From 33bad6f0126d785a9bbfd2862a9b6b9dba43e8af Mon Sep 17 00:00:00 2001
From: Alex Waterman <alexw@nvidia.com>
Date: Wed, 8 Aug 2018 14:21:46 -0700
Subject: gpu: nvgpu: Add U64() and U32() macros

These macros exist to make integer literals used in certain arithmetic
operations explicitly large enough to hold the results of that operation.
The following is an example of this.

In MISRA the destination for a bitwise shift must be able to hold the number
of bits shifted. Otherwise the results are undefined. For example:

  256U << 20U

This is valid C code but the results of this _may_ be undefined if the size
of an unsigned by default is less than 24 bits (i.e 16 bits). The MISRA misra
checker sees the 256U and determines that the 256U fits in a 16 bit data type
(i.e a u16). Since a u16 has 16 bits, which is less than 20, this is an
issue.

Of course most compilers these days use 32 bits for the default unsigned type
this is not a requirement. Moreover this name problem could exist like so:

  0xfffffU << 40U

The 0xfffffU is a 32 bit unsigned type; but we are shifting 40 bits which
overflows the 32 bit data type. So in this case we need an explicit cast to
64 bits in order to prevent undefined behavior.

Change-Id: If2433fb8c44df0c714487fa3b6b056fc84570df7
Signed-off-by: Alex Waterman <alexw@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1795391
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vinod Gopalakrishnakurup <vinodg@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/include/nvgpu/types.h | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'drivers/gpu/nvgpu')

diff --git a/drivers/gpu/nvgpu/include/nvgpu/types.h b/drivers/gpu/nvgpu/include/nvgpu/types.h
index 1e243e53..dfa95557 100644
--- a/drivers/gpu/nvgpu/include/nvgpu/types.h
+++ b/drivers/gpu/nvgpu/include/nvgpu/types.h
@@ -30,4 +30,32 @@
 #include <nvgpu_rmos/include/types.h>
 #endif
 
+/*
+ * These macros exist to make integer literals used in certain arithmetic
+ * operations explicitly large enough to hold the results of that operation.
+ * The following is an example of this.
+ *
+ * In MISRA the destination for a bitwise shift must be able to hold the number
+ * of bits shifted. Otherwise the results are undefined. For example:
+ *
+ *   256U << 20U
+ *
+ * This is valid C code but the results of this _may_ be undefined if the size
+ * of an unsigned by default is less than 24 bits (i.e 16 bits). The MISRA
+ * checker sees the 256U and determines that the 256U fits in a 16 bit data type
+ * (i.e a u16). Since a u16 has 16 bits, which is less than 20, this is an
+ * issue.
+ *
+ * Of course most compilers these days use 32 bits for the default unsigned type
+ * this is not a requirement. Moreover this same problem could exist like so:
+ *
+ *   0xfffffU << 40U
+ *
+ * The 0xfffffU is a 32 bit unsigned type; but we are shifting 40 bits which
+ * overflows the 32 bit data type. So in this case we need an explicit cast to
+ * 64 bits in order to prevent undefined behavior.
+ */
+#define U32(x)	((u32)(x))
+#define U64(x)	((u64)(x))
+
 #endif
-- 
cgit v1.2.2