On 06/10/2023 11:02, Nicola Vetrini wrote:
On 06/10/2023 11:29, Julien Grall wrote:
Hi,
On 06/10/2023 09:26, Nicola Vetrini wrote:
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers will
give 2^ffs(x), where ffs(x) is the position of the lowest set bit in x.
A deviation for ECLAIR is also introduced.
Can you explain why this is a deviation in ECLAIR rather than one with
/* SAF-* */ (or whichever name we decide to rename to)? Is this
because the code is correct from MISRA perspective but the tool is
confused?
The code does violate Rule 10.1 (a unary minus applied to an unsigned
value is
deemed inappropriate by MISRA), but rather than changing a whole lot of
places where this
construct is used (mainly in x86 code), the reasoning is that it makes
more sense to isolate
it and justify its presence by the fact that on 2's complement
architectures the result is
indeed correct.
This is explaining to me why you are adding LOWEST_POW2(). But this
doesn't explain why you are not using /* SAF-* */ on top of LOWEST_POW2().
To me, we should only use ECLAIR specific deviation when this is a
shortcoming with the tool.
Cheers,
--
Julien Grall
