[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] misra: add deviation of Rule 2.1 for BUG() macro

  • To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Sun, 24 Aug 2025 17:29:58 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1756049398; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=MCUvX3B9Iwr6vQD5jsAgjLmG5aHcQyONWJ4sz99hIrw=; b=zVRFwvHjIbZY/f66wxCjW+RQtQOv0wCorKJ+Z9tcBwMqtgR1YdPg9ocpAQntTUG7+B2e lxkZ1BUeyVrdRrbnEwsb6KzUwWPb4umoxgzws62qIRKuTkqcXgfFUDuRTP0EYoWdPW4h+ +mY4Dpo3bIrsVfV4YaUoRt5pi5LniJKCUmvseV8TVOrmF8CBMES7/nPdUO91AmjMQ9ZY3 S4EcIRjikpuC2TnFoMe3Fjm3vKvtv8+mNHo96Njmf4bH8fbvm9YVSy9ii1cc25lk94bWe v9SKfSmZ5bGW6UF2AVaUhPtrkCcX6lUg27iDUcM1ZOaSwZQKwMkmCvqRbM8zY+QmAslg8 GLzpt9kJC10QQIYzTj0cF8nUkdaupOYBvg7boHaQqunzjaupmxLZjKJxCDOUrvoIpD34F XPYfjayAZElJYm7NXUJ1TIGer4WD/5O0+hcEuU071CfRsf6DlUSXA1blQ4qw/iOixo5ml Ea4PYD/TToYq323JnQbEQyMO9gwmDYQ+uGGRU3LJ+/9RsWTyGAxxOlEbKqzWj+ySw2Q9W TqFo7vsLqqDt5HGcrkJm6S35ucUJjOw+hXlKojDqFBQ7eSurK/UXhamcX+9+2Zm1E9rJK FbXiCq2hzgTLCvCD6eRggBrt8DebrI0XOdnMEx/niBTsQ79cwi0H4OI3JEknS28=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1756049398; b=jIHdqR5OL8zAv2Fp6Etv+nWszJbm/9WFiYMLtc6plGN42Lbi1dO00+3UOQNeWzdEYEJO MqZmWRuVnXoX6CLhn1tKqnfRgexrlsA90cQecBqquJmSekXYxOdrNyRgCIjRdGlENy7Nq RCIsSTYpSpbq7gz0L+xESfir9nEEBvQolk5ED92h1AI5Xhjg3Qrx4QBwBJFJabzfAxJMD Qf1YYt8oRMmmXQpP4Bbb9pyccRj7fFYB/JkSEKMzxz/JjLBrnF0MQowLe0mXu9hI2yuQA Q6PwxXCYw7OwzTAiqcyX91+MFt3eT1S1ITSS49NPzcVtoQeVlS58Vw1WQlJV3F9gqM48r PxboSKUAB/WGC74txyAhOCTADh3C61uQw11LyWYHy24xwHIf1v3GLtRGP8p1vuMRolKkf S9ZIEpf+4ACJIXQ6rqxBTy9e/44TPU154ABtEy4TOq8WX0LUWWW+Ezyeu2k/6jctYHCs1 07g+NKuAeCg9VDhl1RVi97Ot+cSXq3wHt0ck8OXjmdDz8nxU+xTwCvBqssiQXy9u/u4qt iJNZvUVGLwAxXWSsHbB26wFg+4bPxh9RvIV5ujZTmRxZjyzuZcw34JjhdAE+gxBZIr6ua joEOmixlBJ4teQa1C+a2eP9fToOTEObfPdOf6d7QHTuBC2SUEqtAJFIPX7epU9g=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Sun, 24 Aug 2025 15:30:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-08-24 16:56, Dmytro Prokopchuk1 wrote:
MISRA C Rule 2.1 states: "A project shall not contain unreachable code". 
Functions that are non-returning and are not explicitly annotated with
the 'noreturn' attribute are considered a violation of this rule.
In certain cases, some functions might be non-returning in specific build configurations due to call to '__builtin_unreachable()' in the expansion 
of the macro 'BUG()':
- functions 'gicv3_do_LPI()' and 'gicv3_its_setup_collection()' when the 
config CONFIG_HAS_ITS is not defined, it is intentionally used to catch
and prevent any unintended execution of code that should only run when
ITS is available;
- function 'prepare_acpi()' when the config CONFIG_ACPI is not defined, 
to trigger an error if ACPI-related features are used incorrectly.

To account for that in specific builds, update the ECLAIR configuration
to deviate these violations. Update deviations.rst file accordingly.
No functional changes.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2000738682
---


https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/jobs/11119212994

Build failure here


 automation/eclair_analysis/ECLAIR/deviations.ecl | 11 +++++++++++
 docs/misra/deviations.rst                        | 13 +++++++++++++
 2 files changed, 24 insertions(+)
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl 
index 7f3fd35a33..336aec58c2 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -41,6 +41,17 @@ not executable, and therefore it is safe for them to be unreachable." -call_properties+={"name(__builtin_unreachable)&&stmt(begin(any_exp(macro(name(ASSERT_UNREACHABLE)))))", {"noreturn(false)"}} 
 -doc_end
+-doc_begin="The 'BUG()' macro is intentionally used in the 'prepare_acpi()' function in specific build configuration +(when the config CONFIG_ACPI is not defined) to trigger an error if ACPI-related features are used incorrectly." +-config=MC3A2.R2.1,reports+={deliberate, "any_area(any_loc(file(^xen/arch/arm/include/asm/domain_build\\.h$))&&context(name(prepare_acpi)))"} 
+-doc_end
+
+-doc_begin="The 'BUG()' macro is intentionally used in 'gicv3_do_LPI'() and 'gicv3_its_setup_collection()' functions +in specific build configuration (when the config CONFIG_HAS_ITS is not defined) to catch and prevent any unintended 
+execution of code that should only run when ITS is available."
+-config=MC3A2.R2.1,reports+={deliberate, "any_area(any_loc(file(^xen/arch/arm/include/asm/gic_v3_its\\.h$))&&context(name(gicv3_do_LPI||gicv3_its_setup_collection)))"} 
+-doc_end
+
-doc_begin="Proving compliance with respect to Rule 2.2 is generally impossible: see https://arxiv.org/abs/2212.13933 for details. Moreover, peer review gives us confidence that no evidence of errors in the program's logic has been missed due 
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 2119066531..96eb202502 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -97,6 +97,19 @@ Deviations related to MISRA C:2012 Rules:
Xen expects developers to ensure code remains safe and reliable in builds, even when debug-only assertions like `ASSERT_UNREACHABLE() are removed. 

+   * - R2.1
+ - The 'BUG()' macro is intentionally used in the 'prepare_acpi()' function + in specific build configuration (when the config CONFIG_ACPI is not + defined) to trigger an error if ACPI-related features are used incorrectly. 
+     - Tagged as `deliberate` for ECLAIR.
+
+   * - R2.1
+     - The 'BUG()' macro is intentionally used in 'gicv3_do_LPI'() and
+ 'gicv3_its_setup_collection()' functions in specific build configuration + (when the config CONFIG_HAS_ITS is not defined) to catch and prevent any + unintended execution of code that should only run when ITS is available. 
+     - Tagged as `deliberate` for ECLAIR.
+
    * - R2.2
- Proving compliance with respect to Rule 2.2 is generally impossible: see `<https://arxiv.org/abs/2212.13933>`_ for details. Moreover, peer 

--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.