[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/7] Fix MISRA C 2012 Rule 20.7 violations

  • To: Roberto Bagnara <roberto.bagnara@xxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 19 Sep 2022 11:23:51 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1bD0OXo/TMREN6xJbQBro6A2OazDB4aHvq19+U1c86w=; b=ahbVZanoXfXI7ziXXAI4M22W/dgxqjrfyzEXGENdnws1UVdzAOVtVj0hUtFSXpBzVJhof008XjLye5wmG4i91zUjDG/RNquJg2K8ucfvu4JHoNXoxBX35JN4TkfMDYBVDmP0nUBFe0My8IJE6zSxuRatwHJzdkAF+RJ/i1fnS45V/oLk+XGVGAQWgCUzswrOf2M4P6AEk8SBdPW/ea7V8yQZpuVbTGdcWiHMCdMo4E4QOi4YNbThhGQjt/zJyonRF+3aZRd7h+5dwpu0DfTpukbxtUSA/b/f4aix7FseFA0VMlfja9a5D+AV2ounwA0dJaVxJR//an68ab8ORgfyRA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jwn5EcgWsBEtFnf67jswXuIhlkdjiVycgB5sLhbU3heXF/3pLG9JVKmNycsnnDs4m3/hC9IBk/d2Y2M2doCj7Z6KV1wAuiIcrgotTsGWhvPXIIUlOz/MX2wpB903FZUupOOrPNqMCeRddUuZNARq/+LR1sgYzzD0TOmg629Rmllw7a2NxOTaKlCLgVovm1TmpFR6Pf7GHMqdT6Luupnd3X71HkZOMLLgVQo/WMJqRgSpAbM0/X2OkOUrCjB3Qau6sLWWrXCiwyFVMy+QrX+jqVKPu3qO9ak5VCVpzAsy1cZJQLc92CNBnbyqyAOV9IC9jij9AoByr3ZTEbpDC6rbnA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, burzalodowa@xxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Mon, 19 Sep 2022 09:23:58 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18.09.2022 15:02, Roberto Bagnara wrote:
> On 03/09/22 02:52, Stefano Stabellini wrote:
>> The question is on the interpretation of Rule 20.7. Are parenthesis
>> required by Rule 20.7 in the following cases:
>>
>> - macro parameters used as function arguments
>  > [...]
>  > - macro parameter used as lhs in assignment
> 
> You can obtain different semantics depending on whether parentheses
> are or are not used (in the macro call and/or macro expansion
> depending on the case):
> 
> 
> #include <stdio.h>
> 
> void g(int v) {
>    printf("%d\n", v);
> }
> 
> #define m1(x, y, ...) g(y)
> 
> void f1(int x, int y, ...) {
>    g(y);
> }
> 
> #define p 0, 1
> 
> void test1() {
>    m1(p, 2);
>    f1(p, 2);
> }
> 
> #define m4(x) x = 4
> 
> void f4(int &x) {

Let's focus on C here.

>    x = 4;
> }
> 
> 
> void test4() {
>    int y;
>    int z;
>    z = 3;
>    m4(y = z);
>    printf("%d\n", z);
>    z = 3;
>    f4(y = z);
>    printf("%d\n", z);
> }
> 
> int main() {
>    test1();
>    test4();
> }
> 
>> - macro parameters used as macro arguments
> 
> Please note that Rule 20.7 depends on the final expansion:
> so whether parentheses are or are not used in a certain
> macro body is irrelevant, the point being that, at the
> end of all expansions, expressions resulting from the
> expansion of macro parameters are enclosed in parentheses.
> 
>> - macro parameter used as array index
> 
> This is safe today, but my understanding is that in C++23
> the [] operator will accept more than one expression.
> A similar change might (who knows?) be considered for C26
> or even offered before (intentionally or by mistake) by some
> C compiler.
> 
>> Some of these cases are interesting because they should function
>> correctly even without parenthesis, hence the discussion. In particular
>> parenthesis don't seem necessary at least for the function argument
>> case.
> 
> This is not the right spirit for MISRA compliance: why would you want
> splitting hairs when inserting a pair of parentheses is so easy?

I think I've said so before - too many parentheses harm readability.

> C and C++ are very complex languages, and the MISRA coding standards
> are the result of a (very difficult!) compromise between simplicity
> and effectiveness: rules that are exactly targeted to all and only all
> the problematic instances would be very difficult to express and to remember.
> So, yes: in many cases you might spend time to demonstrate that a particular
> (real) MISRA violation does not imply the existence of a real issue,
> but this time is not well spent.  Critical code must be boring and obviously
> right, in the sense that whomever is reading the code should not be
> distracted by thoughts like "there are no parentheses here: am I sure
> nothing bad can happen?"

I also did indicate before that "(x) = ..." visually (but not
syntactically) can raise the question of whether the left side actually
is an lvalue.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.