[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Xen FuSa meeting tomorrow Tue 17 November


  • To: David Ward <david.ward@xxxxxxxxxxxxxxx>
  • From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
  • Date: Wed, 18 Nov 2020 09:43:35 -0800
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.199.62.198) smtp.rcpttodomain=horiba-mira.com smtp.mailfrom=xilinx.com; dmarc=bestguesspass action=none header.from=xilinx.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dXN0dHlKVRh+eAcZjCBl2jkXT21f86GmCIMW7105gZI=; b=B9go3v7JsCWVHnVlmAbZiTStmRstHtvyV9+UMWTmYLJgPACEK5uXdJNN5iiKZ3sbkX5+6fvPExwcmgvQ+H42gnGLLkT6j1A2PedaVGpe3SF7ExZQzhxDv4l1DZrrLxKfghUG7uyJNBVmEuNcwM6OjRgj/DS4pyEVz4Cz8zwVD/sSyV3yY5tE71Mn21jAHTx1sDceFP062fWavsoVD6jQJNUVkWaiTLfTSqCVaAfHpejXBQOOyAEiB673v2Dmr7cUVUCEe8fBfIoi88nv0czjxtlY3iWoPxiIsFXWJjBswhOXJA2L1voKxZp0hwIi93R/yCzBvJ/c4Z/w39PGoFMeig==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MRQnnqAYe226zKmop8SEr7lSO6f85QxBFeWD6KVTeBfAJhPV+SBJ6Rl+fZa0oVGXEPZnjFIiDE/HdM+jaHPykpQjZETt3R6tWa6LWYdh2FosYY3wce/GQ4JgYrJACUiddsvMoM1H96O7C0aT2nHT19WeJeu9VaVQRUpla32iI8XNQlrf6C7KTzchJwrTfUY/AZbAik7YYhw612nqzqw74aaXImL5x25PH7cSLbhdyJUb+Nw3ecuAl7zvKmJ9siwNO9fOMnftAG0aXquE0xZfJEgLlBRf/VQ5bGnVCtSI4O4QVOli6euVkZGwjjdgTFkJJbtzkSlgPwbz/941ak+P1w==
  • Cc: Francesco Brancati <francesco.brancati@xxxxxxxxxxxxx>, "pserwa@xxxxxxxxx" <pserwa@xxxxxxxxx>, "mszczepankiewicz@xxxxxxxxx" <mszczepankiewicz@xxxxxxxxx>, "fusa-sig@xxxxxxxxxxxxxxxxxxxx" <fusa-sig@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 18 Nov 2020 17:43:45 +0000
  • List-id: This is a discussion list for members of the Xen Project FuSa SIG <fusa-sig.lists.xenproject.org>

We could certainly consider a commercial tool, we don't have a specific
constraint in that respect. Xen Project has a budget that could
potentially be used to cover the costs.

However, the issue is integration as part of the CI-loop. We need to run
it locally inside a server-side (no GUI) Linux container created on
purpose for every commit. So that it would be fully integrated in the
CI-loop: we could make the pipeline fail if MISRAC tests don't pass, and
we could even run the tests on a patch series before committing it.

Typically commercial tools cannot easily be deployed automatically on a
Linux container for licensing reasons. They require a human to accept a
licensing agreement, which cannot be done automatically in a CI-loop.

If the commercial tool is available "as a service", and its services can
be invoked automatically from the headless Linux container in the
CI-loop, that would work and might solve the issue of the licensing
agreement. Note that Coverity is available "as a service" but I don't
think it can be invoked automatically from a headless Linux container:
typically a human needs to login the web interface to get the results.
If a human has to login to know if tests pass, then we cannot
automatically block the CI-loop in case of failures.


In short, using a commercial tool is challenging, unless we find one
that could be used by a bot (not a human) both for triggering tests and
also to get the results back.



On Wed, 18 Nov 2020, David Ward wrote:
> I would agree that commercial tools are likely to have better and wider 
> coverage of MISRA C rules, hence why I commented yesterday that
> it’s important to evaluate how well the tools check rules, not just that they 
> claim to check a certain number of rules.
> 
>  
> 
>  
> 
> Best regards
> 
>  
> 
> David
> 
>  
> 
> From: Fusa-sig <fusa-sig-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Francesco 
> Brancati
> Sent: 18 November 2020 11:48
> To: pserwa@xxxxxxxxx
> Cc: mszczepankiewicz@xxxxxxxxx; fusa-sig@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: Xen FuSa meeting tomorrow Tue 17 November
> 
>  
> 
> Dear Piotr,
> 
> of course commercial tools offer much more features. Do you think their 
> licenses would allow the usage server side to support a community
> based development?
> 
> I guess we were focusing on free tools to overcome this issue.
> 
> @Stefano do we have any constraints in adopting a commercial tool?
> 
> Regards,
> 
> Francesco.
> 
> Il 18/11/2020 11:39, Piotr Serwa ha scritto:
> 
>       Hi Francesco,
> 
>        
> 
>       Why not taking a commercial tool, with a full MISRA 2012 support? Free 
> tools are far below the needs, I think. Commercial tools
>       typically come with qualification kits and safety certificates. I would 
> recommend investigating Axivion, Parasoft C test ,
>       Helix QAC, LDRA TBvision or Absint rule checker. Maybe you can 
> negotiate a free usage as Xen is open source. Coverity is doing
>       this approach (I mean free scan of Linux code).
> 
>        
> 
>       Regards
> 
>       Piotr
> 
>        
> 
>       From: Fusa-sig <fusa-sig-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of 
> Francesco Brancati
>       Sent: Tuesday, 17 November 2020 15:14
>       To: fusa-sig@xxxxxxxxxxxxxxxxxxxx
>       Cc: Lorenzo Falai <lorenzo.falai@xxxxxxxxxxxxx>
>       Subject: Re: Xen FuSa meeting tomorrow Tue 17 November
> 
>  
> 
> Dear all,
> 
> please find attached the result of our investigations on sonarQube and 
> alternatives.
> 
> the outcome can be summarized in this way:
> 
> SonarQube (sonarcloud) could be a valid tool for our needs because it 
> supports command line and serverside precommit operations and
> should support inline justification of violations. Unfortunately (as pointed 
> out also by Artem) MirsaC support is really limited.
> 
> we provide a list of alternatives (cppcheck is in the list) but support to 
> serverside precommit checks must be further investigated.
> 
> talk to you later,
> 
> Francesco and Lorenzo.
> 
> Il 17/11/2020 14:17, Bertrand Marquis ha scritto:
> 
> Hi Artem,
> 
>  
> 
> Here after you will find the current status I got on your tickets.
> 
>  
> 
> On 17 Nov 2020, at 11:24, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx> wrote:
> 
>  
> 
> Hello all
> 
>  
> 
> Few notes on my AIs to discuss today:
> 
>  
> 
> - Sonar, unfortunately, support a very limited set of MISRA rules 
> (https://rules.sonarsource.com/c/tag/misra-c2012) so it is not suitable f
> or us. OTOH, cppcheck has a full set of MISRA-C-2012 143 rules supported via 
> public plugin (without publishing rules text, only giving an I
> D) https://github.com/danmar/cppcheck/blob/main/addons/misra.py. I think this 
> should be a great starting point so will try it now.
> 
>  
> 
> - We have created a migrated armclang Xen branch on top of current staging, 
> but I cannot check it without license for Arm DS safety compile
> r, unfortunately. Also I have re-checked Arm Safety Compiler issues after 
> migration to new support system (except one), here's the list:
> 
>  
> 
> I am working on that and will keep you informed.
> 
>  
> 
> CAS-138402-Y0Y9C3 --- 00195992
> 
>  
> 
> This is not considered a bug but a feature request and for now this is 
> considered.
> 
>  
> 
> CAS-137352-T7F4V1 --- 00192196
> 
>  
> 
> This a known limitation and there is a workaround for it.
> 
>  
> 
> CAS-138292-L5S0V0 --- cannot find it yet
> 
>  
> 
> There is a workaround for current compiler and this will be fixed in the new 
> compiler scheduled to be released around H2 2021 
> 
>  
> 
> CAS-137357-Z7W3B8 --- 00182044
> 
>  
> 
> This has been resolved in 6.6.4 version of the compiler.
> 
>  
> 
> CAS-137359-V7G6W6 --- 00118170
> 
>  
> 
> This is a limitation of the fromelf tool and is considered a feature request. 
> It has not been considered yet.
> 
>  
> 
> BR
> 
> Bertrand
> 
>  
> 
>  
> 
> BR,
> 
> -- Artem
> 
>  
> 
> -----Original Message-----
> 
> From: Fusa-sig <fusa-sig-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Stefano 
> Stabellini
> 
> Sent: Tuesday, 17 November, 2020 00:49
> 
> To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
> 
> Cc: fusa-sig@xxxxxxxxxxxxxxxxxxxx; stefanos@xxxxxxxxxx
> 
> Subject: Xen FuSa meeting tomorrow Tue 17 November
> 
>  
> 
> Hi all,
> 
>  
> 
> I would like to remind you that tomorrow it is time for our Xen FuSa SIG 
> meeting. There are a number of outstanding actions, see below. Als
> o, David Ward kindly volunteered to present on the subject of the MISRA 
> Compliance 2020 document, which is extremely relevant as it provide
> s a framework to manage deviations.
> 
>  
> 
> Cheers,
> 
>  
> 
> Stefano
> 
>  
> 
>  
> 
>  
> 
> On Tue, 3 Nov 2020, Stefano Stabellini wrote:
> 
> Hi all,
> 
>  
> 
> These are the minutes of today's FuSa meeting.  Look for "ACTION" in 
> 
> the test to find the ACTION items.
> 
>  
> 
> Cheers,
> 
>  
> 
> Stefano
> 
>  
> 
>  
> 
>  
> 
> # Build Xen with ARMClang
> 
>  
> 
> Bertrand: ARM will internally build Xen with ARMClang to validate 
> 
> ARMClang against Xen. It is going to start in the next couple of months.
> 
>  
> 
> Artem: I have opened a bunch of issues against ARMClang. What is the 
> 
> status?
> 
>  
> 
> Bertrand: will check
> 
>  
> 
> ACTION(Bertrand): ARM to let us know when issues are going to be fixed 
> 
> and in which version of the compiler.
> 
>  
> 
> ACTION(Artem): send the ARMClang series for Xen again rebased on 
> 
> staging
> 
>  
> 
>  
> 
> # Resiltech presentation on MISRAC
> 
>  
> 
> First identify set of rules we have to comply to MISRAC. A subset of 
> 
> MISRAC, but which one?  Some rules are mandatory, some others are 
> 
> advisory?
> 
>  
> 
> Who is responsible for deciding which rules are mandatory (R1)? It is 
> 
> important to have the safety experts involved.
> 
>  
> 
> Once we identify the R1 rules, let's use static analysis to check for 
> 
> violations. For instance SonarCloud.
> 
>  
> 
> We need to device who is responsible for fixing the violations, and 
> 
> what happens when developers say that the solution is worse than the 
> 
> original code.  There is a need for a final pass by a safety expert 
> 
> after the developer's analysis. In case the safety expert team 
> 
> identifies that the justification cannot be accepted the code has to be fixed.
> 
>  
> 
>  
> 
> We need a tool able to process justifications for MISRAC violations 
> 
> inline with the code. It is important to maintain MISRAC violation 
> 
> justifications in sync with the code. Is there a tool that can do that 
> 
> today?
> 
>  
> 
> If the tool doesn't support it, we could add scripting to it, so that 
> 
> we could extract the justifications from the comments and populate the 
> 
> tool's database ourselves.
> 
>  
> 
>  
> 
> ACTION(Artem): work with Sonar and see how it handles justifications
> 
> ACTION(Francesco): do an analysis on the tools and justification 
> 
> handling
> 
>  
> 
>  
> 
> ACTION(Stefano): MISRAC justifiaction as incode comments, is it viable
> 
>                 from a community perspective? Start the discussion.
> 
> ACTION(Stefano): Diagram to describe the new contributor process
> 
>                 workflow
> 
>  
> 
>  
> 
> MISRAC document to provide a framework to manage deviations 
> 
> https://urldefense.com/v3/__https://www.misra.org.uk/forum/viewtopic.p
> 
> hp?f=241&t=1842__;!!GF_29dbcQIUBPA!lHt1TEb2koDpfOmJwNiV5B-0OQc3sCB429nx6W4sPDUdbXiz2C5WGp3Wh-tSKeddKg$
>  [misra[.]org[.]uk] ACTION(David Ward
> ): do a presentation on the topic during the next
> 
>                    FuSa meeting.
> 
>  
> 
>  
> 
> --
> 
> Francesco Brancati
> Innovation Manager and SW Solutions Expert
> Email: francesco.brancati@xxxxxxxxxxxxx
> Phone: +39 0587 21 24 65 (internal number: 104)
> Mobile: +39 333 48 52 041
> Skype: francesco.brancati
> [IMAGE]
> www.resiltech.com
> 
> 
> ___________________________________________________________________________________________________________________________________________
> 
> 
> This e-mail and related attachments are property of ResilTech S.r.l. and may 
> also be privileged. If you are not the intended
> recipient please delete it from your system and notify the sender.
> You shouldn't copy it or use it for any purpose nor disclose or distribute 
> its contents to any other person.
> Questa e-mail e tutti i suoi allegati sono proprietà di ResilTech S.r.l. e 
> possono essere soggetti a restrizioni legali. Se non siete
> l'effettivo destinatario o avete ricevuto il messaggio per errore siete 
> pregati di cancellarlo dal vostro sistema e di avvisare il
> mittente. E' vietata la duplicazione, l'uso a qualsiasi titolo, la 
> divulgazione o la distribuzione dei contenuti di questa e-mail a
> qualunque altro soggetto.
> 
> --
> 
> Francesco Brancati
> Innovation Manager and SW Solutions Expert
> Email: francesco.brancati@xxxxxxxxxxxxx
> Phone: +39 0587 21 24 65 (internal number: 104)
> Mobile: +39 333 48 52 041
> Skype: francesco.brancati
> [IMAGE]
> www.resiltech.com
> 
> 
> ___________________________________________________________________________________________________________________________________________
> 
> 
> This e-mail and related attachments are property of ResilTech S.r.l. and may 
> also be privileged. If you are not the intended recipient
> please delete it from your system and notify the sender.
> You shouldn't copy it or use it for any purpose nor disclose or distribute 
> its contents to any other person.
> Questa e-mail e tutti i suoi allegati sono proprietà di ResilTech S.r.l. e 
> possono essere soggetti a restrizioni legali. Se non siete
> l'effettivo destinatario o avete ricevuto il messaggio per errore siete 
> pregati di cancellarlo dal vostro sistema e di avvisare il
> mittente. E' vietata la duplicazione, l'uso a qualsiasi titolo, la 
> divulgazione o la distribuzione dei contenuti di questa e-mail a
> qualunque altro soggetto.
> 
> 
> HORIBA MIRA Ltd
> 
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
> Registered in England and Wales No. 9626352
> VAT Registration  GB 100 1464 84
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are
> addressed. If you are not the named addressee you should not disseminate, 
> distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete 
> this e-mail from your system. If you are not the intended
> recipient you are notified that disclosing, copying, distributing or taking 
> any action in reliance on the contents of this information is
> strictly prohibited.
> 
> 

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.