[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH 2/4] automation/eclair: add deviations and call properties.



On 19/10/23 02:57, Stefano Stabellini wrote:
On Wed, 18 Oct 2023, Simone Ballarin wrote:
Deviate violations of MISRA C:2012 Rule 13.1 caused by
functions vcpu_runnable and __bad_atomic_size. These functions
contain side-effects such as debugging logs, assertions and
failures that cannot cause unexpected behaviors.

Add "noeffect" call property to functions read_u.*_atomic and
get_cycles.

Signed-off-by: Simone Ballarin <simone.ballarin@xxxxxxxxxxx>

Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>

However one comment below


---
  .../eclair_analysis/ECLAIR/call_properties.ecl      | 10 ++++++++++
  automation/eclair_analysis/ECLAIR/deviations.ecl    | 13 +++++++++++++
  docs/misra/deviations.rst                           | 11 +++++++++++
  3 files changed, 34 insertions(+)

diff --git a/automation/eclair_analysis/ECLAIR/call_properties.ecl 
b/automation/eclair_analysis/ECLAIR/call_properties.ecl
index 3f7794bf8b..f410a6aa58 100644
--- a/automation/eclair_analysis/ECLAIR/call_properties.ecl
+++ b/automation/eclair_analysis/ECLAIR/call_properties.ecl
@@ -104,3 +104,13 @@ Furthermore, their uses do initialize the involved 
variables as needed by futher
  -call_properties+={"macro(^(__)?(raw_)?copy_from_(paddr|guest|compat)(_offset)?$)", 
{"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}}
  -call_properties+={"macro(^(__)?copy_to_(guest|compat)(_offset)?$)", {"pointee_write(2=always)", 
"pointee_read(2=never)", "taken()"}}
  -doc_end
+
+-doc_begin="Functions generated by build_atomic_read cannot be considered pure
+since the input pointer is volatile."
+-call_properties+={"^read_u(8|16|32|64|int)_atomic.*$", {"noeffect"}}
+-doc_end
+
+-doc_begin="get_cycles does not perform visible side-effects "
+-call_property+={"name(get_cycles)", {"noeffect"}}
+-doc_end
+
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index fa56e5c00a..b80ccea7bc 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -233,6 +233,19 @@ this."
  -config=MC3R1.R10.1,etypes+={safe,
    "stmt(operator(and||or||xor||not||and_assign||or_assign||xor_assign))",
    "any()"}
+#
+# Series 13.
+#
+
+-doc_begin="Function __bad_atomic_size is intended to generate a linkage error
+if invoked. Calling it in intentionally unreachable switch cases is safe even
+in a initializer list."
+-config=MC3R1.R13.1,reports+={safe, "first_area(^.*__bad_atomic_size.*$)"}
+-doc_end
+
+-doc_begin="Function vcpu_runnable contains pragmas and other side-effects for
+debugging purposes, their invocation is safe even in a initializer list."
+-config=MC3R1.R13.1,reports+={safe, "first_area(^.*vcpu_runnable.*$)"}
  -doc_end
-doc_begin="See Section \"4.5 Integers\" of \"GCC_MANUAL\", where it says that
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 8511a18925..2fcdb8da58 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -192,6 +192,17 @@ Deviations related to MISRA C:2012 Rules:
         See automation/eclair_analysis/deviations.ecl for the full explanation.
       - Tagged as `safe` for ECLAIR.
+ * - R13.1
+     - Function __bad_atomic_size is intended to generate a linkage error if
+       invoked. Calling it in intentionally unreachable switch cases is
+       safe even in a initializer list.
+     - Tagged as `safe` for ECLAIR.
+
+   * - R13.1
+     - Function vcpu_runnable contains pragmas and other side-effects for
+       debugging purposes, their invocation is safe even in a initializer list.
+     - Tagged as `safe` for ECLAIR.


Would it be possible to use SAF instead? If not, this is fine.

Yes, but I do not suggest using SAF comments in these cases.
The SAF should be placed before every non-compliant invocation and not only in the declaration, this could cause a lot of SAF comments instead
of a simple deviation.

--
Simone Ballarin, M.Sc.

Field Application Engineer, BUGSENG (https://bugseng.com)




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.