On 15/08/2025 8:20 am, Nicola Vetrini wrote: > On 2025-08-15 00:25, Andrew Cooper wrote: >> In macros it is common to declare local variables using typeof(param) >> in order >> to ensure that side effects are only evaluated once. A consequence >> of this is >> double textural expansion of the parameter, which can get out of hand >> very >> quickly with nested macros. >> >> In C23, the auto keyword has been repurposed to perform type inference. >> >> A GCC extension, __auto_type, is now avaialble in the new toolchain >> baseline >> and avoids the double textural expansion. >> >> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > > Reviewed-by: Nicola Vetrini <nicola.vetr...@bugseng.com>
Thankyou. >> >> diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h >> index 88bf26bc5109..38ef5d82ad95 100644 >> --- a/xen/include/xen/compiler.h >> +++ b/xen/include/xen/compiler.h >> @@ -64,6 +64,20 @@ >> # define asm_inline asm >> #endif >> >> +/* >> + * In C23, the auto keyword has been repurposed to perform type >> inference. >> + * >> + * This behaviour is available via the __auto_type extension in >> supported >> + * toolchains. >> + * >> + * >> https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Auto-Type.html >> + * https://clang.llvm.org/docs/LanguageExtensions.html#auto-type >> + */ >> +#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 202311L >> +/* SAF-3-safe MISRA C Rule 20.4: Giving the keyword it's C23 >> meaning. */ >> +#define auto __auto_type >> +#endif >> + > > A more detailed explanation should live in deviations.rst under this > bullet point > > * - R20.4 > - The override of the keyword \"inline\" in xen/compiler.h is > present so > that section contents checks pass when the compiler chooses not to > inline a particular function. > - Comment-based deviation. > > as described in the SAF entry: > > { > "id": "SAF-3-safe", > "analyser": { > "eclair": "MC3A2.R20.4" > }, > "name": "MC3A2.R20.4: allow the definition of a macro with > the same name as a keyword in some special cases", > "text": "The definition of a macro with the same name as a > keyword can be useful in certain configurations to improve the > guarantees that can be provided by Xen. See docs/misra/deviations.rst > for a precise rationale for all such cases." > }, Ah right. What about this: "Xen does not use the \"auto\" keyword as a storage qualifier. The override of the keyword \"auto\" in xen/compiler.h is to give it it's C23 behaviour of type inference." ? ~Andrew P.S. I thought that final fix was too easy. Your instructions for the main config were spot on and worked first time, except for getting the R20.4 violation too.
