[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 2/4] xen/arm64: bitops: justify uninitialized variable inside a macro

  • To: Luca Fancellu <Luca.Fancellu@xxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 17 Jul 2023 15:59:47 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hDOT4txEf9S3aTzHJgVmN46yiEOzZHCUO5YUeLGivGw=; b=Z2ohyKBxByu8eu2c1QPuL470ljRH0ZpGDTeS3MULf62QedSROaGZVrjqEqqFhrRX6DHmk8B6AexlzuHL9ZwsMs0wuXiw7+taS5FLJCJoJJcz7vmoZshN7atPN0wtRZpiSEm5i7SO36ElugE9arVzlfgcHCC/qsbcmhnGcWZWPvsYOab0NC70l/BDImKbT1bhHmnWbyh/p1q7KXa+KpidX9fYq/2MgQ70mzHokEf42BrPx8/nJlMk92M3VD7MuKO6h61naLE9HByox78i2StrmgGDNRt1gIA6mRHtU8sGzMzZwIjeytbp+kqMGUIC6J6Kq6ZPDbdsb7Ag4yTwQGzW5A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KPC7EmbbzjpNI6mbQZAOAFHtEKHL3sUU1+f+vC9/A9tg+76QFkud//xl0EwSBwMOdWYNuRuW3ZJDETxaRnmsUMvRVtRktP5sn9ik6FmCor3H8KcDSag87sEEriM2hwn65Gbi9voHSHyoB86NCWVqWJ137A98jKVn5VoHRl313+RD27Gnhx7cMp4M/mbvbF8PpPuG6ac3SsQ8B+osfi/MHsoafSxywwxKUNzh9zuPINm47VphOVcB0YRGaR9UX55rv47PbkCD8GsCaRvuXiDE9NCu/I7cImww5mzV2dsnpMAlbSS3Fp2zScRHO9l7n3ChzcNCC37A6XF96SG/uc95tg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "michal.orzel@xxxxxxx" <michal.orzel@xxxxxxx>, "xenia.ragiadakou@xxxxxxx" <xenia.ragiadakou@xxxxxxx>, "ayan.kumar.halder@xxxxxxx" <ayan.kumar.halder@xxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 17 Jul 2023 14:00:15 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 14.07.2023 16:20, Luca Fancellu wrote:
> 
> 
>> On 14 Jul 2023, at 12:49, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> wrote:
>>
>> The macro 'testop' expands to a function that declares the local
>> variable 'oldbit', which is written before being set, but is such a
>> way that is not amenable to automatic checking.
>>
>> Therefore, a deviation comment, is introduced to document this situation.
>>
>> A similar reasoning applies to macro 'guest_testop'.
>>
>> Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
>> ---
>> docs/misra/safe.json                     | 16 ++++++++++++++++
>> xen/arch/arm/arm64/lib/bitops.c          |  3 +++
>> xen/arch/arm/include/asm/guest_atomics.h |  3 +++
>> 3 files changed, 22 insertions(+)
>>
>> diff --git a/docs/misra/safe.json b/docs/misra/safe.json
>> index 244001f5be..4cf7cbf57b 100644
>> --- a/docs/misra/safe.json
>> +++ b/docs/misra/safe.json
>> @@ -20,6 +20,22 @@
>>         },
>>         {
>>             "id": "SAF-2-safe",
>> +            "analyser": {
>> +                "eclair": "MC3R1.R9.1"
>> +            },
>> +            "name": "Rule 9.1: initializer not needed",
>> +            "text": "The following local variables are possibly subject to 
>> being read before being written, but code inspection ensured that the 
>> control flow in the construct where they appear ensures that no such event 
>> may happen."
>> +        },
>> +        {
>> +            "id": "SAF-3-safe",
>> +            "analyser": {
>> +                "eclair": "MC3R1.R9.1"
>> +            },
>> +            "name": "Rule 9.1: initializer not needed",
>> +            "text": "The following local variables are possibly subject to 
>> being read before being written, but code inspection ensured that the 
>> control flow in the construct where they appear ensures that no such event 
>> may happen."
>> +        },
> 
> Since the rule and the justification are the same, you can declare only once 
> and use the same tag on top of the offending lines, so /* SAF-2-safe 
> MC3R1.R9.1 */,

+1

I'm puzzled by the wording vs comment placement though: The comments
are inserted ahead of the macro invocations, so there are no "following
local variables". Plus does this imply the comment would suppress the
checking on _all_ of them, rather than just the one that was confirmed
to be safe? What if another new one was added, that actually introduces
a problem?

> also, I remember some maintainers not happy about the misra rule being put 
> after the tag, now I don’t recall who

Me, at least. The annotations should be tool-agnostic imo, or else the
more tools we use, the longer these comments might get.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.