[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH 3/4] xen/include: add pure and const attributes

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Simone Ballarin <simone.ballarin@xxxxxxxxxxx>
Date: Mon, 23 Oct 2023 17:23:45 +0200
Cc: consulting@xxxxxxxxxxx, sstabellini@xxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 23 Oct 2023 15:23:58 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 23/10/23 15:34, Jan Beulich wrote:

On 18.10.2023 16:18, Simone Ballarin wrote:

Add const and pure attributes to address reports
of MISRA C:2012 Rule 13.1: Initializer lists shall
not contain persistent side effects

Add pure attribute to function pdx_to_pfn.
Add const attribute to functions generated by TYPE_SAFE.

These functions are used in initializer lists: adding
the attributes ensures that no effect will be performed
by them.


Adding the attribute does, according to my understanding, ensure nothing
The compiler may (but isn't required to) diagnose wrong uses of the
attributes, but it may also make use of the attributes (on the
declaration) without regard to the attribute potentially being wrongly
applied. Since further for inline functions the compiler commonly infers
attributes from the expanded code (discarding the attribute), the only
thing achieved here is a documentation aspect, I think.


Yes, you're right. I will rephrase the commit message.

--- a/xen/include/xen/pdx.h
+++ b/xen/include/xen/pdx.h
@@ -164,7 +164,7 @@ static inline unsigned long pfn_to_pdx(unsigned long pfn)
   * @param pdx Page index
   * @return Obtained pfn after decompressing the pdx
   */
-static inline unsigned long pdx_to_pfn(unsigned long pdx)
+static inline __attribute_pure__ unsigned long pdx_to_pfn(unsigned long pdx)
  {
      return (pdx & pfn_pdx_bottom_mask) |
             ((pdx << pfn_pdx_hole_shift) & pfn_top_mask);


Taking this as an example for what I've said above: The compiler can't
know that the globals used by the functions won't change value. Even
within Xen it is only by convention that these variables are assigned
their values during boot, and then aren't changed anymore. Which makes
me wonder: Did you check carefully that around the time the variables
have their values established, no calls to the functions exist (which
might then be subject to folding)?


There is no need to check that, the GCC documentation explicitly says:

However, functions declared with the pure attribute *can safely read anynon-volatile objects*, and modify the value of objects in a way thatdoes not affect their return value or the observable state of the program.


https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html

Additionally - what about the sibling function pfn_to_pdx()?

Jan


I will add the attribute also to the sibling.

--
Simone Ballarin, M.Sc.

Field Application Engineer, BUGSENG (https://bugseng.com)

Follow-Ups:
- Re: [XEN PATCH 3/4] xen/include: add pure and const attributes
  - From: Jan Beulich

References:
- [XEN PATCH 0/4][for-4.19] xen: address violations of Rule 13.1
  - From: Simone Ballarin
- [XEN PATCH 3/4] xen/include: add pure and const attributes
  - From: Simone Ballarin
- Re: [XEN PATCH 3/4] xen/include: add pure and const attributes
  - From: Jan Beulich

Prev by Date: Re: Refactor arm64/domctl.c 'subarch_do_domctl' to avoid unreachable break.
Next by Date: Re: [XEN PATCH 3/4] xen/include: add pure and const attributes
Previous by thread: Re: [XEN PATCH 3/4] xen/include: add pure and const attributes
Next by thread: Re: [XEN PATCH 3/4] xen/include: add pure and const attributes
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.