[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v1 1/2] xen/page_alloc: address violation of Rule 14.3
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Tue, 29 Apr 2025 09:50:28 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1745913029; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=dfQkVeQtYBR6c6mjprnMsWp4BBYQ4wtaicbiZTIhdfM=; b=mnr/JRtoy8qWTc9/eRIwhBW9smNqhgDdW/a8amCLEOQy0RNbI3/PXtbChXif3bg3pp/U Gh5WozrdZAKoqtnK74EU8gBrpMPFbYqYC0XYddTBSdlYitIhz9jJURO/TUuiR47geA6rk xev2ByxZFVkcS8JKXtJWmb5hC4DlIZPEy1zCfOgUGM+695jWq3mmGtuhC98ykUtlVP0GR WG3YpLt9tA/8rw2GatEqm7dW1bf8pyZRsm8IbmJHt0qZH9zWzNB6o1YC3jaMWf9M80v5D tpt3BFmvnORDvFwlBumbtmhAdnKaAuQ/o1XK2tO4ZXxZ53bQK8Ma7wvfTNNg+mx8Dv78z dVpkO/QMzq1NSUzVg45ml1OI4iIL8Fo7oTK8bLY+Ka7r1yo/UQcqixxnV445zgKrzRk+L yrwWZRfYHrHmfWpLbU5L8wWbamaXoO/axNoWYOu3XWNhpBs362WUgieD2VTl/ifMzkINI JAsFcH6KSJ4Qs4iQ092oiMsFEdQxWNRm8FfOCg9mjm49Wxzl760DTVX8h5KHEwyrsYDSe +wcYhV70/L+0DOXLT8TsALarrnNfaxUC3sHNsEaBOByg4kpqYqD4RTZ3pymRig/rsrVNV jRyqA1erDa4vQWxD8lBSUqeit8ZcP5/ohWa4CCXfUYNUJvz7beWfSsOCG35xIOg=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1745913029; b=wYLfzK+NGu6oI0rPoXMmmmyqpfvxxMSUSL7lDVkE16OdZX18yY8Gw8nVE+quOVaSKxU/ OKBHDCTyQyrSathGcG7S5p4JZvl7kh6A00I1SpWDL2//QD7Dl9Fc2LiBeY2FYPoDneMfw QsKGW8K11Yp+PPIUt8v79Gcwry5GFz6aNfIcJY016uPZZU9kQFPCIo3KpyE6XYzwRPBs2 bkFDLi8vy6HNu7X21sUIvhKqk/Mq7mF6VXjTj/yZoHIXeIBOEV97NOZj93xe4TEKkD2ul oyXd9kzPyRED6FEwwzJAsDH9bfp/2blqW4pG545gteyRE5CGMzaSSR/cB9f7WdzOzhFBo MEcgPxF+U4ntaoO+XT5/M0ghvNIVl34mlp+ippWe081cNctVGhQDtQusI1RVkxuYrpS+P MaYNJneMiILPYtO+lbQKXBJHqClCFnNPKQghvyITifoSp9RYiNKqVToN3zbI6VVJuuHy+ pguCZdesxfLL3G04Ffl1xcb0NVZ4+HQdL5ryvtwOJnITwIuGDM4O021TrSA6OayC0xtAu 3FkFb5b671Ud7kJ/mldej9JyWUy0Xk7Pz1eH4l3VTA3gwK++EfQkXqqa8kkeQMDkq/4Qr qLzf6ntzaEtlvfuFY7hIFiuG3lbCw9kWWbsp8t+JxScx8FKZiC6B5C/ihKZRhJg=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, victorm.lira@xxxxxxx, Federico Serafini <federico.serafini@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Tue, 29 Apr 2025 07:51:03 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-04-29 08:14, Jan Beulich wrote:
On 29.04.2025 01:21, Stefano Stabellini wrote:
On Mon, 28 Apr 2025, Jan Beulich wrote:
On 26.04.2025 02:00, victorm.lira@xxxxxxx wrote:
From: Federico Serafini <federico.serafini@xxxxxxxxxxx>
MISRA C Rule 14.3 states that "Controlling expressions shall not be
invariant".
Add a SAF comment to deviate the rule for build configurations
without
CONFIG_LLC_COLORING enabled.
I was surprised by this supposedly being the only violation. And
indeed it
wasn't very hard to find more. For example, we have a number of
"while ( num_online_cpus() > 1 && ... )", which become compile-time
constant (false) when NR_CPUS=1.
Uhm, I did run a special scan for this and I can confirm no other
violations are detected.
Because of it being only one single configuration that's being scanned.
I did
point out before that this is a problem for anyone wanting to certify
the
hypervisor in a (perhaps just slightly) different configuration.
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -2038,6 +2038,7 @@ static struct page_info
*alloc_color_heap_page(unsigned int memflags,
spin_lock(&heap_lock);
+ /* SAF-14-safe MISRA C R14.3 condition always false without
LLC_COLORING */
for ( i = 0; i < domain_num_llc_colors(d); i++ )
{
unsigned long free = free_colored_pages[domain_llc_color(d,
i)];
Hmm, this way the deviation applies even when LLC_COLORING=y.
Yes but in the LLC_COLORING=y case it is harmless. Do you have
something
else in mind?
What if, perhaps by mistake, domain_num_llc_colors() becomes constant 0
in
yet another configuration? (I don't expect this would work, but in
principle
the comment ought to be inside an #ifdef.)
As to the comment wording - looks like we're pretty inconsistent with
that
right now. I, for one, don't think the Misra rule needs (re)stating
there;
the SAF index points at all the data that's needed if one cares about
the
specifics of the deviation.
Do you prefer:
/* SAF-14-safe */
That's too short. All I'm asking for is to drop the (imprecise) rule
reference. Noticing only now: It being imprecise may make the comment
go
stale if we move to a newer Misra spec, as the rule number may be
different
then.
There is a guarantee by the MISRA committee to never reuse rule ids, and
the SAF mechanism offers a centralized place where the actual rule ID
for each tool is specified, so I don't foresee problems in that regard.
In practical terms, I think it is very unlikely that this rule will
change in any way (e.g. it is identical up until MISRA C:2025, published
in March).
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
