[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH 2/2] Address violation of MISRA C Rule 13.1 involving asm side effects.

  • To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Wed, 13 Aug 2025 09:46:15 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1755071175; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=IceH9jgvg1rkJ87zGn2cVPQEpoJupWnjhBOLrNTzKqw=; b=G5j0naUYSpwRcqwGDz23NhlCGbUe5d9be1+GnKVfkF2N3K15jm+NJ9V85YZRcRf+ZInd +QY4KEaW4Ou2lETo3s8D+hAjJGvYt1FpPBJikwdvwct+Y9inRiSAM5CUltWhIPRKv23cN frCRPSm+oUYt4DjzAnwj7H7NCJy5mLqjhsu+S/B6LKUB5ivOVAQLFSGxbADx8zNF2ZdK+ /TjXec7KPJxIYcmv8Mzy6rlmLmdcn9kcAWX+SrC2FnytxXlrKvgtJsSLhWSgqLC79dNK3 8lkJ0rqhDEO1YESQFGCspgCUp5iV2G/RWZvRDkpDqO6DpXCcSE2tidbiM7k4wDPV3PPz/ uFA5lDzXA3TX8zIfRa8a35gnpKtwtn9FSN5c0bZZccpLc8Q5iHGgOXK90uc9LJujMuZx2 xck7mUwnwtYyqgUjXlk2yXC8dm5hLma8DPxkuUEs97laugVdvxGXBk1PYKSsSC/L9pR5P hEd6lFTuxynkWgpLZF9/vQZLRNYPU+am0d9OdRyfjWBCRY9/ym73t3D2Aum0+weum3DoD Y793Y3QZdfasMnjwSGLPnbAjmrDeWexXIhCi/DviehmUtmuAvSDHYxhBio6Hf1pkHiSOI MLEBJk4l4rCCBtOtfDq6psbzXdv/vKT6ppSGCZGd6UMczL4oRydVDBSCZ1VxW38=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1755071175; b=PB4FjyL2BvctdUBAi5Fs7hMp5gyw+vehuK2OFaKjWjp6oDGjBgoIFRsc/uCT7W2+3/YQ ynN7v7pr+9CUJMKb2SqU/tpnHvDK4LA+7iSPbCgSWsYOwjahxYHpNAtFAhhaEKDIqiisM 9baqPcDIlV3vS9ursxGEJCcSnD0z4rDYxTESlV2z9Vd+odtgLO6xCOj4eD9inHOVtkvCt 7qE7QI3EDOqI2ttulloQifnb9ZsIcd1olsL1sq8MVaHdJ3Q4CF+X7CKpR7swn+UwY0YIj 79p7Eq5bMmfcBoz41wMqU6FsNRHSiKg/xMFxYc7hQ4WDAdu5dJ2CRnUSZXCfyN2IJUtCW k5V5SZUkKvdqXjc6aPUV+tj07vx4biFidIOd9Tc4sux/IxTXKm92i3SVrn4+jDYSVD+u7 C46Cfa1cc75/xntixrVKG96P5RuJcw8hlA7+JELczVK19GROsXDvWrTUHO4757cMCRIRb wyivRe7GxUb7hWTVfQo6hl+znHTDTPcam/BcPQT7WoFo7fZcJSPDOY3JCeRcHD4SnPBcN O8IDgfIKKE+dCBf0cvtD6cEfXST0lBMeIBXJd8LtJkxBHfUlatHgzFcQCd3e3eK49tUBS GIxqv425j9xM8cmQcacvjhShv0u5eS1HHJ+PlkHE58w1O0pImEfF9fmwzhcZ2x0=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, sstabellini@xxxxxxxxxx, consulting@xxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, jbeulich@xxxxxxxx, Doug Goldstein <cardoe@xxxxxxxxxx>
  • Delivery-date: Wed, 13 Aug 2025 07:46:25 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-08-13 09:41, Dmytro Prokopchuk1 wrote:

On 8/9/25 00:40, Nicola Vetrini wrote:
The rule states: "Initializer lists shall not contain persistent side effects". The specific way in which the 'mrs' instruction is used does not lead to 
visible side effects for the surrounding code.

Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
---
Not yet tested on the Xen ECLAIR runner, as the syntax used in the deviation 
is only supported after updating the runner.

What the tool is reporting is that due to the '=r' constraint and the
semantics of the instruction, there is the side effect of writing to '_r', but this is not observable outside the stmt expr. The deviation ends up being a bit too general for my taste, but the restriction on the actual istruction should be enough to limit applicability to cases that are arguably safe in 
practice.
An alternative approach would be represented by stating that side effects in 
'READ_SYSREG64' are safe, but this is not true in general.
---
  automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++
  1 file changed, 4 insertions(+)
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl 
index ec0cac797e5f..6b492e38505d 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -437,6 +437,10 @@ write or not"
  # Series 13
  #
+-doc_begin="Consider the asm instruction to read an Arm system register to have no side effects." +-asm_properties+={"asm(any())&&child(text, ast_field(value,^mrs\\s+%0.*$))", {no_side_effect}} 
+-doc_end
+
-doc_begin="All developers and reviewers can be safely assumed to be well aware 
  of the short-circuit evaluation strategy of such logical operators."
  -config=MC3A2.R13.5,reports+={disapplied,"any()"}


I think it's worth to add example of macro expansion in the commit
description or asm_properties doc:

uint64_t _r; asm volatile("mrs  %0, ""TPIDR_EL2" : "=r" (_r));

This uses the 'mrs' instruction to read from the TPIDR_EL2 register.
While this read operation accesses a system register, reading itself
doesn't cause any persistent side effects, as no program state is modified.
Definitely not in the -doc_begin, perhaps in deviations.rst, though in reality it is a single case this currently applies to. Reading the register is not the reason why this deviation was requested, but the write with the "=r" constraint on "_r", as that is the side effect the tool is pointing at. 

--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.