On 22/02/2019 11:21, Andrii Anisov wrote:
On 22.02.19 12:27, Andrew Cooper wrote:
On 22/02/2019 09:57, Oleksandr Andrushchenko wrote:
From: Oleksandr Andrushchenko <oleksandr_andrushche...@epam.com>
Hello, everybody!
We at EPAM Systems would like to present first series of patches targeting Xen
on ARM Functional Safety certification (ISO61508 based): implementation of
MISRA [1] C:2012 Rule 16.4 which requires that every switch statement has a
default label as a measure of defensive programming technique.
Hang on - what?
Can someone attempt to justify why actively breaking -Wswitch is going
to result in safer/better code?
I would express my vision of that MISRA rule requirement:
It requires handling (in any meaning) all possible incoming values explicitly.
Switching through enum still could be guarded by BUG/ASSERT_UNREACHABLE under
default label. Though at runtime, not compilation time.
While review tend to be very thorough, it is sometimes hard to spot when we miss
a case. This is where -Wswitch comes into place to spot missing how.
How the BUG/ASSERT_UNREACHABLE solution is going to help us here?
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel