Xen project Mailing List

Re: [PATCH v1] misra: add deviation for rules 21.1 and 21.2

To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>

From: Demi Marie Obenour <demiobenour@xxxxxxxxx>

Date: Fri, 18 Jul 2025 14:41:43 -0400

Autocrypt: addr=demiobenour@xxxxxxxxx; keydata= xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49yB+l2nipd aq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYfbWpr/si88QKgyGSV Z7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/UorR+FaSuVwT7rqzGrTlscnT DlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7MMPCJwI8JpPlBedRpe9tfVyfu3euTPLPx wcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9Hzx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR 6h3nBc3eyuZ+q62HS1pJ5EvUT1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl 5FMWo8TCniHynNXsBtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2 Bkg1b//r6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nSm9BBff0N m0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQABzTxEZW1pIE1hcmll IE9iZW5vdXIgKGxvdmVyIG9mIGNvZGluZykgPGRlbWlvYmVub3VyQGdtYWlsLmNvbT7CwXgE EwECACIFAlp+A0oCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELKItV//nCLBhr8Q AK/xrb4wyi71xII2hkFBpT59ObLN+32FQT7R3lbZRjVFjc6yMUjOb1H/hJVxx+yo5gsSj5LS 9AwggioUSrcUKldfA/PKKai2mzTlUDxTcF3vKx6iMXKA6AqwAw4B57ZEJoMM6egm57TV19kz PMc879NV2nc6+elaKl+/kbVeD3qvBuEwsTe2Do3HAAdrfUG/j9erwIk6gha/Hp9yZlCnPTX+ VK+xifQqt8RtMqS5R/S8z0msJMI/ajNU03kFjOpqrYziv6OZLJ5cuKb3bZU5aoaRQRDzkFIR 6aqtFLTohTo20QywXwRa39uFaOT/0YMpNyel0kdOszFOykTEGI2u+kja35g9TkH90kkBTG+a EWttIht0Hy6YFmwjcAxisSakBuHnHuMSOiyRQLu43ej2+mDWgItLZ48Mu0C3IG1seeQDjEYP tqvyZ6bGkf2Vj+L6wLoLLIhRZxQOedqArIk/Sb2SzQYuxN44IDRt+3ZcDqsPppoKcxSyd1Ny 2tpvjYJXlfKmOYLhTWs8nwlAlSHX/c/jz/ywwf7eSvGknToo1Y0VpRtoxMaKW1nvH0OeCSVJ itfRP7YbiRVc2aNqWPCSgtqHAuVraBRbAFLKh9d2rKFB3BmynTUpc1BQLJP8+D5oNyb8Ts4x Xd3iV/uD8JLGJfYZIR7oGWFLP4uZ3tkneDfYzsFNBFp+A0oBEAC9ynZI9LU+uJkMeEJeJyQ/ 8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd8xD57ue0eB47bcJv VqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPpI4gfUbVEIEQuqdqQyO4GAe+M kD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalql1/iSyv1WYeC1OAs+2BLOAT2NEggSiVO txEfgewsQtCWi8H1SoirakIfo45Hz0tk/Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJ riwoaRIS8N2C8/nEM53jb1sH0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcN fRAIUrNlatj9TxwivQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6 dCxN0GNAORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog2LNtcyCj kTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZAgrrnNz0iZG2DVx46 x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJELKItV//nCLBwNIP/AiIHE8b oIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwjjVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGj gn0TPtsGzelyQHipaUzEyrsceUGWYoKXYyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8fr RHnJdBcjf112PzQSdKC6kqU0Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2 E0rW4tBtDAn2HkT9uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHM OBvy3EhzfAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVssZ/rYZ9+5 1yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aWemLLszcYz/u3XnbO vUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPthZlDnTnOT+C+OTsh8+m5tos8 HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E +MYSfkEjBz0E8CLOcAw7JIwAaeBT

Cc: Jan Beulich <jbeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, victorm.lira@xxxxxxx, Federico Serafini <federico.serafini@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>

Delivery-date: Fri, 18 Jul 2025 18:42:10 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 7/18/25 07:08, Nicola Vetrini wrote: > On 2025-07-18 11:28, Dmytro Prokopchuk1 wrote: >> On 7/18/25 12:17, Dmytro Prokopchuk wrote: >>> >>> >>> On 7/18/25 08:31, Jan Beulich wrote: >>>> On 17.07.2025 22:47, Dmytro Prokopchuk1 wrote: >>>>> >>>>> >>>>> On 4/23/25 20:54, victorm.lira@xxxxxxx wrote: >>>>>> From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> >>>>>> >>>>>> MISRA C Rules 21.1 ("#define and #undef shall not be used on a >>>>>> reserved identifier or reserved macro name") and R21.2 ("A reserved >>>>>> identifier or reserved macro name shall not be declared") >>>>>> violations >>>>>> are not problematic for Xen, as it does not use the C or POSIX >>>>>> libraries. >>>>>> >>>>>> Xen uses -fno-builtin and -nostdinc to ensure this, but there are >>>>>> still >>>>>> __builtin_* functions from the compiler that are available so >>>>>> a deviation is formulated for all identifiers not starting with >>>>>> "__builtin_". >>>>>> >>>>>> The missing text of a deviation for Rule 21.2 is added to >>>>>> docs/misra/deviations.rst. >>>>>> >>>>>> To avoid regressions, tag both rules as clean and add them to the >>>>>> monitored set. >>>>>> >>>>>> Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> >>>>>> Signed-off-by: Federico Serafini <federico.serafini@xxxxxxxxxxx> >>>>>> Signed-off-by: Victor Lira <victorm.lira@xxxxxxx> >>>>>> Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx> >>>>>> --- >>>>>> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >>>>>> Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx> >>>>>> Cc: Michal Orzel <michal.orzel@xxxxxxx> >>>>>> Cc: Jan Beulich <jbeulich@xxxxxxxx> >>>>>> Cc: Julien Grall <julien@xxxxxxx> >>>>>> Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx> >>>>>> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> >>>>>> Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> >>>>>> Cc: Federico Serafini <federico.serafini@xxxxxxxxxxx> >>>>>> Cc: Bertrand Marquis <bertrand.marquis@xxxxxxx> >>>>>> --- >>>>>> .../eclair_analysis/ECLAIR/deviations.ecl | 9 ++++++- >>>>>> .../eclair_analysis/ECLAIR/monitored.ecl | 2 ++ >>>>>> automation/eclair_analysis/ECLAIR/tagging.ecl | 2 ++ >>>>>> docs/misra/deviations.rst | 26 >>>>>> ++++++++++++++ >>>>>> ++++- >>>>>> 4 files changed, 37 insertions(+), 2 deletions(-) >>>>>> >>>>>> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/ >>>>>> automation/eclair_analysis/ECLAIR/deviations.ecl >>>>>> index 2c8fb92713..ffa23b53b7 100644 >>>>>> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl >>>>>> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl >>>>>> @@ -639,8 +639,15 @@ in the expansion." >>>>>> # Series 21. >>>>>> # >>>>>> >>>>>> +-doc_begin="Xen does not use C and POSIX libraries: >>>>>> +identifiers reserved by these libraries can be used safely, except >>>>>> for those >>>>>> +beginning with '__builtin_'." >>>>>> +-config=MC3A2.R21.1,macros={safe, "!^__builtin_.*$"} >>>>>> +-config=MC3A2.R21.2,declarations={safe, "!^__builtin_.*$"} >>>>>> +-doc_end >>>>>> + >>>>>> -doc_begin="or, and and xor are reserved identifiers because >>>>>> they >>>>>> constitute alternate >>>>>> -spellings for the corresponding operators (they are defined as >>>>>> macros by iso646.h). >>>>>> +spellings for the corresponding logical operators (as defined in >>>>>> header 'iso646.h'). >>>>>> However, Xen doesn't use standard library headers, so there is >>>>>> no >>>>>> risk of overlap." >>>>>> -config=MC3A2.R21.2,reports+={safe, >>>>>> "any_area(stmt(ref(kind(label)&&^(or|and|xor|not)$)))"} >>>>>> -doc_end >>>>>> diff --git a/automation/eclair_analysis/ECLAIR/monitored.ecl b/ >>>>>> automation/eclair_analysis/ECLAIR/monitored.ecl >>>>>> index 8351996ec8..da229a0d84 100644 >>>>>> --- a/automation/eclair_analysis/ECLAIR/monitored.ecl >>>>>> +++ b/automation/eclair_analysis/ECLAIR/monitored.ecl >>>>>> @@ -79,6 +79,8 @@ >>>>>> -enable=MC3A2.R20.12 >>>>>> -enable=MC3A2.R20.13 >>>>>> -enable=MC3A2.R20.14 >>>>>> +-enable=MC3A2.R21.1 >>>>>> +-enable=MC3A2.R21.2 >>>>>> -enable=MC3A2.R21.3 >>>>>> -enable=MC3A2.R21.4 >>>>>> -enable=MC3A2.R21.5 >>>>>> diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/ >>>>>> automation/eclair_analysis/ECLAIR/tagging.ecl >>>>>> index 1d078d8905..3292bf751e 100644 >>>>>> --- a/automation/eclair_analysis/ECLAIR/tagging.ecl >>>>>> +++ b/automation/eclair_analysis/ECLAIR/tagging.ecl >>>>>> @@ -88,6 +88,8 @@ MC3A2.R20.11|| >>>>>> MC3A2.R20.12|| >>>>>> MC3A2.R20.13|| >>>>>> MC3A2.R20.14|| >>>>>> +MC3A2.R21.1|| >>>>>> +MC3A2.R21.2|| >>>>>> MC3A2.R21.3|| >>>>>> MC3A2.R21.4|| >>>>>> MC3A2.R21.5|| >>>>>> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst >>>>>> index fe0b1e10a2..88328eaa8a 100644 >>>>>> --- a/docs/misra/deviations.rst >>>>>> +++ b/docs/misra/deviations.rst >>>>>> @@ -587,7 +587,31 @@ Deviations related to MISRA C:2012 Rules: >>>>>> construct is deviated only in Translation Units that >>>>>> present a violation >>>>>> of the Rule due to uses of this macro. >>>>>> - Tagged as `deliberate` for ECLAIR. >>>>>> - >>>>>> + >>>>>> + * - R21.1 >>>>>> + - Rule 21.1 reports identifiers reserved for the C and POSIX >>>>>> standard >>>>>> + libraries. Xen does not use such libraries and all >>>>>> translation units >>>>>> + are compiled with option '-nostdinc', therefore there is no >>>>>> reason to >>>>>> + avoid to use `#define` or `#undef` on such identifiers >>>>>> except for those >>>>>> + beginning with `__builtin_` for which compilers may perform >>>>>> (wrong) >>>>>> + optimizations. >>>>>> + - Tagged as `safe` for ECLAIR. >>>>>> + >>>>>> + * - R21.2 >>>>>> + - Rule 21.2 reports identifiers reserved for the C and POSIX >>>>>> standard >>>>>> + libraries. Xen does not use such libraries and all >>>>>> translation units >>>>>> + are compiled with option '-nostdinc', therefore there is no >>>>>> reason to >>>>>> + avoid declaring such identifiers except for those beginning >>>>>> with >>>>>> + `__builtin_` for which compilers may perform (wrong) >>>>>> optimizations. >>>>>> + - Tagged as `safe` for ECLAIR. >>>>>> + >>>>>> + * - R21.2 >>>>>> + - `or`, `and` and `xor` are reserved identifiers because they >>>>>> constitute >>>>>> + alternate spellings for the corresponding logical operators >>>>>> + (as defined in Standard Library header `\<iso646.h\>`). Xen >>>>>> does not use >>>>>> + Standard library headers, so there is no risk of overlap. >>>>>> + - Tagged as `safe` for ECLAIR. >>>>>> + >>>>>> * - R21.9 >>>>>> - Xen does not use the `bsearch` and `qsort` functions >>>>>> provided by the C >>>>>> Standard Library, but provides in source form its own >>>>>> implementation, >>>>>> -- >>>>>> 2.47.0 >>>>> >>>>> Hello All! >>>>> >>>>> I tried to play with Rule 21.1 deviations. >>>>> >>>>> After applying the following configurations: >>>>> >>>>> -config=MC3A2.R21.1,macros+={safe, "^offsetof$ || ^(is|to)[a-z]+$ || >>>>> name(NULL) || name(bool) || name(true) || name(false)"} >>>>> -config=MC3A2.R21.1,macros+={safe, >>>>> "loc(file(^xen/include/xen/inttypes\\.h$))"} >>>>> -config=MC3A2.R21.1,macros+={safe, "loc(file(^xen/include/xen/types\ >>>>> \.h$))"} >>>>> -config=MC3A2.R21.1,macros+={safe, "^str[a-z]+$ || ^(v)?sprintf$ || >>>>> ^va_[a-z]+$"} >>>> >>>> Can you spell these out in words? I can only vaguely interpret these >>>> Eclair >>>> patterns, sorry. >>> Yes, sure. >>> >>> That means to deviate the following macros: >>> - offsetof >>> - begin with either ‘is’ or ‘to’ followed by a lowercase letters >>> (islower, isdigit, tolower, toupper, etc.) >>> - NULL >>> - bool >>> - true >>> - false >>> - all PRI/SCN macros for printing/scanning format specifiers from >>> header >>> file xen/include/xen/inttypes.h >>> - all macros from header file xen/include/xen/types.h (limits: >>> UINT8_MAX, INT_MAX, LONG_MIN, etc.) >>> - begin with 'str' followed by a lowercase letters (string functions) >>> - sprintf/vsprintf >>> - begin with 'va_' followed by a lowercase letters (va_copy, va_start, >>> va_end, va_arg) >>> >>>> >>>>> Eclair showed 699 remaining violations. >>>>> All of them were related to names beginning with an underscore (_). >>>>> >>>>> It's possible to resolve the rest of them with help of (all, except >>>>> for >>>>> those beginning with '__builtin_' and '__x86_64__'): >>>>> >>>>> -config=MC3A2.R21.1,macros+={safe, "^_.*$ && !^__builtin_.*$ && >>>>> !^__x86_64__$"} >>>>> >>>>> Probably, the exception list can be extended. >>>>> >>>>> Jan, >>>>> I know you don't want to disallow "_all_" such reserved identifiers. >>>>> But how to deal with that? >>>> >>>> How do I not want this? I've been arguing for years that we should >>>> respect >>>> the reserved name spaces. (Did you perhaps mean "... you don't want >>>> to >>>> deviate ..."?) There are exceptions, yes, e.g. ... >>>> >>> Yes, I meant about deviations. Sorry. >>> >>>>> Try to cover all macros? Like this, for example (I assume that there >>>>> are >>>>> no such reserved macros): >>>>> -config=MC3A2.R21.1,macros+={safe, "^.*XEN.*$ || ^.*HYPERVISOR.*$"} >>>> >>>> ... anything we may have (wrongly) introduced into the public >>>> headers. We >>>> can't very well change naming there. >>> Looks like the only way is to deviate all macros (that are currently >>> used in Xen), tag rule as "clean" and prohibit using reserved names in >>> the future. >>> >>> Any suggestions? >>> >>> Dmytro >> >> BTW, not all violations are in public headers. >> Probably, they could be fixed in code. >> But the number of them is huge... >> > > This is precisely the issue I was pointing out when you offered to > respin this patch. Yes, Xen could fix those rather than deviate, but the > sheer number of violations makes this in my opinion unfeasible. Time for a sed script? Only half-joking. -- Sincerely, Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.