- int size, uint32_t count)
+ unsigned int size, uint32_t count)
{
int i;
uint8_t *ptr = data;
@@ -1175,7 +1175,8 @@ static void monitor_printc(Monitor *mon, int c)
static void memory_dump(Monitor *mon, int count, int format, int wsize,
hwaddr addr, int is_physical)
{
- int l, line_size, i, max_digits, len;
+ hwaddr l, line_size, i, len;
+ int max_digits;
uint8_t buf[16];
uint64_t v;
@@ -68,7 +68,7 @@ static void __bufread(uint8_t *buf, ssize_t len)
}
MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
- uint8_t *buf, int len, bool is_write)
+ uint8_t *buf, hwaddr len, bool is_write)
{
MemTxResult result;
@@ -422,7 +422,7 @@ static bool lowprot_enabled(const CPUS390XState *env)
* translate_pages: Translate a set of consecutive logical page addresses
* to absolute addresses
*/
-static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages,
+static int translate_pages(S390CPU *cpu, vaddr addr, unsigned int nr_pages,
target_ulong *pages, bool is_write)
{
bool lowprot = is_write && lowprot_enabled(&cpu->env);
@@ -466,7 +466,7 @@ static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages,
int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf,
int len, bool is_write)
{
- int currlen, nr_pages, i;
+ unsigned int currlen, nr_pages, i;
target_ulong *pages;
int ret;
@@ -522,7 +522,7 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUSPARCState *env);
#if !defined(TARGET_SPARC64) && !defined(CONFIG_USER_ONLY)
int sparc_cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
- uint8_t *buf, int len, bool is_write);
+ uint8_t *buf, hwaddr len, bool is_write);
#endif
@@ -358,13 +358,13 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUSPARCState *env)
* that the sparc ABI is followed.
*/
int sparc_cpu_memory_rw_debug(CPUState *cs, vaddr address,
- uint8_t *buf, int len, bool is_write)
+ uint8_t *buf, hwaddr len, bool is_write)
{
SPARCCPU *cpu = SPARC_CPU(cs);
CPUSPARCState *env = &cpu->env;
target_ulong addr = address;
- int i;
- int len1;
+ unsigned int i;
+ hwaddr len1;
int cwp = env->cwp;
if (!is_write) {
When looking at address_space_read_continue I noticed the 'len' variable was a signed int, while it clearly should be a hwaddr or some other unsigned type. I started looking around and saw that this error had spread all over the code. I replaced the signed int by their unsigned counterparts as much as possible. If this patch goes in, I may keep working on some other type errors I saw. Signed-off-by: Martin Galvan <martin.galvan@tallertechnologies.com> --- cpus.c | 2 +- disas/cris.c | 2 +- disas/s390.c | 3 ++- disas/sh4.c | 2 +- dma-helpers.c | 2 +- exec.c | 29 +++++++++++++++-------------- gdbstub.c | 3 ++- hw/arm/boot.c | 2 +- hw/arm/musicpal.c | 2 +- hw/audio/marvell_88w8618.c | 2 +- hw/audio/milkymist-ac97.c | 4 ++-- hw/dma/sun4m_iommu.c | 4 ++-- hw/net/dp8393x.c | 8 ++++---- hw/net/mcf_fec.c | 4 ++-- hw/net/vmware_utils.h | 17 +++++++++-------- hw/net/xgmac.c | 4 ++-- hw/s390x/virtio-ccw.c | 2 +- include/exec/cpu-all.h | 2 +- include/exec/cpu-common.h | 10 +++++----- include/exec/memory.h | 10 +++++----- include/hw/sparc/sun4m.h | 6 +++--- include/qom/cpu.h | 2 +- kvm-all.c | 2 +- monitor.c | 3 ++- scripts/coverity-model.c | 2 +- target-s390x/mmu_helper.c | 4 ++-- target-sparc/cpu.h | 2 +- target-sparc/mmu_helper.c | 6 +++--- 28 files changed, 73 insertions(+), 68 deletions(-)