[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro

To: Luca Fancellu <Luca.Fancellu@xxxxxxx>
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Fri, 14 Jul 2023 16:49:11 +0200
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "michal.orzel@xxxxxxx" <michal.orzel@xxxxxxx>, "xenia.ragiadakou@xxxxxxx" <xenia.ragiadakou@xxxxxxx>, "ayan.kumar.halder@xxxxxxx" <ayan.kumar.halder@xxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
Delivery-date: Fri, 14 Jul 2023 14:49:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>



On 14/07/23 16:32, Luca Fancellu wrote:

On 14 Jul 2023, at 15:20, Luca Fancellu <Luca.Fancellu@xxxxxxx> wrote:

On 14 Jul 2023, at 12:49, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> wrote:

The macro 'testop' expands to a function that declares the local
variable 'oldbit', which is written before being set, but is such a
way that is not amenable to automatic checking.

Therefore, a deviation comment, is introduced to document this situation.

A similar reasoning applies to macro 'guest_testop'.

Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
---
docs/misra/safe.json                     | 16 ++++++++++++++++
xen/arch/arm/arm64/lib/bitops.c          |  3 +++
xen/arch/arm/include/asm/guest_atomics.h |  3 +++
3 files changed, 22 insertions(+)

diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index 244001f5be..4cf7cbf57b 100644
--- a/docs/misra/safe.json
+++ b/docs/misra/safe.json
@@ -20,6 +20,22 @@
        },
        {
            "id": "SAF-2-safe",
+            "analyser": {
+                "eclair": "MC3R1.R9.1"
+            },
+            "name": "Rule 9.1: initializer not needed",
+            "text": "The following local variables are possibly subject to being 
read before being written, but code inspection ensured that the control flow in the construct where 
they appear ensures that no such event may happen."
+        },
+        {
+            "id": "SAF-3-safe",
+            "analyser": {
+                "eclair": "MC3R1.R9.1"
+            },
+            "name": "Rule 9.1: initializer not needed",
+            "text": "The following local variables are possibly subject to being 
read before being written, but code inspection ensured that the control flow in the construct where 
they appear ensures that no such event may happen."
+        },


Since the rule and the justification are the same, you can declare only once 
and use the same tag on top of the offending lines, so /* SAF-2-safe MC3R1.R9.1 
*/,
also, I remember some maintainers not happy about the misra rule being put after the 
tag, now I don’t recall who


Sorry, I see there was in a patch before a SAF-1-safe with the same 
justification, so I suggest you use SAF-3-safe as tag and drop the new 
justifications introduced here

I was a bit uncertain in choosing whether to use different IDs forbitops.c and guest_atomics.h, as they are very similar. Maybe acatch-all justification is too broad, but I have no strong opinion here.

As for the rule identifier after the tag, that's not a big problem (Iadded it mostly to emphasize why the deviation is there at a glance).

+        {
+            "id": "SAF-4-safe",
            "analyser": {},
            "name": "Sentinel",
            "text": "Next ID to be used"
diff --git a/xen/arch/arm/arm64/lib/bitops.c b/xen/arch/arm/arm64/lib/bitops.c
index 20e3f3d6ce..e0728bb29d 100644
--- a/xen/arch/arm/arm64/lib/bitops.c
+++ b/xen/arch/arm/arm64/lib/bitops.c
@@ -114,8 +114,11 @@ bitop(change_bit, eor)
bitop(clear_bit, bic)
bitop(set_bit, orr)

+/* SAF-2-safe MC3R1.R9.1 */
testop(test_and_change_bit, eor)
+/* SAF-2-safe MC3R1.R9.1 */
testop(test_and_clear_bit, bic)
+/* SAF-2-safe MC3R1.R9.1 */
testop(test_and_set_bit, orr)

static always_inline bool int_clear_mask16(uint16_t mask, volatile uint16_t *p,
diff --git a/xen/arch/arm/include/asm/guest_atomics.h 
b/xen/arch/arm/include/asm/guest_atomics.h
index a1745f8613..9d8f8ec3a3 100644
--- a/xen/arch/arm/include/asm/guest_atomics.h
+++ b/xen/arch/arm/include/asm/guest_atomics.h
@@ -67,8 +67,11 @@ guest_bitop(change_bit)
/* test_bit does not use load-store atomic operations */
#define guest_test_bit(d, nr, p) ((void)(d), test_bit(nr, p))

+/* SAF-3-safe MC3R1.R9.1 */
guest_testop(test_and_set_bit)
+/* SAF-3-safe MC3R1.R9.1 */
guest_testop(test_and_clear_bit)
+/* SAF-3-safe MC3R1.R9.1 */
guest_testop(test_and_change_bit)

#undef guest_testop
--
2.34.1


--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

References:
- [RFC PATCH 0/4] fix some issues related to MISRA C:2012 Rule 9.1
  - From: Nicola Vetrini
- [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro
  - From: Nicola Vetrini
- Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro
  - From: Luca Fancellu
- Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro
  - From: Luca Fancellu

Prev by Date: Re: [PATCH] x86/common: Use const char * for string literals
Next by Date: Re: QEMU assert (was: [xen-unstable test] 181558: regressions - FAIL)
Previous by thread: Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro
Next by thread: Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.