[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] misra: add deviation of Rule 2.1 for BUG() macro

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • Date: Sun, 24 Aug 2025 14:56:12 +0000
  • Accept-language: en-US, uk-UA, ru-RU
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RYqMlulOmq2nt5G3ZsDWgSowqxIvFczl7k3DFX8P8Ao=; b=EOACfc8mWc8Ax3WikVeuGRQ7wuw8YOdG2nCmICNuSg6C7uax+5etfXcusJXLP2xuz/lAtxZ6t/FQuxYNqlv0wsix2xIeRpP5Qv+QvTP5fNb2sfI0AzD25aGsPBCo+2Ns3wm2m9oUk9oAjqS1rChTKJbVdVQtZHwY9XoGb+fKchigS3UYRhRsCoyhEMNV39YlpXaLErEDyqiHvF2mkHmwy1s0xYwb9Q2T8cWN5aR4YzorqJRuK/3+G9VdWYz+bRkmD9VVdGuFhltRkYhm8beFmt90dK2iIzWL0YLG4NKs3pIXthaTgQw1obZGFTIcUYBsFtTYyumXZlYQp6IFApbsbQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=grUTdrHuHkQJM7MkLbLw0vof8x4GxzM9K813KtknkkgRng/tBNOB+wb2dTT51jL0bR//WwlZso3p6151gSfkrbUP5b2jcIJAJr5CEQoPc6bVPm1m1Q4gP2bZvc/ekTn6jaa3SX4OJ6Mpn1QccK7xv7N0R5wBz0OUD8wtU1x+6J8yGT4U/lT4ljsOv+eWkqXMhT++LxvUurdhU0mTUEb7tGcBr7iWX7TaMETgCG/phV/jPpBktww5rw6Xuc2OtwbV/BmKdOvMcQu4V+UeBvr0i87J1pcmICTMvIrRDFKgf/Z8XnKGY5Glz9nQiYaolS2kkOJ8+7cq6fZFxjbLhOOuzw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Sun, 24 Aug 2025 14:56:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcFQc77bBOPokbA0m9oV6J6fEgkA==
  • Thread-topic: [PATCH] misra: add deviation of Rule 2.1 for BUG() macro
MISRA C Rule 2.1 states: "A project shall not contain unreachable code".
Functions that are non-returning and are not explicitly annotated with
the 'noreturn' attribute are considered a violation of this rule.

In certain cases, some functions might be non-returning in specific build
configurations due to call to '__builtin_unreachable()' in the expansion
of the macro 'BUG()':
 - functions 'gicv3_do_LPI()' and 'gicv3_its_setup_collection()' when the
config CONFIG_HAS_ITS is not defined, it is intentionally used to catch
and prevent any unintended execution of code that should only run when
ITS is available;
 - function 'prepare_acpi()' when the config CONFIG_ACPI is not defined,
to trigger an error if ACPI-related features are used incorrectly.

To account for that in specific builds, update the ECLAIR configuration
to deviate these violations. Update deviations.rst file accordingly.
No functional changes.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2000738682
---
 automation/eclair_analysis/ECLAIR/deviations.ecl | 11 +++++++++++
 docs/misra/deviations.rst                        | 13 +++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 7f3fd35a33..336aec58c2 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -41,6 +41,17 @@ not executable, and therefore it is safe for them to be 
unreachable."
 
-call_properties+={"name(__builtin_unreachable)&&stmt(begin(any_exp(macro(name(ASSERT_UNREACHABLE)))))",
 {"noreturn(false)"}}
 -doc_end
 
+-doc_begin="The 'BUG()' macro is intentionally used in the 'prepare_acpi()' 
function in specific build configuration
+(when the config CONFIG_ACPI is not defined) to trigger an error if 
ACPI-related features are used incorrectly."
+-config=MC3A2.R2.1,reports+={deliberate, 
"any_area(any_loc(file(^xen/arch/arm/include/asm/domain_build\\.h$))&&context(name(prepare_acpi)))"}
+-doc_end
+
+-doc_begin="The 'BUG()' macro is intentionally used in 'gicv3_do_LPI'() and 
'gicv3_its_setup_collection()' functions
+in specific build configuration (when the config CONFIG_HAS_ITS is not 
defined) to catch and prevent any unintended
+execution of code that should only run when ITS is available."
+-config=MC3A2.R2.1,reports+={deliberate, 
"any_area(any_loc(file(^xen/arch/arm/include/asm/gic_v3_its\\.h$))&&context(name(gicv3_do_LPI||gicv3_its_setup_collection)))"}
+-doc_end
+
 -doc_begin="Proving compliance with respect to Rule 2.2 is generally 
impossible:
 see https://arxiv.org/abs/2212.13933 for details. Moreover, peer review gives 
us
 confidence that no evidence of errors in the program's logic has been missed 
due
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 2119066531..96eb202502 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -97,6 +97,19 @@ Deviations related to MISRA C:2012 Rules:
        Xen expects developers to ensure code remains safe and reliable in 
builds,
        even when debug-only assertions like `ASSERT_UNREACHABLE() are removed.
 
+   * - R2.1
+     - The 'BUG()' macro is intentionally used in the 'prepare_acpi()' function
+       in specific build configuration (when the config CONFIG_ACPI is not
+       defined) to trigger an error if ACPI-related features are used 
incorrectly.
+     - Tagged as `deliberate` for ECLAIR.
+
+   * - R2.1
+     - The 'BUG()' macro is intentionally used in 'gicv3_do_LPI'() and
+       'gicv3_its_setup_collection()' functions in specific build configuration
+       (when the config CONFIG_HAS_ITS is not defined) to catch and prevent any
+       unintended execution of code that should only run when ITS is available.
+     - Tagged as `deliberate` for ECLAIR.
+
    * - R2.2
      - Proving compliance with respect to Rule 2.2 is generally impossible:
        see `<https://arxiv.org/abs/2212.13933>`_ for details. Moreover, peer
-- 
2.43.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.