Hi,
On 22/02/2019 10:27, Andrew Cooper wrote:
On 22/02/2019 09:57, Oleksandr Andrushchenko wrote:
From: Oleksandr Andrushchenko <oleksandr_andrushche...@epam.com>
Hello, everybody!
We at EPAM Systems would like to present first series of patches targeting Xen
on ARM Functional Safety certification (ISO61508 based): implementation of
MISRA [1] C:2012 Rule 16.4 which requires that every switch statement has a
default label as a measure of defensive programming technique.
Hang on - what?
Can someone attempt to justify why actively breaking -Wswitch is going
to result in safer/better code?
I was about to ask the same. There are quite a few cases where this series is
going to make more difficult extending enum.
Furthermore, using BUG() is a pretty bad idea in switch. A guest would be able
to crash the whole platform if there was a coding mistake. Instead we should use
ASSERT_UNREACHABLE() and provide proper fallback whenever it is possible.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
