armv8m: Don't allow signed integer overflow

Patater · Patater · commit c3b82c7b35e9 · 2017-06-15T14:53:24.000+01:00
To avoid undefined behavior, replace the signed "times" counter with an unsigned one. We don't need to track negative times anyway.

./core/vmpu/src/mpu_armv8m/vmpu_armv8m_unpriv_access.c: In function 'vmpu_unpriv_access':
./core/vmpu/src/mpu_armv8m/vmpu_armv8m_unpriv_access.c:126:1: error: assuming signed overflow does not occur when changing X +- C1 cmp C2 to X cmp C2 -+ C1 [-Werror=strict-overflow]
 }
  ^
  ./core/vmpu/src/mpu_armv8m/vmpu_armv8m_unpriv_access.c:94:10: error: assuming signed overflow does not occur when changing X +- C1 cmp C2 to X cmp C2 -+ C1 [-Werror=strict-overflow]
   uint32_t vmpu_unpriv_access(uint32_t addr, uint32_t size, uint32_t data)
diff --git a/core/vmpu/src/mpu_armv8m/vmpu_armv8m_unpriv_access.c b/core/vmpu/src/mpu_armv8m/vmpu_armv8m_unpriv_access.c
@@ -93,7 +93,7 @@ extern int vmpu_fault_recovery_mpu(uint32_t pc, uint32_t sp, uint32_t fault_addr
 
 uint32_t vmpu_unpriv_access(uint32_t addr, uint32_t size, uint32_t data)
 {
-    int tries = 0;
+    unsigned int tries = 0;
     while(1) {
         if ((vmpu_unpriv_test_range(addr, UVISOR_UNPRIV_ACCESS_SIZE(size)) & (TT_RESP_NSRW_Msk | TT_RESP_SRVALID_Msk)) == (TT_RESP_NSRW_Msk | TT_RESP_SRVALID_Msk)) {
             switch(size) {

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ extern int vmpu_fault_recovery_mpu(uint32_t pc, uint32_t sp, uint32_t fault_addr`
`93`	`93`
`94`	`94`	`uint32_t vmpu_unpriv_access(uint32_t addr, uint32_t size, uint32_t data)`
`95`	`95`	`{`
`96`		`- int tries = 0;`
	`96`	`+ unsigned int tries = 0;`
`97`	`97`	`while(1) {`
`98`	`98`	`if ((vmpu_unpriv_test_range(addr, UVISOR_UNPRIV_ACCESS_SIZE(size)) & (TT_RESP_NSRW_Msk \| TT_RESP_SRVALID_Msk)) == (TT_RESP_NSRW_Msk \| TT_RESP_SRVALID_Msk)) {`
`99`	`99`	`switch(size) {`