[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen: Use auto as per C23

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Fri, 15 Aug 2025 09:20:46 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1755242446; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=Q7Y7H8c+F1DqZMzbG89vk7tX0P1WIMm2jykyWtYIrdk=; b=oP/QNifGXTKsX7FbT/vLpfPgHt38KapDx9pfwYLAzP7jJDa1gry3OEoHw1QpQM+Jfu5J PHf0K91gbIvoM0vQNyT3bP01p+v8jLpZnxUT1u8nlutUCVmV7WZft9IQV3U+ZsKq15zuX +iax53P/BZICjkOF8rnr3EnILJtCloIbtf9IpeTE0hVp0nXuvzHJ82K3xVncpjb2uLoLk 9vC0NIWOPJ0Wd/ZEAZf8PlfPA8r+4QCDEUHMbefAH24OyxrGVqp5QQYztz5zL6YFWOQOn DbfepoSTii4/XpL5i+IZbbFqzqRM0e0ykl5OVxhnn6lDUyCQWUV1dglpgNGdv487Vl0y/ OV62qHt/Eyy7zcbZqDQ210jsyGlcODpeUhEIdeLiEPphPZJdm93OYOVuc3rGHK+sCt9r3 xxe/Fl7Wl2TTP8tBGnvsYmj5QcBmbdt9RlXV/Eb+gA7kk+ATGbxoZYZLEx+ZF38lxnEZP sguEfT5X0LFZRM5iAfeGNoT5XvRNWjUyjjS2uFLUyEGj4JNHbbMtxu6VXUwdBUNROuyGh UiY78leo7HydYWmBaCcXQvL1FdSmZUk5nyyCDusCH15C7DtF1FaqylfZOcvci0Vr1Kyhj EW6Qeq9nHAugVZ1mNf1WsYWEj7gsE1ckAs1PDv1qKDfDy86uJV7zpEluRQouWw4=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1755242446; b=bi6ly0sU3FUisvooVeqp0IYRtW3ev7CjBo6kcDbtEDzFbyI+HZsn2z2SDKyFY+HwoiOG S3tajlBHNyq5MrnmsxBpTjpt142OJc7KX0gTLW6uRzPbSruw9YHQPNqvL7Ag53+wD3Cgv gkiGXT7Dei0y/he5UreK4bA9FXPivyIWZQWJ+bXEwJIsclJ2ttYDldpmGy3CSfIZ33GRB EmjYdFZdEBxUzGYu5V76H5OT/Mmz2vArVWi4RF9S6JZVGYWSbWUdvhT6DYCEvBee2jBrD NBuQXhWxy9tc2W/2L7g5qLll9129VykEqkOv7Er5l1rQU2FCUZQ9g+H8jiXfvV6aofPU/ T71zm0JdPAhl4lctr8sgi8hpGbnZ9up5RHxLnSiPv8ux2UoNuc6EeXNrqRsjVD4T6A9e2 vvnV1bOqtJGAbNwwrrabCznWmEptKdQNMzs0D6nSSnyrLYwAi6PaoBW/nuulamKWhBAzI 1ErnexPBHq3WhSK5J/j9iojMW9S7F4tSOQhbKRiYhyOOiNtdwDHQ/IXa3+TvxWZfTufVu T3iJj8P4Ifcl+skjEQLcjl2SSqSTj6kTKL+KNLFpPhi5EUoriWbtFJhKCqAbzqsVx8fEm nqBi2RdUmcgPecklLdFDEG4OshZCGatcvKZlFQp/Wv2/CFF/Q6ay64/VFZuAblY=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roberto Bagnara <roberto.bagnara@xxxxxxxxxxx>, "consulting @ bugseng . com" <consulting@xxxxxxxxxxx>
  • Delivery-date: Fri, 15 Aug 2025 07:20:59 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-08-15 00:25, Andrew Cooper wrote:
In macros it is common to declare local variables using typeof(param) in order to ensure that side effects are only evaluated once. A consequence of this is double textural expansion of the parameter, which can get out of hand very 
quickly with nested macros.

In C23, the auto keyword has been repurposed to perform type inference.
A GCC extension, __auto_type, is now avaialble in the new toolchain baseline 
and avoids the double textural expansion.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>


Reviewed-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>

with a nit below:


---
CC: Anthony PERARD <anthony.perard@xxxxxxxxxx>
CC: Michal Orzel <michal.orzel@xxxxxxx>
CC: Jan Beulich <jbeulich@xxxxxxxx>
CC: Julien Grall <julien@xxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Roberto Bagnara <roberto.bagnara@xxxxxxxxxxx>
CC: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
CC: consulting@xxxxxxxxxxx <consulting@xxxxxxxxxxx>

The resulting build is identical.

v2:
 * Use auto directly
 * Eclair configuration

https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/1985289434
---
 automation/eclair_analysis/ECLAIR/toolchain.ecl | 11 +++++++++--
 docs/misra/C-language-toolchain.rst             |  2 ++
 xen/include/xen/compiler.h                      | 14 ++++++++++++++
 xen/include/xen/macros.h                        | 14 +++++++-------
 4 files changed, 32 insertions(+), 9 deletions(-)
diff --git a/automation/eclair_analysis/ECLAIR/toolchain.ecl b/automation/eclair_analysis/ECLAIR/toolchain.ecl 
index 842f8377e561..125f99a06583 100644
--- a/automation/eclair_analysis/ECLAIR/toolchain.ecl
+++ b/automation/eclair_analysis/ECLAIR/toolchain.ecl
@@ -15,6 +15,7 @@
__alignof__, __alignof: see Sections \"6.48 Alternate Keywords\" and \"6.44 Determining the Alignment of Functions, Types or Variables\" of "GCC_MANUAL". asm, __asm__: see Sections \"6.48 Alternate Keywords\" and \"6.47 How to Use Inline Assembly Language in C Code\" of "GCC_MANUAL". __attribute__: see Section \"6.39 Attribute Syntax\" of "GCC_MANUAL". + __auto_type: see Section \"6.7 Referring to a Type with typeof\" of "GCC_MANUAL". __builtin_offsetof: see Section \"6.53 Support for offsetof\" of "GCC_MANUAL". __builtin_types_compatible_p: see Section \"6.59 Other Built-in Functions Provided by GCC\" of "GCC_MANUAL". 
     __builtin_va_arg: non-documented GCC extension.
@@ -26,6 +27,7 @@
 -name_selector+={alignof, "^(__alignof__|__alignof)$"}
 -name_selector+={asm, "^(__asm__|asm)$"}
 -name_selector+={attribute, "^__attribute__$"}
+-name_selector+={auto_type, "^__auto_type$"}
 -name_selector+={builtin_offsetof, "^__builtin_offsetof$"}
 -name_selector+={builtin_types_p, "^__builtin_types_compatible_p$"}
 -name_selector+={builtin_va_arg, "^__builtin_va_arg$"}
@@ -39,6 +41,7 @@
 "alignof||
 asm||
 attribute||
+auto_type||
 builtin_offsetof||
 builtin_types_p||
 builtin_va_arg||
@@ -114,6 +117,7 @@ volatile"
 -doc_end

 -doc_begin="
+ ext_auto_type: see Section \"6.7 Referring to a Type with typeof\" of "GCC_MANUAL". ext_c_missing_varargs_arg: see Section \"6.21 Macros with a Variable Number of Arguments\" of "GCC_MANUAL". 
     ext_enum_value_not_int: non-documented GCC extension.
ext_flexible_array_in_array: see Section \"6.18 Arrays of Length Zero\" of "GCC_MANUAL". 
@@ -126,6 +130,7 @@ volatile"
ext_return_has_void_expr: see the documentation for -Wreturn-type in Section \"3.8 Options to Request or Suppress Warnings\" of "GCC_MANUAL". ext_sizeof_alignof_void_type: see Section \"6.24 Arithmetic on void- and Function-Pointers\" of "GCC_MANUAL". 
 "
+-name_selector+={ext_auto_type, "^ext_auto_type$"}
-name_selector+={ext_c_missing_varargs_arg, "^ext_c_missing_varargs_arg$"} 
 -name_selector+={ext_enum_value_not_int, "^ext_enum_value_not_int$"}
-name_selector+={ext_flexible_array_in_array, "^ext_flexible_array_in_array$"} 
@@ -139,7 +144,8 @@ volatile"
-name_selector+={ext_sizeof_alignof_void_type, "^ext_sizeof_alignof_void_type$"} 

 -config=STD.diag,behavior+={c99,GCC_ARM64,
-"ext_c_missing_varargs_arg||
+"ext_auto_type||
+ext_c_missing_varargs_arg||
 ext_forward_ref_enum_def||
 ext_gnu_array_range||
 ext_gnu_statement_expr_macro||
@@ -149,7 +155,8 @@ ext_return_has_void_expr||
 ext_sizeof_alignof_void_type"
 }
 -config=STD.diag,behavior+={c99,GCC_X86_64,
-"ext_c_missing_varargs_arg||
+"ext_auto_type||
+ext_c_missing_varargs_arg||
 ext_enum_value_not_int||
 ext_flexible_array_in_array||
 ext_flexible_array_in_struct||
diff --git a/docs/misra/C-language-toolchain.rst b/docs/misra/C-language-toolchain.rst 
index cb81f5c09872..635936004554 100644
--- a/docs/misra/C-language-toolchain.rst
+++ b/docs/misra/C-language-toolchain.rst
@@ -94,6 +94,8 @@ The table columns are as follows:
see Sections "6.48 Alternate Keywords" and "6.44 Determining the Alignment of Functions, Types or Variables" of GCC_MANUAL. 
        __attribute__:
           see Section "6.39 Attribute Syntax" of GCC_MANUAL.
+       __auto_type:
+ see Section "6.7 Referring to a Type with typeof" of GCC_MANUAL. 
        __builtin_types_compatible_p:
see Section "6.59 Other Built-in Functions Provided by GCC" of GCC_MANUAL. 
        __builtin_va_arg:
diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h
index 88bf26bc5109..38ef5d82ad95 100644
--- a/xen/include/xen/compiler.h
+++ b/xen/include/xen/compiler.h
@@ -64,6 +64,20 @@
 # define asm_inline asm
 #endif

+/*
+ * In C23, the auto keyword has been repurposed to perform type inference. 
+ *
+ * This behaviour is available via the __auto_type extension in supported 
+ * toolchains.
+ *
+ * https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Auto-Type.html 
+ * https://clang.llvm.org/docs/LanguageExtensions.html#auto-type
+ */
+#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 202311L
+/* SAF-3-safe MISRA C Rule 20.4: Giving the keyword it's C23 meaning. */ 
+#define auto __auto_type
+#endif
+
A more detailed explanation should live in deviations.rst under this bullet point 

   * - R20.4
- The override of the keyword \"inline\" in xen/compiler.h is present so that section contents checks pass when the compiler chooses not to 
       inline a particular function.
     - Comment-based deviation.

as described in the SAF entry:

        {
            "id": "SAF-3-safe",
            "analyser": {
                "eclair": "MC3A2.R20.4"
            },
"name": "MC3A2.R20.4: allow the definition of a macro with the same name as a keyword in some special cases", "text": "The definition of a macro with the same name as a keyword can be useful in certain configurations to improve the guarantees that can be provided by Xen. See docs/misra/deviations.rst for a precise rationale for all such cases." 
        },



 /*
  * Add the pseudo keyword 'fallthrough' so case statement blocks
  * must end with any of these keywords:
diff --git a/xen/include/xen/macros.h b/xen/include/xen/macros.h
index f9ccde86fb23..ceca2e4a1bf1 100644
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -63,18 +63,18 @@
 /* Hide a value from the optimiser. */
 #define HIDE(x)                                 \
     ({                                          \
-        typeof(x) _x = (x);                     \
+        auto _x = (x);                          \
         asm volatile ( "" : "+r" (_x) );        \
         _x;                                     \
     })

 #define ABS(x) ({                              \
-    typeof(x) x_ = (x);                        \
+    auto x_ = (x);                             \
     (x_ < 0) ? -x_ : x_;                       \
 })

 #define SWAP(a, b) \
-   do { typeof(a) t_ = (a); (a) = (b); (b) = t_; } while ( 0 )
+   do { auto t_ = (a); (a) = (b); (b) = t_; } while ( 0 )
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array(x)) 

@@ -102,15 +102,15 @@
  */
 #define min(x, y)                               \
     ({                                          \
-        const typeof(x) _x = (x);               \
-        const typeof(y) _y = (y);               \
+        const auto _x = (x);                    \
+        const auto _y = (y);                    \
         (void)(&_x == &_y); /* typecheck */     \
         _x < _y ? _x : _y;                      \
     })
 #define max(x, y)                               \
     ({                                          \
-        const typeof(x) _x = (x);               \
-        const typeof(y) _y = (y);               \
+        const auto _x = (x);                    \
+        const auto _y = (y);                    \
         (void)(&_x == &_y); /* typecheck */     \
         _x > _y ? _x : _y;                      \
     })

base-commit: b2c0dc44b37516b758c38de04c61ad295ac0dff2


--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.