From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
michal.orzel@amd.com, xenia.ragiadakou@amd.com,
ayan.kumar.halder@amd.com, consulting@bugseng.com,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Julien Grall <julien@xen.org>, Wei Liu <wl@xen.org>,
xen-devel@lists.xenproject.org
Subject: Re: [XEN PATCH 07/11] xen: address MISRA C:2012 Rule 2.1
Date: Wed, 16 Aug 2023 12:01:04 +0200 [thread overview]
Message-ID: <6e1dbf093687e5fa66295621ce67e4dc@bugseng.com> (raw)
In-Reply-To: <b0581f49ac01c923809c0e15c1a1dfed@bugseng.com>
Hi,
On 08/08/2023 11:03, Nicola Vetrini wrote:
> On 04/08/2023 08:42, Jan Beulich wrote:
>> On 04.08.2023 01:50, Stefano Stabellini wrote:
>>> On Thu, 3 Aug 2023, Jan Beulich wrote:
>>>> On 02.08.2023 16:38, Nicola Vetrini wrote:
>>>>> Rule 2.1 states: "A project shall not contain unreachable code".
>>>>>
>>>>> The functions
>>>>> - machine_halt
>>>>> - maybe_reboot
>>>>> - machine_restart
>>>>> are not supposed to return, hence the following break statement
>>>>> is marked as intentionally unreachable with the
>>>>> ASSERT_UNREACHABLE()
>>>>> macro to justify the violation of the rule.
>>>>
>>>> During the discussion it was mentioned that this won't help with
>>>> release builds, where right now ASSERT_UNREACHABLE() expands to
>>>> effectively nothing. You want to clarify here how release builds
>>>> are to be taken care of, as those are what eventual certification
>>>> will be run against.
>>>
>>> Something along these lines:
>>>
>>> ASSERT_UNREACHABLE(), not only is used in non-release builds to
>>> actually
>>> assert and detect errors, but it is also used as a marker to tag
>>> unreachable code. In release builds ASSERT_UNREACHABLE() doesn't
>>> resolve
>>> into an assert, but retains its role of a code marker.
>>>
>>> Does it work?
>>
>> Well, it states what is happening, but I'm not convinced it satisfies
>> rule 2.1. There's then still code there which isn't reachable, and
>> which a scanner will spot and report.
>>
>> Jan
>
> It's not clear to me whether you dislike the patch itself or the commit
> message. If it's the latter, how about:
> "ASSERT_UNREACHABLE() is used as a marker for intentionally
> unreachable code, which
> constitutes a motivated deviation from Rule 2.1. Additionally, in
> non-release
> builds, this macro performs a failing assertion to detect errors."
Any feedback on this (with one edit: s/a failing assertion/an
assertion/)
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
next prev parent reply other threads:[~2023-08-16 10:01 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-02 14:38 [XEN PATCH 00/11] xen: address MISRA C:2012 Rule 2.1 Nicola Vetrini
2023-08-02 14:38 ` [XEN PATCH 01/11] x86/efi: move variable declaration to " Nicola Vetrini
2023-08-03 2:08 ` Stefano Stabellini
2023-08-03 8:57 ` Jan Beulich
2023-08-04 7:12 ` Nicola Vetrini
2023-08-02 14:38 ` [XEN PATCH 02/11] x86: move declarations " Nicola Vetrini
2023-08-02 14:44 ` Andrew Cooper
2023-08-03 2:13 ` Stefano Stabellini
2023-08-03 9:01 ` Jan Beulich
2023-08-03 14:22 ` Nicola Vetrini
2023-08-03 19:23 ` Stefano Stabellini
2023-08-04 1:14 ` Stefano Stabellini
2023-08-04 7:06 ` Jan Beulich
2023-08-04 9:50 ` Nicola Vetrini
2023-08-04 20:26 ` Stefano Stabellini
2023-08-07 7:18 ` Jan Beulich
2023-08-03 9:05 ` Jan Beulich
2023-08-02 14:38 ` [XEN PATCH 03/11] x86/uaccess: " Nicola Vetrini
2023-08-03 2:14 ` Stefano Stabellini
2023-08-02 14:38 ` [XEN PATCH 04/11] x86emul: move variable definitions " Nicola Vetrini
2023-08-03 2:33 ` Stefano Stabellini
2023-08-03 9:09 ` Jan Beulich
2023-08-02 14:38 ` [XEN PATCH 05/11] drivers/pci: " Nicola Vetrini
2023-08-03 2:36 ` Stefano Stabellini
2023-08-02 14:38 ` [XEN PATCH 06/11] xen/ioreq: move variable declaration " Nicola Vetrini
2023-08-02 14:38 ` [XEN PATCH 07/11] xen: " Nicola Vetrini
2023-08-03 9:16 ` Jan Beulich
2023-08-03 23:50 ` Stefano Stabellini
2023-08-04 6:42 ` Jan Beulich
2023-08-08 9:03 ` Nicola Vetrini
2023-08-16 10:01 ` Nicola Vetrini [this message]
2023-08-16 10:31 ` Jan Beulich
2023-08-16 10:47 ` Nicola Vetrini
2023-08-16 11:23 ` Jan Beulich
2023-08-16 13:43 ` Nicola Vetrini
2023-08-16 15:00 ` Jan Beulich
2023-08-16 19:28 ` Stefano Stabellini
2023-08-18 12:57 ` Nicola Vetrini
2023-08-02 14:38 ` [XEN PATCH 08/11] xen: move declarations to " Nicola Vetrini
2023-08-02 14:38 ` [XEN PATCH 09/11] x86/xstate: moved BUILD_BUG_ON " Nicola Vetrini
2023-08-02 14:38 ` [XEN PATCH 10/11] xen/sched: add ASSERT_UNREACHABLE() " Nicola Vetrini
2023-08-03 9:17 ` Jan Beulich
2023-08-07 8:13 ` Nicola Vetrini
2023-08-07 8:50 ` Jan Beulich
2023-08-08 15:25 ` Julien Grall
2023-08-08 15:36 ` Jan Beulich
2023-08-08 15:44 ` Julien Grall
2023-08-08 15:53 ` Nicola Vetrini
2023-08-08 15:57 ` Julien Grall
2023-08-08 21:14 ` Stefano Stabellini
2023-08-09 6:01 ` Jan Beulich
2023-08-11 18:41 ` Julien Grall
2023-08-02 14:38 ` [XEN PATCH 11/11] x86/mm: Add assertion " Nicola Vetrini
2023-08-03 9:20 ` Jan Beulich
2023-08-03 9:30 ` Nicola Vetrini
2023-08-03 15:41 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6e1dbf093687e5fa66295621ce67e4dc@bugseng.com \
--to=nicola.vetrini@bugseng.com \
--cc=andrew.cooper3@citrix.com \
--cc=ayan.kumar.halder@amd.com \
--cc=consulting@bugseng.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
--cc=xenia.ragiadakou@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.