[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro


  • To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Fri, 14 Jul 2023 14:32:02 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JbRcR3buSSujg0UvOOkM3XuwpAEdnAQmh0QexJ7WeVQ=; b=oAw68lgAaX622eWANvvubyxvRYXt6O+gkVlUc0gOGFHSrKBd6bJ49m7A3xElQrjPxnEngXI21fLBwXoZlY66LQDcyaZHlkPJW7hYAddOgDhKt1yVrg9ltuWpnsTxVnvjTtlFEzCX2dPYoN4X4WhmwMIDEqleOgwBwMhGiKrVW/7OC9nByN5HCiADqFtJEx3v5zx3VY8isPrMR382Ic7af4efcnO+okknLIo4lf/8RUQjHUOOQBQXQZIPN4mKT5D0S41ROrlUKKdJnnjZMHrG3noiRGp5BHDq1r7ivDMfV+w4C/7s5qqdIRE1fEYJ5IzuR7eOsrOa/Gq0NlLZGx/HNg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dmUsmpI9U/PO0PrYNr1a5a4eg2rhshvLM7nIYKHPumcdNQ5t2RaMmPk22AJIpmNmR59EIyT4w5CPLmT22rwElT//RfOiH7/FnWPgVbtUNUWmZIrenP+4A+nGeTFwaVHH7otS1m6ZNSiPDWs+h3aEDw++p4834qmxO1zBHJ9auQwufMNKgIJ/kZC4w6pjrIRcgYRS3rsnxJZiobi1IcGEAlJqvHtJ5xyM3FL4aqDTjHOp23TM1dlSul8eGVHaLQxUy8e6wxMOki6U9EaI0IzVy/9c/1R9T9i6nvIc7Y8zsWhdtC08aFB6t0ZsDZ+Fs6Z1tGcnxTVscCD4YkPeQE+Mgw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "michal.orzel@xxxxxxx" <michal.orzel@xxxxxxx>, "xenia.ragiadakou@xxxxxxx" <xenia.ragiadakou@xxxxxxx>, "ayan.kumar.halder@xxxxxxx" <ayan.kumar.halder@xxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Fri, 14 Jul 2023 14:32:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHZtkllBkKUd/6mO0+M9pyVgMwza6+5T/sAgAADTgA=
  • Thread-topic: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro


> On 14 Jul 2023, at 15:20, Luca Fancellu <Luca.Fancellu@xxxxxxx> wrote:
> 
> 
> 
>> On 14 Jul 2023, at 12:49, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> wrote:
>> 
>> The macro 'testop' expands to a function that declares the local
>> variable 'oldbit', which is written before being set, but is such a
>> way that is not amenable to automatic checking.
>> 
>> Therefore, a deviation comment, is introduced to document this situation.
>> 
>> A similar reasoning applies to macro 'guest_testop'.
>> 
>> Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
>> ---
>> docs/misra/safe.json                     | 16 ++++++++++++++++
>> xen/arch/arm/arm64/lib/bitops.c          |  3 +++
>> xen/arch/arm/include/asm/guest_atomics.h |  3 +++
>> 3 files changed, 22 insertions(+)
>> 
>> diff --git a/docs/misra/safe.json b/docs/misra/safe.json
>> index 244001f5be..4cf7cbf57b 100644
>> --- a/docs/misra/safe.json
>> +++ b/docs/misra/safe.json
>> @@ -20,6 +20,22 @@
>>        },
>>        {
>>            "id": "SAF-2-safe",
>> +            "analyser": {
>> +                "eclair": "MC3R1.R9.1"
>> +            },
>> +            "name": "Rule 9.1: initializer not needed",
>> +            "text": "The following local variables are possibly subject to 
>> being read before being written, but code inspection ensured that the 
>> control flow in the construct where they appear ensures that no such event 
>> may happen."
>> +        },
>> +        {
>> +            "id": "SAF-3-safe",
>> +            "analyser": {
>> +                "eclair": "MC3R1.R9.1"
>> +            },
>> +            "name": "Rule 9.1: initializer not needed",
>> +            "text": "The following local variables are possibly subject to 
>> being read before being written, but code inspection ensured that the 
>> control flow in the construct where they appear ensures that no such event 
>> may happen."
>> +        },
> 
> Since the rule and the justification are the same, you can declare only once 
> and use the same tag on top of the offending lines, so /* SAF-2-safe 
> MC3R1.R9.1 */,
> also, I remember some maintainers not happy about the misra rule being put 
> after the tag, now I don’t recall who

Sorry, I see there was in a patch before a SAF-1-safe with the same 
justification, so I suggest you use SAF-3-safe as tag and drop the new 
justifications introduced here

> 
>> +        {
>> +            "id": "SAF-4-safe",
>>            "analyser": {},
>>            "name": "Sentinel",
>>            "text": "Next ID to be used"
>> diff --git a/xen/arch/arm/arm64/lib/bitops.c 
>> b/xen/arch/arm/arm64/lib/bitops.c
>> index 20e3f3d6ce..e0728bb29d 100644
>> --- a/xen/arch/arm/arm64/lib/bitops.c
>> +++ b/xen/arch/arm/arm64/lib/bitops.c
>> @@ -114,8 +114,11 @@ bitop(change_bit, eor)
>> bitop(clear_bit, bic)
>> bitop(set_bit, orr)
>> 
>> +/* SAF-2-safe MC3R1.R9.1 */
>> testop(test_and_change_bit, eor)
>> +/* SAF-2-safe MC3R1.R9.1 */
>> testop(test_and_clear_bit, bic)
>> +/* SAF-2-safe MC3R1.R9.1 */
>> testop(test_and_set_bit, orr)
>> 
>> static always_inline bool int_clear_mask16(uint16_t mask, volatile uint16_t 
>> *p,
>> diff --git a/xen/arch/arm/include/asm/guest_atomics.h 
>> b/xen/arch/arm/include/asm/guest_atomics.h
>> index a1745f8613..9d8f8ec3a3 100644
>> --- a/xen/arch/arm/include/asm/guest_atomics.h
>> +++ b/xen/arch/arm/include/asm/guest_atomics.h
>> @@ -67,8 +67,11 @@ guest_bitop(change_bit)
>> /* test_bit does not use load-store atomic operations */
>> #define guest_test_bit(d, nr, p) ((void)(d), test_bit(nr, p))
>> 
>> +/* SAF-3-safe MC3R1.R9.1 */
>> guest_testop(test_and_set_bit)
>> +/* SAF-3-safe MC3R1.R9.1 */
>> guest_testop(test_and_clear_bit)
>> +/* SAF-3-safe MC3R1.R9.1 */
>> guest_testop(test_and_change_bit)
>> 
>> #undef guest_testop
>> -- 
>> 2.34.1
>> 
>> 
> 


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.