| Message ID | 42fc6ae8d3eb802429d29c774502ff232340dc84.1706259490.git.federico.serafini@bugseng.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Introduce and use STATIC_ASSERT_UNREACHABLE() | expand |
On 26.01.2024 11:05, Federico Serafini wrote:> --- a/xen/include/xen/compiler.h > +++ b/xen/include/xen/compiler.h > @@ -64,6 +64,13 @@ > # define fallthrough do {} while (0) /* fallthrough */ > #endif > > +/* > + * Add the following macro to check that a program point is considered > + * unreachable by the static analysis performed by the compiler. > + */ > +#define STATIC_ASSERT_UNREACHABLE() \ > + asm ( ".error \"static assertion failed: unreachable\"" ) In the comment s/Add/Use/? The macro is there after all when this gets committed. Overall maybe "Use this macro at program points considered unreachable, to be checked by the compiler's static analysis." ? Also while asm()s without operands are implicitly volatile, I think it would be a good idea to make that explicit nevertheless. I'd be happy to adjust while committing, so long as you agree. If you agree, and provided diagnostics resulting from this are useful (an example would have been nice in the description): Acked-by: Jan Beulich <jbeulich@suse.com> Jan
On 06.02.2024 14:22, Jan Beulich wrote: > On 26.01.2024 11:05, Federico Serafini wrote:> --- a/xen/include/xen/compiler.h >> +++ b/xen/include/xen/compiler.h >> @@ -64,6 +64,13 @@ >> # define fallthrough do {} while (0) /* fallthrough */ >> #endif >> >> +/* >> + * Add the following macro to check that a program point is considered >> + * unreachable by the static analysis performed by the compiler. >> + */ >> +#define STATIC_ASSERT_UNREACHABLE() \ >> + asm ( ".error \"static assertion failed: unreachable\"" ) > > In the comment s/Add/Use/? The macro is there after all when this gets > committed. Overall maybe > > "Use this macro at program points considered unreachable, to be checked > by the compiler's static analysis." > > ? > > Also while asm()s without operands are implicitly volatile, I think it > would be a good idea to make that explicit nevertheless. > > I'd be happy to adjust while committing, so long as you agree. If you > agree, and provided diagnostics resulting from this are useful (an > example would have been nice in the description): > Acked-by: Jan Beulich <jbeulich@suse.com> Actually, having seen patch 2, I need to withdraw this right away. Jan
On Tue, 6 Feb 2024, Jan Beulich wrote: > On 06.02.2024 14:22, Jan Beulich wrote: > > On 26.01.2024 11:05, Federico Serafini wrote:> --- a/xen/include/xen/compiler.h > >> +++ b/xen/include/xen/compiler.h > >> @@ -64,6 +64,13 @@ > >> # define fallthrough do {} while (0) /* fallthrough */ > >> #endif > >> > >> +/* > >> + * Add the following macro to check that a program point is considered > >> + * unreachable by the static analysis performed by the compiler. > >> + */ > >> +#define STATIC_ASSERT_UNREACHABLE() \ > >> + asm ( ".error \"static assertion failed: unreachable\"" ) > > > > In the comment s/Add/Use/? The macro is there after all when this gets > > committed. Overall maybe > > > > "Use this macro at program points considered unreachable, to be checked > > by the compiler's static analysis." > > > > ? > > > > Also while asm()s without operands are implicitly volatile, I think it > > would be a good idea to make that explicit nevertheless. > > > > I'd be happy to adjust while committing, so long as you agree. If you > > agree, and provided diagnostics resulting from this are useful (an > > example would have been nice in the description): > > Acked-by: Jan Beulich <jbeulich@suse.com> > > Actually, having seen patch 2, I need to withdraw this right away. To me it looks good enough but let's continue the discussion on patch #2
diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 16d554f2a5..062f54449c 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -64,6 +64,13 @@ # define fallthrough do {} while (0) /* fallthrough */ #endif +/* + * Add the following macro to check that a program point is considered + * unreachable by the static analysis performed by the compiler. + */ +#define STATIC_ASSERT_UNREACHABLE() \ + asm ( ".error \"static assertion failed: unreachable\"" ) + #ifdef __clang__ /* Clang can replace some vars with new automatic ones that go in .data; * mark all explicit-segment vars 'used' to prevent that. */
Introduce macro STATIC_ASSERT_UNREACHABLE() to check that a program point is considered unreachable by the static analysis performed by the compiler. The use of such macro will lead to one of the following outcomes: - the program point identified by the macro is considered unreachable, then the compiler removes the macro; - the program point identified by the macro is not considered unreachable, then the compiler does not remove the macro, which will lead to a failure in the build process caused by an assembler error. Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> --- Changes in v2: - removed constraint about optimization level -O0; - use capital letters for macro name; - add missing blanks; - remove stray semicolon; - cite the assertion failure in the error message. --- xen/include/xen/compiler.h | 7 +++++++ 1 file changed, 7 insertions(+)