Re: [PATCH] xen/dt: Rework the prototype of dt_property_read_string() to help Eclair

[Julien Grall <julien@xxxxxxx>]

Hi Nicola,

On 24/07/2023 13:58, Nicola Vetrini wrote:
> On 24/07/23 12:24, Julien Grall wrote:
> > From: Julien Grall <jgrall@xxxxxxxxxx>
> >
> > Eclair vXXX is unable to prove the parameter out_string will only be
> > used the return of dt_property_read_string() is 0. So it will consider
> > that MISRA C:2012 Rule 9.1 was violated.
> This is not correct: ECLAIR cannot prove that the rule is not violated, 
> and hence emits a caution, because the analysis is sound.
Ok. How about: "So it will not be able to prove that MISR C:2012 Rule 
9.1 wasn't violated"?
> > Rework the prototype so the string is returned and use ERR_PTR() to
> > embed the error code.
> >
> > Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
> >
> > ---
> >
> > The XXX should be replaced with the version of Eclair. Nicola, can you
> > provide it?
> I don't see as valuable mentioning ECLAIR at all, but rather explain 
> what the change is about (encoding the error value as a return value and 
> removing the **out_value parameter).
If Eclair didn't report a caution, then I would not have spent time 
writing this patch.
Also, the point of mentioning the Eclair version is that if someone ever 
want to change the prototype back to where it was (e.g. because another 
tools is unhappy), then we have some details on why it was done and way 
to reproduce. This would avoid endless argument on the ML on whether it 
is safe to revert it.
So overall, the value is not necessarily for today, but for the future 
reader.
Cheers,

--
Julien Grall