From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: xen-devel@lists.xenproject.org
Cc: sstabellini@kernel.org, michal.orzel@amd.com,
xenia.ragiadakou@amd.com, ayan.kumar.halder@amd.com,
consulting@bugseng.com, Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>, Julien Grall <julien@xen.org>,
Wei Liu <wl@xen.org>
Subject: Re: [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS
Date: Wed, 04 Oct 2023 15:23:02 +0200 [thread overview]
Message-ID: <6495ba58bda01eae1f4baa46096424eb@bugseng.com> (raw)
In-Reply-To: <b3aaaf5265c7e7ce6228ba2146f57aaae09f55e6.1693899008.git.nicola.vetrini@bugseng.com>
On 05/09/2023 09:31, Nicola Vetrini wrote:
> Given its use in the declaration
> 'DECLARE_BITMAP(features, IOMMU_FEAT_count)' the argument
> 'bits' has essential type 'enum iommu_feature', which is not
> allowed by the Rule as an operand to the addition operator.
> Given that its value can be represented by a signed integer,
> the explicit cast resolves the violation.
>
> Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
> ---
> xen/include/xen/types.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/xen/include/xen/types.h b/xen/include/xen/types.h
> index aea259db1ef2..2ff8f243908d 100644
> --- a/xen/include/xen/types.h
> +++ b/xen/include/xen/types.h
> @@ -23,7 +23,7 @@ typedef signed long ssize_t;
> typedef __PTRDIFF_TYPE__ ptrdiff_t;
>
> #define BITS_TO_LONGS(bits) \
> - (((bits)+BITS_PER_LONG-1)/BITS_PER_LONG)
> + (((int)(bits)+BITS_PER_LONG-1)/BITS_PER_LONG)
> #define DECLARE_BITMAP(name,bits) \
> unsigned long name[BITS_TO_LONGS(bits)]
Revisiting this thread after a while: I did some digging and changing
the essential type of
BITS_TO_LONGS to unsigned
#define BYTES_PER_LONG (_AC(1, U) << LONG_BYTEORDER)
#define BITS_PER_LONG (BYTES_PER_LONG << 3)
[...]
#define BITS_TO_LONGS(bits) \
(((bits) + BITS_PER_LONG - 1U) / BITS_PER_LONG)
#define DECLARE_BITMAP(name,bits) \
unsigned long name[BITS_TO_LONGS(bits)]
leads to a whole lot of issues due to the extensive usage of these
macros
(BITS_TO_LONGS, BITS_PER_LONG) in comparisons with e.g. the macros
min/max.
The comments made in this series to the patch do have value (e.g.
BITS_TO_LONGS should be
expected to have only a positive argument), but ultimately the changes
required in order to
do this and respect all other constraints (either in the form of MISRA
rules or gcc warnings)
is far too broad to be tackled by a single patch.
Notable examples of such consequences:
There is a build error due to -Werror because of a pointer comparison at
line 469 of common/numa.c:
i = min(PADDR_BITS, BITS_PER_LONG - 1);
where
#define PADDR_BITS 52
if x86's PADDR_BITS becomes unsigned, then other issues arise, such as:
xenheap_bits = min(flsl(mfn + 1) - 1 + PAGE_SHIFT, PADDR_BITS);
here the type of flsl is int, so either flsl should become unsigned too,
or the second
argument should be suitably modified.
In the end, the modification that solves a lot of violations (due to
this being inside an header, though it's a single place to be modified)
is this:
DECLARE_BITMAP(features, (int)IOMMU_FEAT_count)
If, as it has been argued, BITS_TO_LONGS really needs to become
unsigned, then a more general
rethinking of the types involved needs to happen.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
next prev parent reply other threads:[~2023-10-04 13:23 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-05 7:31 [XEN PATCH] xen/types: address Rule 10.1 for macro BITS_TO_LONGS Nicola Vetrini
2023-09-05 7:46 ` Jan Beulich
2023-09-05 8:20 ` Nicola Vetrini
2023-09-05 8:33 ` Jan Beulich
2023-09-06 15:57 ` Nicola Vetrini
2023-09-06 16:02 ` Jan Beulich
2023-09-07 1:33 ` Stefano Stabellini
2023-09-07 6:42 ` Jan Beulich
2023-09-08 8:48 ` Nicola Vetrini
2023-09-08 11:57 ` Jan Beulich
2023-09-08 11:59 ` Jan Beulich
2023-09-08 14:53 ` Nicola Vetrini
2023-09-08 15:09 ` Nicola Vetrini
2023-09-11 6:43 ` Jan Beulich
2023-09-08 19:37 ` Stefano Stabellini
2023-09-19 9:19 ` Nicola Vetrini
2023-09-19 9:33 ` Jan Beulich
2023-09-19 9:54 ` Nicola Vetrini
2023-09-19 9:59 ` Jan Beulich
2023-10-04 13:23 ` Nicola Vetrini [this message]
2023-10-16 10:31 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6495ba58bda01eae1f4baa46096424eb@bugseng.com \
--to=nicola.vetrini@bugseng.com \
--cc=andrew.cooper3@citrix.com \
--cc=ayan.kumar.halder@amd.com \
--cc=consulting@bugseng.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
--cc=xenia.ragiadakou@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.