Re: [Xen-devel] [RFC PATCH 0/4] Add missing default labels to switch statements

["Jan Beulich" <JBeulich@xxxxxxxx>]

>>> On 22.02.19 at 22:33, <andrew.cooper3@xxxxxxxxxx> wrote:
> P.S. There is a solution here which could work, but IMO a better use of
> time and energy would be to get MISRA to update their rules to match
> this century, and stop getting in the way of compiler features intended
> to help the programmer avoid bugs.

As much as I'm with you in desiring the compiler aid given to not get
undermined, I think this MISRA rule isn't in need of modernizing: It's
one thing for the compiler to help with in-range enumerators, and it's
another to demand that unintentional out-of-range ones don't cause
actual harm (like crashing your car into the next tree). This is even
more so that iirc there's no warning if you pass a plain integer into a
function whose parameter specifies an enum, or if you assign a plain
integer to an enum types variable.

Amongst our planned hardening Kconfig-ery I think we may want to
add an option controlling whether to have something like

#define DEFAULT_UNREACHABLE(code) default: ASSERT_UNREACHABLE(); code;

or instead (by default) expanding to nothing.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel