[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] do_multicall and MISRA Rule 8.3

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Fri, 8 Mar 2024 17:59:22 -0800 (PST)
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, federico.serafini@xxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, michal.orzel@xxxxxxx, george.dunlap@xxxxxxxxx
Delivery-date: Sat, 09 Mar 2024 01:59:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

I would like to resurrect this thread and ask other opinions.


On Thu, 23 Nov 2023, Jan Beulich wrote:
> On 22.11.2023 22:46, Stefano Stabellini wrote:
> > Two out of three do_multicall definitions/declarations use uint32_t as
> > type for the "nr_calls" parameters. Change the third one to be
> > consistent with the other two. 
> > 
> > Link: 
> > https://lore.kernel.org/xen-devel/7e3abd4c0ef5127a07a60de1bf090a8aefac8e5c.1692717906.git.federico.serafini@xxxxxxxxxxx/
> > Link: 
> > https://lore.kernel.org/xen-devel/alpine.DEB.2.22.394.2308251502430.6458@ubuntu-linux-20-04-desktop/
> > Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxx>
> > ---
> > Note that a previous discussion showed disagreement between maintainers
> > on this topic. The source of disagreements are that we don't want to
> > change a guest-visible ABI and we haven't properly documented how to use
> > types for guest ABIs.
> > 
> > As an example, fixed-width types have the advantage of being explicit
> > about their size but sometimes register-size types are required (e.g.
> > unsigned long). The C specification says little about the size of
> > unsigned long and today, and we even use unsigned int in guest ABIs
> > without specifying the expected width of unsigned int on the various
> > arches. As Jan pointed out, in Xen we assume sizeof(int) >= 4, but
> > that's not written anywhere as far as I can tell.
> > 
> > I think the appropriate solution would be to document properly our
> > expectations of both fixed-width and non-fixed-width types, and how to
> > use them for guest-visible ABIs.
> > 
> > In this patch I used uint32_t for a couple of reasons:
> > - until we have better documentation, I feel more confident in using
> >   explicitly-sized integers in guest-visible ABIs
> 
> I disagree with this way of looking at it. Guests don't invoke these
> functions directly, and our assembly code sitting in between already is
> expected to (and does) guarantee that (in the case here) unsigned int
> would be okay to use (as would be unsigned long, but at least on x86
> that's slightly less efficient), in line with what ./CODING_STYLE says.
> 
> Otoh structure definitions in the public interface of course need to
> use fixed with types (and still doesn't properly do so in a few cases).
> 
> Jan
>

Follow-Ups:
- Re: [PATCH] do_multicall and MISRA Rule 8.3
  - From: George Dunlap

Prev by Date: Re: [XEN PATCH v2 6/7] x86/irq: parenthesize negative constants
Next by Date: [xen-unstable bisection] complete test-amd64-amd64-livepatch
Previous by thread: [linux-linus test] 184942: tolerable FAIL - PUSHED
Next by thread: Re: [PATCH] do_multicall and MISRA Rule 8.3
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.