[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 9/9] xen: add SAF deviation for safe cast removal.


  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 18 Dec 2023 09:18:04 +0100
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Simone Ballarin <simone.ballarin@xxxxxxxxxxx>, Maria Celeste Cesario <maria.celeste.cesario@xxxxxxxxxxx>, consulting@xxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 18 Dec 2023 08:18:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15.12.2023 22:02, Stefano Stabellini wrote:
> On Fri, 15 Dec 2023, Jan Beulich wrote:
>> On 14.12.2023 23:04, Stefano Stabellini wrote:
>>> On Thu, 14 Dec 2023, Jan Beulich wrote:
>>>> On 14.12.2023 13:07, Simone Ballarin wrote:
>>>>> --- a/docs/misra/safe.json
>>>>> +++ b/docs/misra/safe.json
>>>>> @@ -28,6 +28,14 @@
>>>>>          },
>>>>>          {
>>>>>              "id": "SAF-3-safe",
>>>>> +            "analyser": {
>>>>> +                "eclair": "MC3R1.R11.8"
>>>>> +            },
>>>>> +            "name": "MC3R1.R11.8: removal of const qualifier to comply 
>>>>> with function signature",
>>>>> +            "text": "It is safe to cast away const qualifiers to comply 
>>>>> with function signature if the function does not modify the pointee."
>>>>
>>>> I'm not happy with this description, as it invites for all sorts of abuse.
>>>> Yet I'm also puzzled that ...
>>>
>>> We can improve the language but the concept would still be the same. For
>>> instance:
>>>
>>> A single function might or might not modify the pointee depending on
>>> other function parameters (for instance a single function that could
>>> either read or write depending on how it is called). It is safe to cast
>>> away const qualifiers when passing a parameter to a function of this
>>> type when the other parameters are triggering a read-only operation.
>>
>> Right, but I think the next here needs to be setting as tight boundaries
>> as possible: It should cover only this one specific pattern. Anything
>> else would better get its own deviation, imo.
> 
> OK. What about:
> 
> A single function might or might not modify the pointee depending on
> other function parameters, for instance a common pattern is to implement
> one function that could either read or write depending on how it is
> called. It is safe to cast away const qualifiers when passing a
> parameter to a function following this pattern when the other parameters
> are triggering a read-only operation.
> 
> Feel free to suggest a better wording.

Well, my point was to get rid of "for instance" and "common pattern" (and
anything alike). E.g.:

"A single function could either read or write through a passed in pointer,
 depending on how it is called. It is deemed safe to cast away a const
 qualifier when passing a pointer to such a function, when the other
 parameters guarantee read-only operation."

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.