[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS

To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Mon, 11 Sep 2023 08:43:54 +0200
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eG7hUo5YGTwMY0DH1KhehTwmT+En0n3bTKDM1VfDERw=; b=iL6hJ213wNJ18D8AnZgTSHdxH879k+qoDJJMOmsO8TkDp/UcikZO7cPUfh1l1TULatFtk0cy7/CqFild0CAQYMozuOF2l/uJmYUKuCnrjqYr1hE+SEV96HAz50kdME0ZWjwQuyKsGF6ICErywag1UO6JHq6VUMj1qRjg8bDmV154k70UWDe28780eYYwFkJmLMRHytinmvpUaoU6a+PCHOmmpNG6X58w48mmk8QP2KQ8r5h4Sa1CorLitdFLWtuvKfqb/v94NgtFHvsgEilfWyWhSSakpkiZHW5lYujhP7U9BALLvteuL9xYHUoFOsGRbYEDKZlT4y+/AR1y7wzFfg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aSBbobD8mE/XjEnOvY0wz902B2r4t0pWYzWDqWlP3IHmgEeiLLuq0qial78faoaY5YfH1HZwWpkP2963hhePK1RAMiGYXqQfr2e805dWBl7K3JiXkZWSKnUUhE7SXEBDHV70frdcTefbfiWNNiSK+rv25s9SPut7WxptBiq5JLs9ufDRxy0X6uS6DbyHc9uHPDUpnwc+/9hTmol2d5OsdEe3cwtb+wj8XvxrVCkWiikY/x5p6t0AGHm2YrFpsiSb6llh9dN6cB0hlRLCmJboLVfdt1f+1FTYQD34C6xzCsFa3A7MHJ3OS/f85bSBeBBwzQz04JqcpRBg412MiHlb3g==
Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
Cc: michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Mon, 11 Sep 2023 06:44:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 08.09.2023 17:09, Nicola Vetrini wrote:
> On 08/09/2023 16:53, Nicola Vetrini wrote:
>> On 08/09/2023 13:59, Jan Beulich wrote:
>>> On 08.09.2023 13:57, Jan Beulich wrote:
>>>> On 08.09.2023 10:48, Nicola Vetrini wrote:
>>>>> There is a build error due to -Werror because of a pointer 
>>>>> comparison at
>>>>> line 469 of common/numa.c:
>>>>> i = min(PADDR_BITS, BITS_PER_LONG - 1);
>>>>> where
>>>>> #define PADDR_BITS              52
>>>>>
>>>>> I guess PADDR_BITS can become unsigned or gain a cast
>>>>
>>>> While generally converting constants to unsigned comes with a certain
>>>> risk, I think for this (and its siblings) this ought to be okay. As 
>>>> to
>>>> the alternative of a cast - before considering that, please consider
>>>> e.g. adding 0u (as we do elsewhere in the code base to deal with such
>>>> cases).
>>>
>>> And just after sending I realized that this would still be disliked by
>>> Misra's type system. (Much like then aiui the 1 above will need to
>>> become 1u. Which is all pretty horrible.)
>>
>> I have a proposal: in our tests we enabled an ECLAIR configuration
>> that allows to bypass the
>> constraint imposed by Rule 10.4 that warrants the 1U iff the value is
>> constant and both types
>> can represent it correctly (in this case BITS_PER_LONG -1). This would
>> allow using the proposed
>> solution and documenting why it's ok not to respect R10.4. What do you 
>> think?

I'd definitely prefer us using such a model, yes.

> And perhaps also use min_t instead of min, so that the typecheck can be 
> avoided.

Already the wording you use suggests a problem: min() is using a type check
for a reason (and that check is actually guaranteeing that some other of
the Misra rules isn't violated, aiui), so we would better not try to "avoid"
its use. There are certainly rare cases where using min() / max() would be
unwieldy, hence why we have min_t() / max_t(), but imo wherever reasonably
possible we ought to use the type-checking variants.

Jan

References:
- [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Nicola Vetrini
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Jan Beulich
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Nicola Vetrini
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Jan Beulich
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Nicola Vetrini
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Jan Beulich
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Stefano Stabellini
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Nicola Vetrini
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Jan Beulich
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Jan Beulich
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Nicola Vetrini
- Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
  - From: Nicola Vetrini

Prev by Date: [PATCH] include: make domain_page.h's stubs properly use type-unsafe MFN <-> virt helpers
Next by Date: Re: Xen 4.18 release: Reminder about feature/code freeze
Previous by thread: Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
Next by thread: Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.