[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] docs/misra: add Rule 16.4
- To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
- From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
- Date: Thu, 14 Mar 2024 15:12:49 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
- Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4F9q04AcUhjcEca3Qf+BmiZXzSicBAcKJFgph0eUFQ=; b=l2uuFi/KwewOUZ/KczJcA0ZjKNt+tQUUthfb42qEeaVoKDYb+mUn8qB9pOaaD5+csYn1rsa1yMYF24NdNSXjbRpeSNxGz42UuG4ZBDvQMfhkk1XdEXGqGCkAEw0QV8GhbjwA4/la7MaTrIUkkXwcjHmAMeGifbB7wuL4i3gHerl2MGd+l43So6fELqdmEQLQvIp1Yfk4VV1Kiqj1zz6P6tz/nYupmoyi44nc8IHi1fClvGfVMV8lXQuPV2WglDx/UVMAXGtx/Fena20wFKSVb70lIYg1CwMEsWR/U2AxHQrfPMGrU65w8zhNHLUrwTejpnpUtvQuxvYN/V/6fZxUlw==
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4F9q04AcUhjcEca3Qf+BmiZXzSicBAcKJFgph0eUFQ=; b=WKNAp9/z6DF2RK84byZW9Fk0HBncgSzryf3DL5Q/2X8hcScgVPKhrATbgIXacOKKSlx0XCfxnQ5iVnpAK2X+2mRSwSpLf/BAL25WHNOLi+vPXRie8jCiRpdCAlCOO04pygNHft1DeJSamii+dkpOU0geSP7cDuIwoWf2wIyNBOq7zWOR9Njm683TW882VJEnaYx/C4M+wcmUhVeePEYtZ+Xn8TeLZ+0PW9oe9uJPLCx2lvfbac+E+pmEA++CN9qc67cBqR98/E7XG14a6BCNaJu4bw8Nl0QdyR4mCo2ScNcCT/JzOJMqJuKWb5FzI+YE+joNU6zoNpZTdrEP41jHjQ==
- Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=AsgHN+U5n0+iQdKHkRihwnp2lOQRamQ8cvU783PlTGsMsbu+XUjH3N1GDGfs5PjNNT1pmOTInhNajGf+LEctTiz3oLFOsdsVlONpXJWeJS0HyfJL9wbAP8ykjsWzF4MwKLoxJlDh5PlWJzvJdgrFQVJ0QaYID/yFw83kGQoF06ZwngTxZSMUjW+gmUfozJjPmsQZDs9ercAGF6EVeV8OYoaFLf98ihZYPk/q1JxfcQgAM/4Vj+NmM4OTcCay2gYaXe4v7J7hIEC5zBojTous8h3L+SFebtPxp3Ue9q26k01mmhbmfn1rGo0rG+FRCucM308plALxIQkbIPgn8m+ARA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=id6WeEzTVUbBnd5E2SQ7T4tP1fh3rX7K3MZ/uO5kNYoDwL9IMP289d5xB13umbpOuyqS7uFLMGnN+JbfhWGmvrPtnDD4B7Oylwzg0qm/pUBt5JNsP084YYBCH7kKHQ+AryylID0SKNngPit4d5KY7cSQlaNneoAyXs17VcyCKtDLzN8aHsWDQynLB9mG+ajoFXIhBXLa5d1Nu6DPwP6TE7toKGdYu0dwhO8XeH7RCjkhznrViUSJ6+gC7tj+QA3J0+VcAnG1xUEvdERyDgcM/GSAWtkqTr/iJu3Fy3kN5rhU1paO7GZRN8uzb8X1qtDSZ0BUI94o+GdBUGQY4140VQ==
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Thu, 14 Mar 2024 15:13:19 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Nodisclaimer: true
- Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
- Thread-index: AQHadN1oSVYbGKIFE0GfGxIx2bdb6LE1S9QAgAEAKICAAQ5kgA==
- Thread-topic: [PATCH] docs/misra: add Rule 16.4
Hi Stefano,
> On 14 Mar 2024, at 00:04, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
>
> On Wed, 13 Mar 2024, Jan Beulich wrote:
>> On 13.03.2024 01:28, Stefano Stabellini wrote:
>>> --- a/docs/misra/rules.rst
>>> +++ b/docs/misra/rules.rst
>>> @@ -478,6 +478,30 @@ maintainers if you want to suggest a change.
>>> - In addition to break, also other unconditional flow control
>>> statements
>>> such as continue, return, goto are allowed.
>>>
>>> + * - `Rule 16.4
>>> <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_16_04.c>`_
>>> + - Required
>>> + - Every switch statement shall have a default label
>>> + - Switch statements with enums as controlling expression don't need
>>> + a default label as gcc -Wall enables -Wswitch which warns (and
>>> + breaks the build)
>>
>> I think this could do with mentioning -Werror.
>
> No problem
>
>
>>> if one of the enum labels is missing from the
>>> + switch.
>>> +
>>> + Switch statements with integer types as controlling expression
>>> + should have a default label:
>>> +
>>> + - if the switch is expected to handle all possible cases
>>> + explicitly, then a default label shall be added to handle
>>> + unexpected error conditions, using BUG(), ASSERT(), WARN(),
>>> + domain_crash(), or other appropriate methods;
>>> +
>>> + - if the switch is expected to handle a subset of all
>>> + possible cases, then a default label shall be added with an
>>> + in-code comment as follows::
>>> +
>>> + /* only handle a subset of the possible cases */
>>> + default:
>>> + break;
>>
>> Unless it being made crystal clear that mechanically reproducing this
>> comment isn't going to do, I'm going to have a hard time picking
>> between actively vetoing or just accepting if someone else acks this.
>> At the very least, though, the suggested (or, as requested, example)
>> comment should match ./CODING_STYLE. And it may need placing
>> differently if I understood correctly what Misra / Eclair demand
>> (between default: and break; rather than ahead of both).
>>
>> The only place I'd accept a pre-cooked comment is to cover the
>> "notifier pattern".
>
> Hi Jan,
>
> During the MISRA C call we discussed two distinct situations:
>
> 1) when the default is not supposed to happen (it could be an BUG_ON)
> 2) when we only handle a subset of cases on purpose
>
> For 2), it is useful to have a comment to clarify that we are dealing
> with 2) instead of 1). It is not a pre-cooked comment. The comment
> should be reviewed and checked that it is actually true that for this
> specific switch the default is expected and we should do nothing.
>
> However, the comment is indeed pre-cooked in the sense that we don't
> need to have several different variations of them to explain why we only
> handle a subset of cases.
>
> The majority of people on the call agreed with this (or so I understood).
In fact i do agree with Jan here somehow: we must not have a default comment
in the rules.rst.
It might be that a comment will look like that but I think it would be a
mistake to
have a default one that people can just copy and paste without thinking.
I would suggest to put something like the following instead:
When a default is empty, a comment shall be added to state it with a reason
and when possible a more detailed explanation.
Regards
Bertrand
|