target/riscv: fix undefined operation

Scan-build reports:
	Logic error: Result of operation is garbage or undefined
	riscv.c:1614 The result of the left shift is undefined due
		to shifting by '4294967281', which is greater or
		equal to the width of type 'target_addr_t'

This is a false warning due to clang that considers the impossible
case of 32 bits hart (xlen = 32) in SATP_MODE_SV48 mode
(info->va_bits = 48).
Under such case:
	riscv.c:1614 ... ((target_addr_t)1 << (xlen - (info->va_bits - 1))) ...
the shift amount wraps around the unsigned type and assumes the
value 4294967281 (0xfffffff1).

Use assert() to prevent clang from complaining.

Change-Id: I08fdd2a806c350d061641e28cf15a51b397db099
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7209
Reviewed-by: Tim Newsome <tim@sifive.com>
Reviewed-by: Jan Matyas <matyas@codasip.com>
Tested-by: jenkins

diff --git a/src/target/riscv/riscv.c b/src/target/riscv/riscv.c
index 5444fca01b84696afb5ab2d9dfc33f4a50aa734b..dfd6a3e3d4fd15029ee2e4e7f315563700ee3b73 100644 (file)
--- a/src/target/riscv/riscv.c
+++ b/src/target/riscv/riscv.c
@@ -1607,6 +1607,7 @@ static int riscv_address_translate(struct target *target,
        LOG_DEBUG("virtual=0x%" TARGET_PRIxADDR "; mode=%s", virtual, info->name);
 
        /* verify bits xlen-1:va_bits-1 are all equal */
+       assert(xlen >= info->va_bits);
        target_addr_t mask = ((target_addr_t)1 << (xlen - (info->va_bits - 1))) - 1;
        target_addr_t masked_msbs = (virtual >> (info->va_bits - 1)) & mask;
        if (masked_msbs != 0 && masked_msbs != mask) {