[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v6 1/4] xen: introduce SYMBOL
On Wed, 6 Feb 2019, Ian Jackson wrote: > Jan Beulich writes ("Re: [Xen-devel] [PATCH v6 1/4] xen: introduce SYMBOL"): > > On 06.02.19 at 17:37, <ian.jackson@xxxxxxxxxx> wrote: > > > Jan Beulich writes ("Re: [Xen-devel] [PATCH v6 1/4] xen: introduce > > > SYMBOL"): > > >> - it allows the end-of-whatever symbols to also be handed to > > >> functions in a type-safe manner > > > > > > Yes. However... I am OK with this approach. Maybe not the best IMO, but good enough. It should also satisfy the MISRAC guys, as they wrote "ideally cast to uintptr_t only once": here we wouldn't be casting only once, but at least we would do it inside a single well-defined macro. I did manage to convert v4 of the series to this approach before writing this answer -- everything looks plausible and compiles OK. Also, see below. > > >> (we could even have per-instance structure flavors, such that > > >> unrelated "end" symbols can't be mixed up; for example the type > > >> could simply be a structure wrapping a field of the original base > > >> type). > > > > > > I think this would be difficult to achieve without writing a forbidden > > > pointer comparison in the macro. It could perhaps be achieved with > > > typeof() if that is available in hypervisor code. > > > > I'm afraid I don't understand - you want to cast to an integer > > type anyway for doing the comparison. > > The usual approach to haking a macro perform an explicit typecheck > (ie, to have the macro check that the types of its arguments are > right) is to have the macro expansion contain a `spurious' comparison > whose result is ignored but which will yield a compile-type type > mismatch if the argument types were wrong. But this is only legal if > the provenance of the compared pointers is legal for a pointer > comparison. The bad effects of evaluating an UB expression are not > limited by within-program causality. > > > As to typeof() - this being a compiler construct, it is available > > whenever the compiler supports it. We certainly use it > > elsewhere in hypervisor code. > > I think then that > (typeof(X))0 == (typeof(Y))0 > is the correct formulation of the type check - because it is legal no > matter the provenance of X and Y. Thank you, Ian. I think I understand what you are saying. I'll probably leave this out for the next iteration though, but I am happy to add it afterwards. I was thinking of going with two MACROs: +/* + * Performs x - y, returns the original pointer type. To be used when + * either x or y or both are linker symbols. + */ +#define SYMBOLS_SUBTRACT(x, y) ({ \ + __typeof__(*(y)) *ptr_; \ + ptr_ = (typeof(ptr_)) (((uintptr_t)(x) - (uintptr_t)(y)) / sizeof(*(y))); \ + ptr_; \ +}) + +/* + * Performs x - y, returns uintptr_t. To be used when either x or y or + * both are linker symbols. + */ +#define SYMBOLS_COMPARE(x, y) ({ \ + uintptr_t ptr_; \ + ptr_ = ((uintptr_t)(x) - (uintptr_t)(y)) / sizeof(*(y)); \ + ptr_; \ +}) Examples: + new_ptr = SYMBOLS_SUBTRACT(func->old_addr, _start) + vmap_of_xen_text; and: + for ( alt = region->begin; + SYMBOLS_COMPARE(alt, region->end) < 0; + alt++ ) We could also define a third macro such as: #define SYMBOLS_SUBTRACT_INT(x, y) SYMBOLS_COMPARE((x), (y)) because we have many places where we need the result of SYMBOLS_SUBTRACT converted to an integer type. For instance: paddr_t xen_size = (uintptr_t)SYMBOLS_SUBTRAC(_end, _start); _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |