[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Wed, 02 Aug 2023 12:01:40 +0200
Cc: sstabellini@xxxxxxxxxx, michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 02 Aug 2023 10:01:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02/08/2023 11:47, Jan Beulich wrote:

On 02.08.2023 10:57, Nicola Vetrini wrote:

The empty feature set 'str_7c1' in 'tools/misc/xen-cpuid.c' causes the
struct declaration to have no named members, hence violating
Rule 1.3:
"There shall be no occurrence of undefined or critical unspecifiedbehaviour"
because it is forbidden by ISO/IEC 9899:1999(E), Section 6.7.2.1.7:
"If the struct-declaration-list contains no named
members, the behavior is undefined."
Given that Xen is using an undocumented GCC extension that specifiesthebehaviour upon defining a struct with no named member, this constructis
well-defined and thus it is marked as safe.


Especially after realizing that I was wrong here (I was under the wrong
impression that we'd generate a struct without members, when it's one
without named members, yet [to me at least] only the former is a known
gcc extension we use), I've sent an alternative proposal. Let's see
whether in particular Andrew considers this acceptable.

Well, I don't know the exact discussion on this in that MISRA meeting(25/07 iirc),but the outcome I'm aware of was to deviate that construct because thereare possiblyothers like that in other configurations/future patches. Anyway, thisusage does notfall under gcc's documented extensions (either the one you mentioned orthe one aboutunnamed fields, 6.63), but it does allow it (has a warning only on-pedantic afaict),

hence why I put undocumented here.

In the meantime, I can test your patch to see if it has no unintendedimpact on other code

w.r.t. Rule 1.3.

Regards,

--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

Follow-Ups:
- Re: [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3
  - From: Jan Beulich

References:
- [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3
  - From: Nicola Vetrini
- Re: [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3
  - From: Jan Beulich

Prev by Date: Re: [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3
Next by Date: [qemu-mainline test] 182096: regressions - FAIL
Previous by thread: Re: [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3
Next by thread: Re: [XEN PATCH v2] x86/cpu-policy: justify a violation of MISRA C:2012 Rule 1.3
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.