Xen project Mailing List

Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro

To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>

From: Luca Fancellu <Luca.Fancellu@xxxxxxx>

Date: Fri, 14 Jul 2023 14:20:12 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n6OT61ln+bj06Za8RV8SyTwZ/59XXWqkNmJcsNMugnY=; b=CcY0frh2yAjpBa2ED32V7lyr/a1OBF+kUxUwkbzNCY9AOXAd2O95a9Cu/f9Lwdvo8Fv6aeO7cJRvf54QaH6p4fAAcN/lEz47NFNOyKLOBi2Xav+Dt0sPzzJ608mpTXJhQo5jaE0+DN4gCMa881WpOdFunlJ1K6GF1XwIywH8ZONVEw+ImFX6LJFDqyqDpx3Rw/fjoXbJagbVFnqxEKYRy0lxTBLbRxbeMMjEnKbIpUq35r3J301K5PzvPdtmAm/+kEGEPAOMHtv7c44UR0ovvDjxl2AbPta7P0PlrIOuZqT1Y6xBNDh5I5p/yY8Sm0MSVHWSNsLdNEW1pMq6J8Fgrg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g0EOaxoXQUzzXegbEpx7UBGp7BjGnqvPYpdS0TNNbvNxwE+bSIaCr1CRu/omLq3Ag7TVDcfxLluO0SjTKcFWS4CNZCLApdE4s8v0eZbRGjGLwf7P1FB7jaI3cTkFR8IMF5PudnUmE9Ls4JF/qkdoAOozeVBRR/N1B/7mpqdUWksxz/VP0yHI4JVFFrHMSIEaE6k13670rtj13/f4cxeat9QtP6lNF+uMBhiXFhMKoICZ/RkwdjYkWHVewqiERRez9+zg3iIkNJTV/pYq4VyBReX34wPJ79/JjfHv2iEah4cO6qzosn0Dcc2vASldJvnQOnwoWFVa+9NcKz8p6yq4uw==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "michal.orzel@xxxxxxx" <michal.orzel@xxxxxxx>, "xenia.ragiadakou@xxxxxxx" <xenia.ragiadakou@xxxxxxx>, "ayan.kumar.halder@xxxxxxx" <ayan.kumar.halder@xxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Fri, 14 Jul 2023 14:20:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHZtkllBkKUd/6mO0+M9pyVgMwza6+5T/sA

Thread-topic: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro

> On 14 Jul 2023, at 12:49, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> wrote: > > The macro 'testop' expands to a function that declares the local > variable 'oldbit', which is written before being set, but is such a > way that is not amenable to automatic checking. > > Therefore, a deviation comment, is introduced to document this situation. > > A similar reasoning applies to macro 'guest_testop'. > > Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> > --- > docs/misra/safe.json | 16 ++++++++++++++++ > xen/arch/arm/arm64/lib/bitops.c | 3 +++ > xen/arch/arm/include/asm/guest_atomics.h | 3 +++ > 3 files changed, 22 insertions(+) > > diff --git a/docs/misra/safe.json b/docs/misra/safe.json > index 244001f5be..4cf7cbf57b 100644 > --- a/docs/misra/safe.json > +++ b/docs/misra/safe.json > @@ -20,6 +20,22 @@ > }, > { > "id": "SAF-2-safe", > + "analyser": { > + "eclair": "MC3R1.R9.1" > + }, > + "name": "Rule 9.1: initializer not needed", > + "text": "The following local variables are possibly subject to > being read before being written, but code inspection ensured that the control > flow in the construct where they appear ensures that no such event may > happen." > + }, > + { > + "id": "SAF-3-safe", > + "analyser": { > + "eclair": "MC3R1.R9.1" > + }, > + "name": "Rule 9.1: initializer not needed", > + "text": "The following local variables are possibly subject to > being read before being written, but code inspection ensured that the control > flow in the construct where they appear ensures that no such event may > happen." > + }, Since the rule and the justification are the same, you can declare only once and use the same tag on top of the offending lines, so /* SAF-2-safe MC3R1.R9.1 */, also, I remember some maintainers not happy about the misra rule being put after the tag, now I don’t recall who > + { > + "id": "SAF-4-safe", > "analyser": {}, > "name": "Sentinel", > "text": "Next ID to be used" > diff --git a/xen/arch/arm/arm64/lib/bitops.c b/xen/arch/arm/arm64/lib/bitops.c > index 20e3f3d6ce..e0728bb29d 100644 > --- a/xen/arch/arm/arm64/lib/bitops.c > +++ b/xen/arch/arm/arm64/lib/bitops.c > @@ -114,8 +114,11 @@ bitop(change_bit, eor) > bitop(clear_bit, bic) > bitop(set_bit, orr) > > +/* SAF-2-safe MC3R1.R9.1 */ > testop(test_and_change_bit, eor) > +/* SAF-2-safe MC3R1.R9.1 */ > testop(test_and_clear_bit, bic) > +/* SAF-2-safe MC3R1.R9.1 */ > testop(test_and_set_bit, orr) > > static always_inline bool int_clear_mask16(uint16_t mask, volatile uint16_t > *p, > diff --git a/xen/arch/arm/include/asm/guest_atomics.h > b/xen/arch/arm/include/asm/guest_atomics.h > index a1745f8613..9d8f8ec3a3 100644 > --- a/xen/arch/arm/include/asm/guest_atomics.h > +++ b/xen/arch/arm/include/asm/guest_atomics.h > @@ -67,8 +67,11 @@ guest_bitop(change_bit) > /* test_bit does not use load-store atomic operations */ > #define guest_test_bit(d, nr, p) ((void)(d), test_bit(nr, p)) > > +/* SAF-3-safe MC3R1.R9.1 */ > guest_testop(test_and_set_bit) > +/* SAF-3-safe MC3R1.R9.1 */ > guest_testop(test_and_clear_bit) > +/* SAF-3-safe MC3R1.R9.1 */ > guest_testop(test_and_change_bit) > > #undef guest_testop > -- > 2.34.1 > >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.