On 2025-08-15 10:17, Andrew Cooper wrote:
On 15/08/2025 8:20 am, Nicola Vetrini wrote:
On 2025-08-15 00:25, Andrew Cooper wrote:
In macros it is common to declare local variables using typeof(param)
in order
to ensure that side effects are only evaluated once. A consequence
of this is
double textural expansion of the parameter, which can get out of hand
very
quickly with nested macros.
In C23, the auto keyword has been repurposed to perform type
inference.
A GCC extension, __auto_type, is now avaialble in the new toolchain
baseline
and avoids the double textural expansion.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Reviewed-by: Nicola Vetrini <nicola.vetr...@bugseng.com>
Thankyou.
diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h
index 88bf26bc5109..38ef5d82ad95 100644
--- a/xen/include/xen/compiler.h
+++ b/xen/include/xen/compiler.h
@@ -64,6 +64,20 @@
# define asm_inline asm
#endif
+/*
+ * In C23, the auto keyword has been repurposed to perform type
inference.
+ *
+ * This behaviour is available via the __auto_type extension in
supported
+ * toolchains.
+ *
+ *
https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Auto-Type.html
+ * https://clang.llvm.org/docs/LanguageExtensions.html#auto-type
+ */
+#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 202311L
+/* SAF-3-safe MISRA C Rule 20.4: Giving the keyword it's C23
meaning. */
+#define auto __auto_type
+#endif
+
A more detailed explanation should live in deviations.rst under this
bullet point
* - R20.4
- The override of the keyword \"inline\" in xen/compiler.h is
present so
that section contents checks pass when the compiler chooses not
to
inline a particular function.
- Comment-based deviation.
as described in the SAF entry:
{
"id": "SAF-3-safe",
"analyser": {
"eclair": "MC3A2.R20.4"
},
"name": "MC3A2.R20.4: allow the definition of a macro with
the same name as a keyword in some special cases",
"text": "The definition of a macro with the same name as a
keyword can be useful in certain configurations to improve the
guarantees that can be provided by Xen. See docs/misra/deviations.rst
for a precise rationale for all such cases."
},
Ah right. What about this:
"Xen does not use the \"auto\" keyword as a storage qualifier. The
override of the keyword \"auto\" in xen/compiler.h is to give it it's
C23 behaviour of type inference."
?
Seems good to me. Maybe this should be spelled out in ./CODING_STYLE as
well, so that newcomers don't trip over this?
~Andrew
P.S. I thought that final fix was too easy. Your instructions for the
main config were spot on and worked first time, except for getting the
R20.4 violation too.
Yeah, forgot about that one; it's not so common to override keywords.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
