[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Address MISRA C:2012 Rule 8.4

  • To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 7 Aug 2023 09:34:12 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iP3s02LxCbJoWD/kuK4cxD5RNSIhOTrDuWuGo6t7H2U=; b=EMtwnX06x5uue+LWTbvzKrB8Uua4U6YKym/+u4eYGqBMjyCmQB4G4TCWRUcJy0voB/yFJvWwXV6Lisw0Usjo+mpTtM4PSSRlTKmtZcETJOuWptK0AI8pSvzYDExlt6txz9kR4h9Hk6kPTphTv5Md+C8wnSZfC2eL+l5loWUCDxzy6l9rR5OpH3O1zBXBF780MliZh7zwMt+f9LRj6fniH5xii94qosbASimXTcGwMiXMR4iBlD5uCMKMx2cedt3WO9piKWIj/Occu18GB/WKGANWAdEkwy7rd+p7wA48cOiDE/L9+Sggqg0o4IP7cKAxU67t36muO0SV9/KgPWeYHA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VsQO651MKgjCBmtPXIjCAaxMiWuU02jD3AzXC6cPkSlMae2ZwukLWD2DJJ1NNYxaE8P3eAJuJ0cy5idGfMlw8VYZ8wmYSwJo7MdY3cd1BFJ3dpQSwyZsIouAZkRyyaLkOGhTFuMA9yg8UEyAYre1iE3s61zgD1TUijTGVYTihRdHuVTMjkwCLyPBNyap5ykDSmzxiEjXe6/457fsWMH8WSVZpp297lA/Q3+SaMjShlvOztZ1Pa2WPGfl1rWEGemgBRv+ranRqdEawByplxq9x+IzFylFbDWTFFlCsZarfGOceZJ8WJTJeq1ljG8cqzc8Y57BTDbu3RPRs2ntP2jnxA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, xenia.ragiadakou@xxxxxxx, Ayan Kumar Halder <ayankuma@xxxxxxx>, consulting@xxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Mon, 07 Aug 2023 07:34:27 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 04.08.2023 16:00, Nicola Vetrini wrote:
>>
>> Upon further examination, I identified the following patterns:
>>
>> 1. Functions defined in .c called only from asm code (e.g., the
>> already mentioned __start_xen)
>> 2. Functions/variables declared in a .h, defined in a .c that does not
>> include the .h with the declaration
>> (e.g., 'fill_console_start_info' is defined in 'xen/drivers/vga.c',
>> declared in 'xen/include/xen/console.h' which is not visible when
>> compiling the .c).
>> 3. Variables that are either extern or not, such as 'acpi_gbl_FADT' in
>> 'xen/include/acpi/acglobal.h', depending on
>>    DEFINE_ACPI_GLOBALS
>>
>> Below are the proposed resolution strategies:
>>
>> 1. I would advise to add the declaration in the relative .h, to
>> support automatic consistency checks with the
>>    implementation and a quick reference when touching the asm.
>> 2. To comply with the rule, the header with the declaration should be
>> included. Also note that there are some
>>    corner cases, such as 'get_sec', which is used in 'cper.h' without
>> including 'time.h' (which should gain a
>>    declaration for it).
>> 3. One possible resolution pattern is including 'acglobal.h' twice
>> (either directly or indirectly trough acpi.h, if
>>    the latter does not cause other issues) like so:
>>
>>    (assuming DEFINE_ACPI_GLOBALS is undefined here)
>>    #include "acglobal.h"
>>    #define DEFINE_ACPI_GLOBALS
>>    #include  "acglobal.h"
>>
>>   this way, the rule is followed properly, though it's not the
>> prettiest pattern and also clashes with the objectives
>>   of D4.10 ("Precautions shall be taken in order to prevent the
>> contents of a header file being included
>>   more than once"), but then a motivated exception is allowed there.
> 
> One further question is whether functions under 
> 'xen/common/coverage/gcov_base.c' should gain
> a declaration in 'gcov.h' or not, as they exist just for the purpose of 
> being referenced
> by autogenerated profiling code. I see no reason why they shouldn't, but 
> they can also be safely deviated,
> since they are not called by Xen code.

Imo it should be the compiler to provide a prototype for these (much
like it does for builtins), thus ensuring that an implementation
actually matches the compiler's expectations. Yet afaics it doesn't.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.