[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH][for-4.19 v5] xen: Add deviations for MISRA C:2012 Rule 7.1

  • To: Julien Grall <julien@xxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Tue, 31 Oct 2023 16:09:37 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ogn2qguDU459bLM2RUMqQ02cp0tj6LgnX3ROnO6ECvk=; b=STgFybf7rHsrmFBuOvB4WFxqf12QLZ//l4eIZuX6T5xXp7+OgnVC7aXglhfdQFaw6U2eg/NoFcdejJsMEyw7loDnnnGil3+3oBuVyxJf4XXCCe7k6Ny246J1yywsN33mt79U2vOQ4DfMVXe4SV0c5G9f413B6SlJ3DuK98erqZ87c4lm4BBLkvgeNf5WzNXzMSKXOlYBrpHdSxXjPnFCH4qaql/DqdDMYA4UGW4d0oY5sr99vFCYuCAperjVaulfK2WsAbnNFixLNaAVh29j7+ozKYjlEhjQEf4GVz3InY4S6EbsDqcT4XhVP4KA0vtQCePBD62NO5U081apyV0LdA==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ogn2qguDU459bLM2RUMqQ02cp0tj6LgnX3ROnO6ECvk=; b=HwKZ+V5STGKuH///A8gurAhwOsVdWnoGdnPG7DphEBiF5RcMKDI6CcSRqzAsKHof0KL7UGEObQ3ZknVOOxDIbLyzavwz3k4jz2ISLTz26GBQz05kZyrBEvCpLNVpcp3x9oFpzCIwnVnYF1/BoJGGo13gu3qdhJt0sOE4ZUXTic4NzUY011P0+oHqyilmN0dvZ0HnsF6iNilab4VHyaYb6lChVFzgcXm7I0K1JbhuM3O5yqomL+/Fm5kThfbAponzGWo+B0pY2+C2lLmsiujCC+7CRKcEpxlZGcN78U7+XY08SjfmWQdyUZ7pTJqUqspEsL+/OTUMQLTvQDsC6okcCw==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=bm0/nFVfi17AMEq4wZtmbQ2+nUtHXw7yp22K/GqqGMVtyhtpxpZnFZxz5jS+U+8gtjFOtoj7kkKZDcKtxbXA4WG09ja1o0uY9m/6obYZXOepR6lj7FkN2E9HdT6BzqAAgi84BazEh+VLW9mU9TeSoToKt9P2oLa2kKLADtAMs6Z1rLGiQ2ORaMyl0ri6I4WfiHHThGakm4+d9EYcMGHa/pzKBvD1GMC27i5RQnO9ctczWGvx5Rj9qlzRaLWy4rgIuwM7F8BWiYjMVRkr3wsdwX8LDlYguvr3WcqACx71YjUmpqsrN7KoKfhvUMSJ6tX8jtFBeykApg4781H3IAv3Mg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mjDpQmNnGSWM+ktswEE35jcMYL7uc/WMvVmd8p0ZwqTnKut1eP4/JaprzR93yCMoVuh7yl5Aa+XWSmHmbugpdiW2cdDdRgUE6R57zvyck9fqdKAroDeixnShY4oeK6kDWWENRX6QdNO1JgTlrCFnRmCSoUhlmbODGJX/4V3vWT8dFe4dbxvJZUDsMCFgboZn+PpR3c/MLn6ysRVMzkpuJ0DYUq1/aq7WHn18iZvL0Jfs+h2TocpreJ7WihxFn4rRwNdP4bxy5E8N0ydHd3mJ0vxE1NwAywGD9pN7nVVQfpCNJlyTD1q5emrkCiCxeitrygG506fCynNT3pQsngb8eA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "michal.orzel@xxxxxxx" <michal.orzel@xxxxxxx>, "xenia.ragiadakou@xxxxxxx" <xenia.ragiadakou@xxxxxxx>, "ayan.kumar.halder@xxxxxxx" <ayan.kumar.halder@xxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, Simone Ballarin <simone.ballarin@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 31 Oct 2023 16:10:17 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHaC/4b2xNoaiIkmUiyfHAuabY8yrBj8OgAgAAP5gCAAACVgIAABCCAgAABQICAAAFcgIAACSOA
  • Thread-topic: [XEN PATCH][for-4.19 v5] xen: Add deviations for MISRA C:2012 Rule 7.1

> On 31 Oct 2023, at 15:36, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 31/10/2023 15:32, Luca Fancellu wrote:
>>> On 31 Oct 2023, at 15:27, Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> Hi,
>>> 
>>> On 31/10/2023 15:12, Luca Fancellu wrote:
>>>>> On 31 Oct 2023, at 15:10, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> 
>>>>> wrote:
>>>>> 
>>>>> On 2023-10-31 15:13, Luca Fancellu wrote:
>>>>>>> On 31 Oct 2023, at 13:27, Julien Grall <julien@xxxxxxx> wrote:
>>>>>>> Hi Stefano,
>>>>>>> On 30/10/2023 22:49, Stefano Stabellini wrote:
>>>>>>>> On Mon, 30 Oct 2023, Julien Grall wrote:
>>>>>>>>> Hi Nicola,
>>>>>>>>> On 27/10/2023 16:11, Nicola Vetrini wrote:
>>>>>>>>>> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
>>>>>>>>>> index 8511a189253b..8aaaa1473fb4 100644
>>>>>>>>>> --- a/docs/misra/deviations.rst
>>>>>>>>>> +++ b/docs/misra/deviations.rst
>>>>>>>>>> @@ -90,6 +90,13 @@ Deviations related to MISRA C:2012 Rules:
>>>>>>>>>>           - __emulate_2op and __emulate_2op_nobyte
>>>>>>>>>>           - read_debugreg and write_debugreg
>>>>>>>>>>  +   * - R7.1
>>>>>>>>>> +     - It is safe to use certain octal constants the way they are 
>>>>>>>>>> defined
>>>>>>>>>> +       in specifications, manuals, and algorithm descriptions. Such 
>>>>>>>>>> places
>>>>>>>>>> +       are marked safe with a /\* octal-ok \*/ in-code comment, or 
>>>>>>>>>> with a
>>>>>>>>>> SAF
>>>>>>>>>> +       comment (see safe.json).
>>>>>>>>> Reading this, it is unclear to me why we have two ways to deviate the 
>>>>>>>>> rule
>>>>>>>>> r7.1. And more importantely, how would the developper decide which 
>>>>>>>>> one to use?
>>>>>>>> I agree with you on this and we were discussing this topic just this
>>>>>>>> morning in the FUSA community call. I think we need a way to do this
>>>>>>>> with the SAF framework:
>>>>>>>> if (some code with violation) /* SAF-xx-safe */
>>>>>>>> This doesn't work today unfortunately. It can only be done this way:
>>>>>>>> /* SAF-xx-safe */
>>>>>>>> if (some code with violation)
>>>>>>>> Which is not always desirable. octal-ok is just an ad-hoc solution for
>>>>>>>> one specific violation but we need a generic way to do this. Luca is
>>>>>>>> investigating possible ways to support the previous format in SAF.
>>>>>>> Why can't we use octal-ok everywhere for now? My point here is to make 
>>>>>>> simple for the developper to know what to use.
>>>>>>>> I think we should take this patch for now and harmonize it once SAF is
>>>>>>>> improved.
>>>>>>> The description of the deviation needs some improvement. To give an 
>>>>>>> example, with the current wording, one could they can use octal-ok 
>>>>>>> everywhere. But above, you are implying that SAF-xx-safe should be
>>>>>>> preferred.
>>>>>>> I would still strongly prefer if we use octal-ok everywhere because 
>>>>>>> this is simple to remember. But if the other are happy to have both 
>>>>>>> SAF-XX and octal-ok, then the description needs to be completely 
>>>>>>> unambiguous and the patch should contain some explanation why we have 
>>>>>>> two different ways to deviate.
>>>>>> Would it be ok to have both, for example: /* SAF-XX-safe octal-ok */
>>>>>> So that the suppression engine do what it should (currently it doesn’t 
>>>>>> suppress the same line, but we could do something about it) and the 
>>>>>> developer
>>>>>> has a way to understand what is the violation here without going to the 
>>>>>> justification database.
>>>>> 
>>>>> I guess. It could overflow the 80-char limit in 
>>>>> xen/arch/x86/hvm/svm/svm.h, though.
>>>> Yeah, but we could rule out something in code_style to allow only this 
>>>> kind of trailing comments to exceed the 80 chars
>>> 
>>> In the past I expressed concerned with this kind of the rule because it is 
>>> not entirely clear how an automatic formatter will be able to check it.
>>> 
>>> Can you clarify whether clang-format would be able to handle your proposed 
>>> rule?
>> So, yesterday Bertrand pointed out a StackOverflow thread for this issue and 
>> if we use ReflowComments: false we should
>> be able to let the line as it is (not tested).
> 
> Wouldn't that prevent reflow for all the comments? If so, I don't think this 
> is we want. Instead, we want to allow reflow for any comments but the one 
> done at the end of the line.

Ok well, I was optimistic, in reality with the option as false, it would anyway 
reflow the line leaving the comment untouched.

E.g. from this:

        if ( modrm_mod == MASK_EXTR(instr_modrm, 0300) && /* SAF-2-safe 
octal-ok */
             (modrm_reg & 7) == MASK_EXTR(instr_modrm, 0070) && /* SAF-2-safe 
octal-ok */
             (modrm_rm & 7) == MASK_EXTR(instr_modrm, 0007) ) /* SAF-2-safe 
octal-ok */
            return emul_len;

To this:

        if ( modrm_mod ==
                 MASK_EXTR(instr_modrm, 0300) && /* SAF-2-safe octal-ok */
             (modrm_reg & 7) ==
                 MASK_EXTR(instr_modrm, 0070) && /* SAF-2-safe octal-ok */
             (modrm_rm & 7) ==
                 MASK_EXTR(instr_modrm, 0007) ) /* SAF-2-safe octal-ok */
            return emul_len;

... sigh...

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.