[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen: Add SAF deviations for MISRA C:2012 Rule 7.1

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Wed, 4 Oct 2023 11:36:50 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e8pgFloB88RANj6yqCE5FF+UunPISxUmVvwfnG+W7Wg=; b=ceLxCAL4DqREf5XL5SxUAbHM6ISECFbcDYBBv8YjhS+HWMo1TvKKpRq96rMVCWV8a1SH0I6Zoria+a2oPO76gzLsNHEbW4m0jM1fupLflmP6l6JTowCr4hYFNmvGRdp2isUrBT9woMSuIwZCRyA6EUO7DvukQR0+sOJ9XEURLwFcPUHw2amVb2eADYZBW2cvYNSu1NSJb0Li7valHcSDkKLDocqPKdJo4gIiIW0cSjVt4IcoUfxWZcaBRoOB+Es7+6R29FBg5W2r3hTk+V4tY+vH5FaAjP8i+i4eLSVdOn7naZmIP/cjmAfAIuzjewBDBKUlA/YzJYB/LjiLOrl+QQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mAFfczb1kVHxKqNHWaE0ubnN3TIF6YANvG7ywzZn7ncaI2B0gA4egGY0K7KsnMidoRReExn7U5WAHaJUUMzYh3Mot+cdJpfDVLOMuLGTmbZsbRN74TIVEr8DcSMiGOSMfWT2XH+vSCnKtHQf5tujWvq2KCDVUNw/5UPJhgwQczhEBeXhJSYMoT/Wih8KqmvGKxAPHBu1qtJdbs/2OF/3Bp1u758rSfYEKbo8dDuwD0m2vFa4oWnIoOykXxBTTWOfwUE1SP783jU1W0+JhY1OP9ZlzzVsfLNgoCRf8mD6b/wmo8J/R1B8B17xGSW4LNBStp38pQd43P5YbkZuXTV9lw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "michal.orzel@xxxxxxx" <michal.orzel@xxxxxxx>, "xenia.ragiadakou@xxxxxxx" <xenia.ragiadakou@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>, Simone Ballarin <simone.ballarin@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 04 Oct 2023 11:37:51 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHZ9qj87vFsnMRst0ybMa+ffKOLU7A5Z4mAgAAGhgCAAAYzgIAABzIAgAAFTwA=
  • Thread-topic: [XEN PATCH] xen: Add SAF deviations for MISRA C:2012 Rule 7.1

> On 4 Oct 2023, at 12:17, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> 
> On 04/10/2023 11:52 am, Luca Fancellu wrote:
>> 
>> From the documentation:
>> 
>> In the Xen codebase, these tags will be used to document and suppress 
>> findings:
>> 
>> - SAF-X-safe: This tag means that the next line of code contains a finding, 
>> but
>> the non compliance to the checker is analysed and demonstrated to be safe.
>> 
>> I understand that Eclair is capable of suppressing also the line in which 
>> the in-code suppression
>> comment resides, but these generic Xen in-code suppression comment are meant 
>> to be used
>> by multiple static analysis tools and many of them suppress only the line 
>> next to the comment
>> (Coverity, cppcheck).
>> 
>> So I’m in favour of your approach below, clearly it depends on what the 
>> maintainers feedback is:
>> 
>> 
>>> /* SAF-2-safe */
>>> if ( modrm_mod == MASK_EXTR(instr_modrm, 0300) &&
>>> /* SAF-2-safe */
>>> (modrm_reg & 7) == MASK_EXTR(instr_modrm, 0070) &&
>>> /* SAF-2-safe */
>>> (modrm_rm & 7) == MASK_EXTR(instr_modrm, 0007) )
> 
> To be clear, this is illegible and a non-starter from a code maintenance 
> point of view.
> 
> It is bad enough needing annotations to start with, but the annotations 
> *must* not interfere with the prior legibility.

I agree with that, the code as above is not very nice, however as the current 
status it is the only way it can work,
maybe rewriting it in another way could solve the issue?

For example:

/* SAF-2-safe */
#define SENSIBLE_NAME_HERE(instr)   MASK_EXTR(instr, 0300)
/* SAF-2-safe */
#define SENSIBLE_NAME_HERE2(instr)   MASK_EXTR(instr, 0300)
/* SAF-2-safe */
#define SENSIBLE_NAME_HERE3(instr)   MASK_EXTR(instr, 0300)

And use these macro in the conditions above, however will it move the violation 
at the macro definition?

Having macro with a sensible name explaining the meaning of the value could 
also improve the readability of the code.

But this choice is up on you x86 maintainers.

> 
> The form with comments on the end, that do not break up the tabulation of the 
> code, is tolerable, providing the SAF turns into something meaningful.
> 
> ~Andrew
> 
> P.S. to be clear, I'm not saying that an ahead-of-line comments are 
> unacceptable generally.  Something like
> 
>     /* $FOO-$N-safe */
>     if ( blah )
> 
> might be fine in context, but that is a decision that needs to be made based 
> on how the code reads with the comment in place.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.