[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] docs/misra: add Rule 16.4


  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 14 Mar 2024 15:12:49 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4F9q04AcUhjcEca3Qf+BmiZXzSicBAcKJFgph0eUFQ=; b=l2uuFi/KwewOUZ/KczJcA0ZjKNt+tQUUthfb42qEeaVoKDYb+mUn8qB9pOaaD5+csYn1rsa1yMYF24NdNSXjbRpeSNxGz42UuG4ZBDvQMfhkk1XdEXGqGCkAEw0QV8GhbjwA4/la7MaTrIUkkXwcjHmAMeGifbB7wuL4i3gHerl2MGd+l43So6fELqdmEQLQvIp1Yfk4VV1Kiqj1zz6P6tz/nYupmoyi44nc8IHi1fClvGfVMV8lXQuPV2WglDx/UVMAXGtx/Fena20wFKSVb70lIYg1CwMEsWR/U2AxHQrfPMGrU65w8zhNHLUrwTejpnpUtvQuxvYN/V/6fZxUlw==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4F9q04AcUhjcEca3Qf+BmiZXzSicBAcKJFgph0eUFQ=; b=WKNAp9/z6DF2RK84byZW9Fk0HBncgSzryf3DL5Q/2X8hcScgVPKhrATbgIXacOKKSlx0XCfxnQ5iVnpAK2X+2mRSwSpLf/BAL25WHNOLi+vPXRie8jCiRpdCAlCOO04pygNHft1DeJSamii+dkpOU0geSP7cDuIwoWf2wIyNBOq7zWOR9Njm683TW882VJEnaYx/C4M+wcmUhVeePEYtZ+Xn8TeLZ+0PW9oe9uJPLCx2lvfbac+E+pmEA++CN9qc67cBqR98/E7XG14a6BCNaJu4bw8Nl0QdyR4mCo2ScNcCT/JzOJMqJuKWb5FzI+YE+joNU6zoNpZTdrEP41jHjQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=AsgHN+U5n0+iQdKHkRihwnp2lOQRamQ8cvU783PlTGsMsbu+XUjH3N1GDGfs5PjNNT1pmOTInhNajGf+LEctTiz3oLFOsdsVlONpXJWeJS0HyfJL9wbAP8ykjsWzF4MwKLoxJlDh5PlWJzvJdgrFQVJ0QaYID/yFw83kGQoF06ZwngTxZSMUjW+gmUfozJjPmsQZDs9ercAGF6EVeV8OYoaFLf98ihZYPk/q1JxfcQgAM/4Vj+NmM4OTcCay2gYaXe4v7J7hIEC5zBojTous8h3L+SFebtPxp3Ue9q26k01mmhbmfn1rGo0rG+FRCucM308plALxIQkbIPgn8m+ARA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=id6WeEzTVUbBnd5E2SQ7T4tP1fh3rX7K3MZ/uO5kNYoDwL9IMP289d5xB13umbpOuyqS7uFLMGnN+JbfhWGmvrPtnDD4B7Oylwzg0qm/pUBt5JNsP084YYBCH7kKHQ+AryylID0SKNngPit4d5KY7cSQlaNneoAyXs17VcyCKtDLzN8aHsWDQynLB9mG+ajoFXIhBXLa5d1Nu6DPwP6TE7toKGdYu0dwhO8XeH7RCjkhznrViUSJ6+gC7tj+QA3J0+VcAnG1xUEvdERyDgcM/GSAWtkqTr/iJu3Fy3kN5rhU1paO7GZRN8uzb8X1qtDSZ0BUI94o+GdBUGQY4140VQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 14 Mar 2024 15:13:19 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHadN1oSVYbGKIFE0GfGxIx2bdb6LE1S9QAgAEAKICAAQ5kgA==
  • Thread-topic: [PATCH] docs/misra: add Rule 16.4

Hi Stefano,

> On 14 Mar 2024, at 00:04, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
> On Wed, 13 Mar 2024, Jan Beulich wrote:
>> On 13.03.2024 01:28, Stefano Stabellini wrote:
>>> --- a/docs/misra/rules.rst
>>> +++ b/docs/misra/rules.rst
>>> @@ -478,6 +478,30 @@ maintainers if you want to suggest a change.
>>>      - In addition to break, also other unconditional flow control 
>>> statements
>>>        such as continue, return, goto are allowed.
>>> 
>>> +   * - `Rule 16.4 
>>> <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_16_04.c>`_
>>> +     - Required
>>> +     - Every switch statement shall have a default label
>>> +     - Switch statements with enums as controlling expression don't need
>>> +       a default label as gcc -Wall enables -Wswitch which warns (and
>>> +       breaks the build)
>> 
>> I think this could do with mentioning -Werror.
> 
> No problem
> 
> 
>>> if one of the enum labels is missing from the
>>> +       switch.
>>> +
>>> +       Switch statements with integer types as controlling expression
>>> +       should have a default label:
>>> +
>>> +       - if the switch is expected to handle all possible cases
>>> +         explicitly, then a default label shall be added to handle
>>> +         unexpected error conditions, using BUG(), ASSERT(), WARN(),
>>> +         domain_crash(), or other appropriate methods;
>>> +
>>> +       - if the switch is expected to handle a subset of all
>>> +         possible cases, then a default label shall be added with an
>>> +         in-code comment as follows::
>>> +
>>> +             /* only handle a subset of the possible cases */
>>> +             default:
>>> +                 break;
>> 
>> Unless it being made crystal clear that mechanically reproducing this
>> comment isn't going to do, I'm going to have a hard time picking
>> between actively vetoing or just accepting if someone else acks this.
>> At the very least, though, the suggested (or, as requested, example)
>> comment should match ./CODING_STYLE. And it may need placing
>> differently if I understood correctly what Misra / Eclair demand
>> (between default: and break; rather than ahead of both).
>> 
>> The only place I'd accept a pre-cooked comment is to cover the
>> "notifier pattern".
> 
> Hi Jan, 
> 
> During the MISRA C call we discussed two distinct situations:
> 
> 1) when the default is not supposed to happen (it could be an BUG_ON)
> 2) when we only handle a subset of cases on purpose
> 
> For 2), it is useful to have a comment to clarify that we are dealing
> with 2) instead of 1). It is not a pre-cooked comment. The comment
> should be reviewed and checked that it is actually true that for this
> specific switch the default is expected and we should do nothing.
> 
> However, the comment is indeed pre-cooked in the sense that we don't
> need to have several different variations of them to explain why we only
> handle a subset of cases.
> 
> The majority of people on the call agreed with this (or so I understood).

In fact i do agree with Jan here somehow: we must not have a default comment
in the rules.rst.
It might be that a comment will look like that but I think it would be a 
mistake to
have a default one that people can just copy and paste without thinking.
I would suggest to put something like the following instead:
When a default is empty, a comment shall be added to state it with a reason
and when possible a more detailed explanation.

Regards
Bertrand






 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.