[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen FuSa meeting tomorrow Tue 17 November



Dear all,

please find attached the result of our investigations on sonarQube and alternatives.

the outcome can be summarized in this way:

SonarQube (sonarcloud) could be a valid tool for our needs because it supports command line and serverside precommit operations and should support inline justification of violations. Unfortunately (as pointed out also by Artem) MirsaC support is really limited.

we provide a list of alternatives (cppcheck is in the list) but support to serverside precommit checks must be further investigated.

talk to you later,

Francesco and Lorenzo.

Il 17/11/2020 14:17, Bertrand Marquis ha scritto:
Hi Artem,

Here after you will find the current status I got on your tickets.

On 17 Nov 2020, at 11:24, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx> wrote:

Hello all

Few notes on my AIs to discuss today:

- Sonar, unfortunately, support a very limited set of MISRA rules (https://rules.sonarsource.com/c/tag/misra-c2012) so it is not suitable for us. OTOH, cppcheck has a full set of MISRA-C-2012 143 rules supported via public plugin (without publishing rules text, only giving an ID) https://github.com/danmar/cppcheck/blob/main/addons/misra.py. I think this should be a great starting point so will try it now.

- We have created a migrated armclang Xen branch on top of current staging, but I cannot check it without license for Arm DS safety compiler, unfortunately. Also I have re-checked Arm Safety Compiler issues after migration to new support system (except one), here's the list:
I am working on that and will keep you informed.

CAS-138402-Y0Y9C3 --- 00195992
This is not considered a bug but a feature request and for now this is considered.

CAS-137352-T7F4V1 --- 00192196
This a known limitation and there is a workaround for it.

CAS-138292-L5S0V0 --- cannot find it yet
There is a workaround for current compiler and this will be fixed in the new compiler scheduled to be released around H2 2021 

CAS-137357-Z7W3B8 --- 00182044
This has been resolved in 6.6.4 version of the compiler.

CAS-137359-V7G6W6 --- 00118170
This is a limitation of the fromelf tool and is considered a feature request. It has not been considered yet.

BR
Bertrand

BR,
-- Artem

-----Original Message-----
From: Fusa-sig <fusa-sig-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Stefano Stabellini
Sent: Tuesday, 17 November, 2020 00:49
To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
Cc: fusa-sig@xxxxxxxxxxxxxxxxxxxx; stefanos@xxxxxxxxxx
Subject: Xen FuSa meeting tomorrow Tue 17 November

Hi all,

I would like to remind you that tomorrow it is time for our Xen FuSa SIG meeting. There are a number of outstanding actions, see below. Also, David Ward kindly volunteered to present on the subject of the MISRA Compliance 2020 document, which is extremely relevant as it provides a framework to manage deviations.

Cheers,

Stefano



On Tue, 3 Nov 2020, Stefano Stabellini wrote:
Hi all,

These are the minutes of today's FuSa meeting.  Look for "ACTION" in 
the test to find the ACTION items.

Cheers,

Stefano



# Build Xen with ARMClang

Bertrand: ARM will internally build Xen with ARMClang to validate 
ARMClang against Xen. It is going to start in the next couple of months.

Artem: I have opened a bunch of issues against ARMClang. What is the 
status?

Bertrand: will check

ACTION(Bertrand): ARM to let us know when issues are going to be fixed 
and in which version of the compiler.

ACTION(Artem): send the ARMClang series for Xen again rebased on 
staging


# Resiltech presentation on MISRAC

First identify set of rules we have to comply to MISRAC. A subset of 
MISRAC, but which one?  Some rules are mandatory, some others are 
advisory?

Who is responsible for deciding which rules are mandatory (R1)? It is 
important to have the safety experts involved.

Once we identify the R1 rules, let's use static analysis to check for 
violations. For instance SonarCloud.

We need to device who is responsible for fixing the violations, and 
what happens when developers say that the solution is worse than the 
original code.  There is a need for a final pass by a safety expert 
after the developer's analysis. In case the safety expert team 
identifies that the justification cannot be accepted the code has to be fixed.


We need a tool able to process justifications for MISRAC violations 
inline with the code. It is important to maintain MISRAC violation 
justifications in sync with the code. Is there a tool that can do that 
today?

If the tool doesn't support it, we could add scripting to it, so that 
we could extract the justifications from the comments and populate the 
tool's database ourselves.


ACTION(Artem): work with Sonar and see how it handles justifications
ACTION(Francesco): do an analysis on the tools and justification 
handling


ACTION(Stefano): MISRAC justifiaction as incode comments, is it viable
                from a community perspective? Start the discussion.
ACTION(Stefano): Diagram to describe the new contributor process
                workflow


MISRAC document to provide a framework to manage deviations 
https://urldefense.com/v3/__https://www.misra.org.uk/forum/viewtopic.p
hp?f=241&t=1842__;!!GF_29dbcQIUBPA!lHt1TEb2koDpfOmJwNiV5B-0OQc3sCB429nx6W4sPDUdbXiz2C5WGp3Wh-tSKeddKg$ [misra[.]org[.]uk] ACTION(David Ward): do a presentation on the topic during the next
                   FuSa meeting.

--

Francesco Brancati
Innovation Manager and SW Solutions Expert
Email: francesco.brancati@xxxxxxxxxxxxx
Phone: +39 0587 21 24 65 (internal number: 104)
Mobile: +39 333 48 52 041
Skype: francesco.brancati

www.resiltech.com

This e-mail and related attachments are property of ResilTech S.r.l. and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender.
You shouldn't copy it or use it for any purpose nor disclose or distribute its contents to any other person.
Questa e-mail e tutti i suoi allegati sono proprietà di ResilTech S.r.l. e possono essere soggetti a restrizioni legali. Se non siete l'effettivo destinatario o avete ricevuto il messaggio per errore siete pregati di cancellarlo dal vostro sistema e di avvisare il mittente. E' vietata la duplicazione, l'uso a qualsiasi titolo, la divulgazione o la distribuzione dei contenuti di questa e-mail a qualunque altro soggetto.

Attachment: xen_rulecheckers_Presentation_ES.pptx
Description: MS-Powerpoint 2007 presentation


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.