STM32 PCD negative numbers issue #6609
Conversation
|
ST_INTERNAL_REF 43044 |
|
Do not merge as this should be send to master |
|
waiting for approval from @ARMmbed/team-st-mcd |
|
Hi |
|
One reason is to make the code intent clearer. Negative numbers aren't important, what is important is guarding against their use. Looking at the code again, I now think that the driver team is correct because the second and third conditional in the while loop (https://github.com/pauluap/mbed-os/blob/c6ca03df764a16b4a36e5598f881acf601fb9b0f/targets/TARGET_STM/TARGET_STM32F7/device/stm32f7xx_hal_pcd.c#L1320) do protect against probable negative numbers. The possibility that |
|
Ooop, sorry, keeping open to deal with #6599. I'll change to the ilen variant |
…es negative number issues
Compile: stm32f7xx_hal_pcd.c
../targets/TARGET_STM/TARGET_STM32F7/device/stm32f7xx_hal_pcd.c: In function 'PCD_WriteEmptyTxFifo':
../targets/TARGET_STM/TARGET_STM32F7/device/stm32f7xx_hal_pcd.c:1310:11: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (len > ep->maxpacket)
^
../targets/TARGET_STM/TARGET_STM32F7/device/stm32f7xx_hal_pcd.c:1325:13: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (len > ep->maxpacket)
^
pauluap
force-pushed
the
compiler_warning_pcd_unsigned_signed
branch
from
dcd1a3e to
430784b
Compare
| @@ -1300,14 +1300,16 @@ static HAL_StatusTypeDef PCD_WriteEmptyTxFifo(PCD_HandleTypeDef *hpcd, uint32_t | |||
| { | |||
| USB_OTG_GlobalTypeDef *USBx = hpcd->Instance; | |||
| USB_OTG_EPTypeDef *ep; | |||
| int32_t len = 0; | |||
| uint32_t len; | |||
| int32_t ilen; | |||
There was a problem hiding this comment.
Please remove ilen new variable, and just keep len as uint32
|
@jeromecoutant Does this work for you? I also considered dropping the |
| uint32_t len32b; | ||
| uint32_t fifoemptymsk = 0; | ||
|
|
||
| ep = &hpcd->IN_ep[epnum]; | ||
| len = ep->xfer_len - ep->xfer_count; | ||
|
|
||
| if (len > ep->maxpacket) | ||
| if (((int32_t)len > 0) && (len > ep->maxpacket)) |
| @@ -1322,7 +1322,7 @@ static HAL_StatusTypeDef PCD_WriteEmptyTxFifo(PCD_HandleTypeDef *hpcd, uint32_t | |||
| /* Write the FIFO */ | |||
| len = ep->xfer_len - ep->xfer_count; | |||
|
|
|||
| if (len > ep->maxpacket) | |||
| if (((int32_t)len > 0) && (len > ep->maxpacket)) | |||
| @@ -1334,7 +1334,7 @@ static HAL_StatusTypeDef PCD_WriteEmptyTxFifo(PCD_HandleTypeDef *hpcd, uint32_t | |||
| ep->xfer_count += len; | |||
| } | |||
|
|
|||
| if(len <= 0) | |||
| if ((int32_t)len <= 0) | |||
There was a problem hiding this comment.
@jeromecoutant No, I don't think that'll work.
Since len is an uint32_t now, it cannot be less than zero.
That is why I added checks for (int32_t)len > 0) because if ep->xfer_count is greater than ep->xfer_len then len would have its high bit set, and enters the scope that sets len = ep->maxpacket; which is incorrect. The high bit should be preserved so that atomic_clr_u32 is called as expected.
If I make those changes as you suggest, that would change the behavior of the code.
Is my understanding/interpretation wrong?
…ed, remove need for guards
|
Ok, I've made another commit which removes the need for the if guards. I think that the change also makes the point I was trying to make clearer, that the final conditional for |
|
/morph build |
Build : SUCCESSBuild number : 1742 Triggering tests/morph test |
Exporter Build : SUCCESSBuild number : 1376 |
Test : SUCCESSBuild number : 1545 |
|
/morph mbed2-build |
Cherry picked from ARMmbed/mbed-os#6609
Cherry picked from ARMmbed/mbed-os#6609
Description
This issue was initiated by a compiler warning
My first pass at fixing this issue concentrated on the comparison itself. The implementation can be seen at pauluap@c6ca03d
Upon inspection, I determined that there were further problems
https://github.com/pauluap/mbed-os/blob/c6ca03df764a16b4a36e5598f881acf601fb9b0f/targets/TARGET_STM/TARGET_STM32F7/device/stm32f7xx_hal_pcd.c#L1318
The line
len32b = (len + 3) / 4;(and an identical one a bit further on) could end up negative even if the warning message was cleaned up.After thinking about it for a while, I observed that the magnitude of a negative length wasn't important, the essential point is to guard the algorithm from processing negative numbers, so I refactored to make the guard operation more evident and eliminate the need for an signed integer variable.
@jeromecoutant, this is related to #6599
Pull request type
[X ] Fix
[ ] Refactor
[ ] New target
[ ] Feature
[ ] Breaking change