On Thu, Aug 14, 2025 at 11:25 PM Andrew Cooper <andrew.coop...@citrix.com> wrote: > > In macros it is common to declare local variables using typeof(param) in order > to ensure that side effects are only evaluated once. A consequence of this is > double textural expansion of the parameter, which can get out of hand very > quickly with nested macros. > > In C23, the auto keyword has been repurposed to perform type inference. > > A GCC extension, __auto_type, is now avaialble in the new toolchain baseline > and avoids the double textural expansion. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > --- > CC: Anthony PERARD <anthony.per...@vates.tech> > CC: Michal Orzel <michal.or...@amd.com> > CC: Jan Beulich <jbeul...@suse.com> > CC: Julien Grall <jul...@xen.org> > CC: Roger Pau Monné <roger....@citrix.com> > CC: Stefano Stabellini <sstabell...@kernel.org> > CC: Roberto Bagnara <roberto.bagn...@bugseng.com> > CC: Nicola Vetrini <nicola.vetr...@bugseng.com> > CC: consult...@bugseng.com <consult...@bugseng.com> > > The resulting build is identical. > > v2: > * Use auto directly > * Eclair configuration > > https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/1985289434 > --- > automation/eclair_analysis/ECLAIR/toolchain.ecl | 11 +++++++++-- > docs/misra/C-language-toolchain.rst | 2 ++ > xen/include/xen/compiler.h | 14 ++++++++++++++ > xen/include/xen/macros.h | 14 +++++++------- > 4 files changed, 32 insertions(+), 9 deletions(-) > > diff --git a/automation/eclair_analysis/ECLAIR/toolchain.ecl > b/automation/eclair_analysis/ECLAIR/toolchain.ecl > index 842f8377e561..125f99a06583 100644 > --- a/automation/eclair_analysis/ECLAIR/toolchain.ecl > +++ b/automation/eclair_analysis/ECLAIR/toolchain.ecl > @@ -15,6 +15,7 @@ > __alignof__, __alignof: see Sections \"6.48 Alternate Keywords\" and > \"6.44 Determining the Alignment of Functions, Types or Variables\" of > "GCC_MANUAL". > asm, __asm__: see Sections \"6.48 Alternate Keywords\" and \"6.47 How to > Use Inline Assembly Language in C Code\" of "GCC_MANUAL". > __attribute__: see Section \"6.39 Attribute Syntax\" of "GCC_MANUAL". > + __auto_type: see Section \"6.7 Referring to a Type with typeof\" of > "GCC_MANUAL". > __builtin_offsetof: see Section \"6.53 Support for offsetof\" of > "GCC_MANUAL". > __builtin_types_compatible_p: see Section \"6.59 Other Built-in > Functions Provided by GCC\" of "GCC_MANUAL". > __builtin_va_arg: non-documented GCC extension. > @@ -26,6 +27,7 @@ > -name_selector+={alignof, "^(__alignof__|__alignof)$"} > -name_selector+={asm, "^(__asm__|asm)$"} > -name_selector+={attribute, "^__attribute__$"} > +-name_selector+={auto_type, "^__auto_type$"} > -name_selector+={builtin_offsetof, "^__builtin_offsetof$"} > -name_selector+={builtin_types_p, "^__builtin_types_compatible_p$"} > -name_selector+={builtin_va_arg, "^__builtin_va_arg$"} > @@ -39,6 +41,7 @@ > "alignof|| > asm|| > attribute|| > +auto_type|| > builtin_offsetof|| > builtin_types_p|| > builtin_va_arg|| > @@ -114,6 +117,7 @@ volatile" > -doc_end > > -doc_begin=" > + ext_auto_type: see Section \"6.7 Referring to a Type with typeof\" of > "GCC_MANUAL". > ext_c_missing_varargs_arg: see Section \"6.21 Macros with a Variable > Number of Arguments\" of "GCC_MANUAL". > ext_enum_value_not_int: non-documented GCC extension. > ext_flexible_array_in_array: see Section \"6.18 Arrays of Length Zero\" > of "GCC_MANUAL". > @@ -126,6 +130,7 @@ volatile" > ext_return_has_void_expr: see the documentation for -Wreturn-type in > Section \"3.8 Options to Request or Suppress Warnings\" of "GCC_MANUAL". > ext_sizeof_alignof_void_type: see Section \"6.24 Arithmetic on void- and > Function-Pointers\" of "GCC_MANUAL". > " > +-name_selector+={ext_auto_type, "^ext_auto_type$"} > -name_selector+={ext_c_missing_varargs_arg, "^ext_c_missing_varargs_arg$"} > -name_selector+={ext_enum_value_not_int, "^ext_enum_value_not_int$"} > -name_selector+={ext_flexible_array_in_array, > "^ext_flexible_array_in_array$"} > @@ -139,7 +144,8 @@ volatile" > -name_selector+={ext_sizeof_alignof_void_type, > "^ext_sizeof_alignof_void_type$"} > > -config=STD.diag,behavior+={c99,GCC_ARM64, > -"ext_c_missing_varargs_arg|| > +"ext_auto_type|| > +ext_c_missing_varargs_arg|| > ext_forward_ref_enum_def|| > ext_gnu_array_range|| > ext_gnu_statement_expr_macro|| > @@ -149,7 +155,8 @@ ext_return_has_void_expr|| > ext_sizeof_alignof_void_type" > } > -config=STD.diag,behavior+={c99,GCC_X86_64, > -"ext_c_missing_varargs_arg|| > +"ext_auto_type|| > +ext_c_missing_varargs_arg|| > ext_enum_value_not_int|| > ext_flexible_array_in_array|| > ext_flexible_array_in_struct|| > diff --git a/docs/misra/C-language-toolchain.rst > b/docs/misra/C-language-toolchain.rst > index cb81f5c09872..635936004554 100644 > --- a/docs/misra/C-language-toolchain.rst > +++ b/docs/misra/C-language-toolchain.rst > @@ -94,6 +94,8 @@ The table columns are as follows: > see Sections "6.48 Alternate Keywords" and "6.44 Determining the > Alignment of Functions, Types or Variables" of GCC_MANUAL. > __attribute__: > see Section "6.39 Attribute Syntax" of GCC_MANUAL. > + __auto_type: > + see Section "6.7 Referring to a Type with typeof" of GCC_MANUAL. > __builtin_types_compatible_p: > see Section "6.59 Other Built-in Functions Provided by GCC" of > GCC_MANUAL. > __builtin_va_arg: > diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h > index 88bf26bc5109..38ef5d82ad95 100644 > --- a/xen/include/xen/compiler.h > +++ b/xen/include/xen/compiler.h > @@ -64,6 +64,20 @@ > # define asm_inline asm > #endif > > +/* > + * In C23, the auto keyword has been repurposed to perform type inference. > + * > + * This behaviour is available via the __auto_type extension in supported > + * toolchains. > + * > + * > https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Auto-Type.html > + * https://clang.llvm.org/docs/LanguageExtensions.html#auto-type > + */ > +#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 202311L > +/* SAF-3-safe MISRA C Rule 20.4: Giving the keyword it's C23 meaning. */ > +#define auto __auto_type > +#endif > + > /* > * Add the pseudo keyword 'fallthrough' so case statement blocks > * must end with any of these keywords: > diff --git a/xen/include/xen/macros.h b/xen/include/xen/macros.h > index f9ccde86fb23..ceca2e4a1bf1 100644 > --- a/xen/include/xen/macros.h > +++ b/xen/include/xen/macros.h > @@ -63,18 +63,18 @@ > /* Hide a value from the optimiser. */ > #define HIDE(x) \ > ({ \ > - typeof(x) _x = (x); \ > + auto _x = (x); \ > asm volatile ( "" : "+r" (_x) ); \ > _x; \ > }) > > #define ABS(x) ({ \ > - typeof(x) x_ = (x); \ > + auto x_ = (x); \ > (x_ < 0) ? -x_ : x_; \ > }) > > #define SWAP(a, b) \ > - do { typeof(a) t_ = (a); (a) = (b); (b) = t_; } while ( 0 ) > + do { auto t_ = (a); (a) = (b); (b) = t_; } while ( 0 ) > > #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array(x)) > > @@ -102,15 +102,15 @@ > */ > #define min(x, y) \ > ({ \ > - const typeof(x) _x = (x); \ > - const typeof(y) _y = (y); \ > + const auto _x = (x); \ > + const auto _y = (y); \ > (void)(&_x == &_y); /* typecheck */ \ > _x < _y ? _x : _y; \ > }) > #define max(x, y) \ > ({ \ > - const typeof(x) _x = (x); \ > - const typeof(y) _y = (y); \ > + const auto _x = (x); \ > + const auto _y = (y); \ > (void)(&_x == &_y); /* typecheck */ \ > _x > _y ? _x : _y; \ > }) > > base-commit: b2c0dc44b37516b758c38de04c61ad295ac0dff2
Thanks for the change, nice to have it. Reviewed-by: Frediano Ziglio <frediano.zig...@cloud.com> Frediano
