On 09.07.2024 11:34, Nicola Vetrini wrote:
> --- a/xen/include/xen/bitmap.h
> +++ b/xen/include/xen/bitmap.h
> @@ -103,18 +103,16 @@ extern int bitmap_allocate_region(unsigned long
> *bitmap, int pos, int order);
> #define bitmap_switch(nbits, zero, small, large) \
> unsigned int n__ = (nbits); \
> if (__builtin_constant_p(nbits) && !n__) { \
> - /* SAF-7-safe Rule 20.7 non-parenthesized macro argument */ \
> zero; \
> } else if (__builtin_constant_p(nbits) && n__ <= BITS_PER_LONG) { \
> - /* SAF-7-safe Rule 20.7 non-parenthesized macro argument */ \
> small; \
> } else { \
> - /* SAF-7-safe Rule 20.7 non-parenthesized macro argument */ \
> large; \
> }
An observation I made only while discussing this on the meeting is that by
going from this form to ...
> static inline void bitmap_zero(unsigned long *dst, unsigned int nbits)
> {
> + /* SAF-7-safe Rule 20.7 non-parenthesized macro argument */
> bitmap_switch(nbits,,
> *dst = 0UL,
> memset(dst, 0, bitmap_bytes(nbits)));
... this form, you actually widen what the deviation covers to the entire
macro, which is too much. We don't want to deviate the rule for all of the
arguments, after all.
However, it further occurred to me that the reason for needing the deviation
looks to merely be that in some cases (like the one above) we pass empty
macro arguments. That's getting in the way of parenthesizing the use sites.
We could avoid this, though, by adding e.g.
#define nothing ((void)0)
near the definition of bitmap_switch() and then using that in place of the
empty arguments. Provided of course this is the only obstacle to
parenthesization. At which point no deviation ought to be needed in the
first place.
Jan
