Xen project Mailing List

Re: [PATCH v2] misra: add deviations of MISRA C Rule 5.5

To: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>

Date: Mon, 28 Jul 2025 15:29:45 +0000

Accept-language: en-US, uk-UA, ru-RU

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tiY1rayIm9QuEz5CSMRYTji03GJ1OQr3EyZ7QdH40Oc=; b=RjvE2g2MQJCYnHzsNzjE2eHj+hbV26YyCKx4q/hg09MIoJra3zfxZXS7ypUrt8h6rCB3svkH1UP0r2G21Euhs8Phtfzd7p5p4l7aafjLwbykh7sRg94vTnJbLbYLoPuFoqTCSmXFf2cFFW3MOy95HWC5aEpdejtYFStxwrLgUVUMDjU+BpcyBjbXZDIejaNwVUfICvN2n4zM6aBRnewJqEoSRXOKPJWsJ0neKrerszKtKSDBE11WFrDnU2LybnjX+ew2UwPpO7nFKg+2WxVBA3oHS2mxqTicXS40frXc6VZNmiFxgZ7Oo8724rC79zhPdLsgVIZGAE4c4fSGKydaWw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bZUuyqeVIlXbAwQxM5EKGa8YxxVFQ1cZJbiPDAjaSpRTmt1X3L7OucBUjY5O5EbcQxUVnHCjIGxTbIR5Gul7sSr2Ht9d9X/yVaAQPfV2dqE/DYpIHwkQqHPCp3I+TKLT8w4O7LzcMLL9DP6xogeV/YwfNxUDqFgnY5PkK2Z7fRZuVn+LHcGek+IGaKnC85g80LgaKXatSF04K+E5mgAIL8tE4A6RbMFwiCXXF02U9HUxteNmKS2JMu+TWfJhRmTAGPaP76wYqWssZbO86qsm6JUing5XfWdg2IubxG8JU3+r/w5djgUbHbCRFlWISeDVQrmXwK4Zf9DEM4Jr2J7anw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>

Delivery-date: Mon, 28 Jul 2025 15:29:55 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHb/YCHt9uHUQWtj0esBUS8Oj/ZKbRHS1IAgAARIYCAAAXwAIAAGL8AgAANOICAACWJgA==

Thread-topic: [PATCH v2] misra: add deviations of MISRA C Rule 5.5

On 7/28/25 16:15, Jan Beulich wrote: > On 28.07.2025 14:28, Dmytro Prokopchuk1 wrote: >> >> >> On 7/28/25 13:59, Andrew Cooper wrote: >>> On 28/07/2025 11:38 am, Nicola Vetrini wrote: >>>> On 2025-07-28 11:36, Jan Beulich wrote: >>>>> On 25.07.2025 18:24, Dmytro Prokopchuk1 wrote: >>>>>> --- a/docs/misra/deviations.rst >>>>>> +++ b/docs/misra/deviations.rst >>>>>> @@ -142,6 +142,31 @@ Deviations related to MISRA C:2012 Rules: >>>>>> memmove. >>>>>> - Tagged as `deliberate` for ECLAIR. >>>>>> >>>>>> + * - R5.5 >>>>>> + - Clashes between bitops functions and macros names are >>>>>> deliberate and are >>>>>> + needed for input validation and error handling, ensures that >>>>>> the size of >>>>>> + the object being pointed to by 'addr' meets the minimum >>>>>> requirements for >>>>>> + the bit operation, preventing unsafe operations on >>>>>> improperly sized data >>>>>> + types that could lead to undefined behavior or memory >>>>>> corruption. >>>>>> + The macros encapsulate this conditional logic into a single, >>>>>> reusable form; >>>>>> + which simplifies the code, avoids redundant function call. >>>>>> + - Specified macros should be ignored. >>>>> >>>>> At the risk of going too far with nitpicking: Who are "specified >>>>> macros" here? The >>>>> text doesn't mention any names. In fact, the way it's written it >>>>> could be taken to >>>>> mean all macros there, including any that are yet to be added. I >>>>> don't think such >>>>> is appropriate for a deviation. >>>>> >>>> >>>> I agree with Jan here. Either you make a single deviation record >>>> encompassing all deviated macros or you have one per deviation (e.g., >>>> one for irq.h, one for grant_table.h and one for bitops.h) listing the >>>> macros that are considered. For bitops it might be a concern the >>>> actual functions going out of sync, but in that case you could just >>>> spell out the deviation and say "all pairs functions/macros in file >>>> <file> that are defined using the same identifier" or something similar. >>> >>> Honestly, while these examples might be deliberate, they're also bad code. >>> >>> I do not intent to let the bitops aliases survive the cleanup/fixes I >>> have planned, but I also don't have any idea when I'll get to that work. >>> >>> What we really want to express is "these are begrudgingly accepted in >>> the short term. don't copy this pattern, and if you can fix it, please do". >>> >>> ~Andrew >> >> Hi Andrew! >> >> Perhaps I can try to fix these names clashes. >> >> For clarity. >> I would like to rename macros names with capital letters. >> Like this: >> -#define __test_and_change_bit(nr, addr) ({ \ >> +#define TEST_AND_CHANGE_BIT(nr, addr) ({ \ >> if ( bitop_bad_size(addr) ) __bitop_bad_size(); \ >> __test_and_change_bit(nr, addr); \ >> }) >> >> Are you OK with such approach? > > And then change all use sites of the macro to those upper-case forms? Yes. > When everyone's used to using the lower-case ones? Well, user habits vs. Misra compliance, clear code. I like second one. Let me repeat. I can prepare patch (it will touch many places in code base), and let maintainers decide what to do with it. While patch with deviations will be like spare plan. Jan, Andrew, are you agree with this? Dmytro. > > Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.