On 05.06.2023 11:19, Roberto Bagnara wrote:
> On 05/06/23 09:35, Jan Beulich wrote:
>> On 05.06.2023 07:28, Roberto Bagnara wrote:
>>> Finally, Xen seems to rely on explicitly undefined behavior, namely
>>> C99 UB 58: "A structure or union is defined as containing no named
>>> members (6.7.2.1)." All instances but one occur via macro BUILD_BUG_ON_ZERO,
>>> the remaining instance concerns struct
>>> `cpu_policy::<anonymous union>::<anonymous struct>::<anonymous
>>> union>::<anonymous struct>'.
>>> Reliance on undefined behavior might be hard to justify.
>>
>> For starters just a comment here: I'm pretty sure this case was discussed
>> before, and that it was agreed that if need be we'd simply add _ as the
>> name there. Yet then - how did you notice this? Code inspection? I would
>> expect no analysis tool would spot it because it's used for gcc < 4.6
>> only. And I doubt you run analysis tools in combination with this old a
>> gcc?
>
> It is detected by ECLAIR, but the analysis is based on GCC 12,
> and the detection of implementation-defined behaviors (including
> predefined macros) is completely automatic, so I don't think there
> is any configuration error.
>
> One of the instances arises from
>
> xen/arch/arm/dm.c:50.19-50.37:
> all the members of struct `dm_op(const struct dmop_args*)::<anonymous
> struct>' are unnamed (undefined for the C99 standard, ISO/IEC 9899:1999 Annex
> J.2 item 58: "A structure or union is defined as containing no named members
> (6.7.2.1)." [STD.anonstct]). Tool used is `/usr/bin/aarch64-linux-gnu-gcc-12'
>
> and, in turn:
>
> xen/include/xen/lib.h:54.12-54.17: expanded from macro `BUILD_BUG_ON_ZERO'
Oh, indeed:
#define BUILD_BUG_ON_ZERO(cond) \
sizeof(struct { _Static_assert(!(cond), "!(" #cond ")"); })
uses a struct with no real member as well. I did overlook this earlier on.
Not sure though how to deal with this here.
Jan
> xen/include/xen/compiler.h:126.3-126.77: expanded from macro `__must_be_array'
> xen/include/xen/lib.h:77.53-77.70: expanded from macro `ARRAY_SIZE'
>
> I apologize in advance if I have misunderstood something.
> Kind regards,
>
> Roberto
