Re: Xen reliance on non-standard GCC features

[Roberto Bagnara <roberto.bagnara@xxxxxxxxxxx>]

On 05/06/23 09:35, Jan Beulich wrote:
> On 05.06.2023 07:28, Roberto Bagnara wrote:
> > Finally, Xen seems to rely on explicitly undefined behavior, namely
> > C99 UB 58: "A structure or union is defined as containing no named
> > members (6.7.2.1)." All instances but one occur via macro BUILD_BUG_ON_ZERO,
> > the remaining instance concerns struct
> > `cpu_policy::<anonymous union>::<anonymous struct>::<anonymous union>::<anonymous 
> > struct>'.
> > Reliance on undefined behavior might be hard to justify.
> For starters just a comment here: I'm pretty sure this case was discussed
> before, and that it was agreed that if need be we'd simply add _ as the
> name there. Yet then - how did you notice this? Code inspection? I would
> expect no analysis tool would spot it because it's used for gcc < 4.6
> only. And I doubt you run analysis tools in combination with this old a
> gcc?
It is detected by ECLAIR, but the analysis is based on GCC 12,
and the detection of implementation-defined behaviors (including
predefined macros) is completely automatic, so I don't think there
is any configuration error.

One of the instances arises from

xen/arch/arm/dm.c:50.19-50.37:
all the members of struct `dm_op(const struct dmop_args*)::<anonymous struct>' are 
unnamed (undefined for the C99 standard, ISO/IEC 9899:1999 Annex J.2 item 58: "A structure 
or union is defined as containing no named members (6.7.2.1)." [STD.anonstct]). Tool used 
is `/usr/bin/aarch64-linux-gnu-gcc-12'

and, in turn:

xen/include/xen/lib.h:54.12-54.17: expanded from macro `BUILD_BUG_ON_ZERO'
xen/include/xen/compiler.h:126.3-126.77: expanded from macro `__must_be_array'
xen/include/xen/lib.h:77.53-77.70: expanded from macro `ARRAY_SIZE'

I apologize in advance if I have misunderstood something.
Kind regards,

   Roberto