On 16/01/2019 00:36, Stefano Stabellini wrote: > On Tue, 15 Jan 2019, Jan Beulich wrote: >>> Yes, this instance is only the tip of the >>> iceberg, we have a long road ahead, but we shouldn't really give up >>> because it is going to be difficult :-) Stewart's approach would >>> actually be compliant and help toward reducing reliance on undefined >>> behavior. >>> >>> Would you be OK if I rework the series to follow his approach using >>> intermediate variables? See the attached patch as a reference, it only >>> "converts" _start and _end as an example. Fortunately, it will be >>> textually similar to the previous SYMBOL returning unsigned long version >>> of the series. >> >> Well, I've given reasons why I dislike that, and why (I think) it was >> done without such intermediate variables. Nevertheless, if this is >> _the only way_ to achieve compliance, I don't think I could >> reasonably NAK it. >> >> The thing that I don't understand though is how the undefined >> behavior (if there really is any) goes away: Even if you compare >> the contents of the variables instead of the original (perhaps >> casted) pointers, in the end you still compare what C would >> consider pointers to different objects. It's merely a different >> way of hiding that fact from C. > > I saw that Stewart wrote a long and detailed reply, but this is my short > take on this. I don't think so: with this approach there are no dubious > pointers in C land at all[1]. It is perfectly fine to have addresses as > integers in C, compare and subtracts addresses as integers, then casting > one of them to a pointer and accessing a structure with the pointer. > _start becomes only defined and used outside of C. I think both C and > MISRAC compliance would be satisfied. > > ([1]: There a catch with the way we use the pointers in alternative.c, both > x86 and arm, but is easy to fix in a follow-up series. Everything else > is taken care of.) > > >> Undefined behavior would imo >> go away only if those comparisons/subtractions didn't happen >> in C anymore. IOW - see my .startof.() / .sizeof.() proposal. >> >>> If you are OK with it, do you have any suggestions on how would you like >>> the intermediate variables to be called? I went with _start/start_ and >>> _end/end_ but I am open to suggestions. Also to which assembly file you >>> would like the new variables being added -- I created a new one for the >>> purpose named var.S in the attached example. >> >> First of all we should explore whether the variables could also be >> linker generated, in particular to avoid the current symbols to be >> global (thus making it impossible to access them from C files in the >> first place). > > That would be fantastic. I looked around, I found interesting things > like PROVIDE, but I don't think what you describe is possible. The > linker scripts only define symbols, they cannot set or define variables. > > >> Failing that, I don't think it matters much where these >> helper symbols live, and hence your choice is probably fine (I'd >> prefer though if, just like on Arm, the x86 file didn't live in the >> boot/ subdirectory; in the end it might even be possible to have >> some of them in xen/common/var.S). > > OK, I'll move the x86 var.S to xen/arch/x86/x86_64. I cannot share var.S > because arm32 is using long instead of quad.
Have an architecture specific define ASM_UINTPTR (.quad or .long) for that purpose? Juergen _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
