>>> On 22.02.19 at 22:33, <andrew.coop...@citrix.com> wrote: > P.S. There is a solution here which could work, but IMO a better use of > time and energy would be to get MISRA to update their rules to match > this century, and stop getting in the way of compiler features intended > to help the programmer avoid bugs.
As much as I'm with you in desiring the compiler aid given to not get undermined, I think this MISRA rule isn't in need of modernizing: It's one thing for the compiler to help with in-range enumerators, and it's another to demand that unintentional out-of-range ones don't cause actual harm (like crashing your car into the next tree). This is even more so that iirc there's no warning if you pass a plain integer into a function whose parameter specifies an enum, or if you assign a plain integer to an enum types variable. Amongst our planned hardening Kconfig-ery I think we may want to add an option controlling whether to have something like #define DEFAULT_UNREACHABLE(code) default: ASSERT_UNREACHABLE(); code; or instead (by default) expanding to nothing. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
