On 14.05.2025 09:04, Orzel, Michal wrote: > On 14/05/2025 08:56, Jan Beulich wrote: >> On 14.05.2025 08:31, Orzel, Michal wrote: >>> On 14/05/2025 02:07, Stefano Stabellini wrote: >>>> On Tue, 13 May 2025, Stewart Hildebrand wrote: >>>>> All functions in dom0less-build.c should be __init. >>> Why? This patch is first in your series and by that time there is no build >>> time >>> enforcement. Together with the Fixes tag it implies that this is somehow an >>> issue (i.e. build/runtime issue) other than inconsistency for which we >>> surely >>> don't need Fixes tag. >> >> I disagree: Code not called post-init should be in .init.*. While not >> formally >> a Misra violation (and wrongly so, I think), it imo effectively is: Such code >> is otherwise unreachable post-init. > You have a point here, I agree. Although I don't think MISRA differentiates > between unreachable in general vs pre or post init. It defines it as code that > cannot be executed. It does not go into stages of runtime execution.
Right, hence how I wrote my earlier reply. Elsewhere, however, Misra (or at least our interpretation of it) does appear to care about init vs runtime, in e.g. desiring no runtime allocations. > I'm thinking how this is different from a function that is called e.g. only > once > at specific point at runtime execution for which we did not come up with a > separate section? With enough effort such could also be covered, I expect, yet at the same time the ultimate result may be coming close to getting out of control. Whereas for init vs post-init we already have a pretty clear boundary, with memory used merely for init actually properly reclaimed. Jan
