Xen project Mailing List

Re: [PATCH] misra: add deviation of Rule 2.1 for BUG() macro

To: Jan Beulich <jbeulich@xxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>

Date: Tue, 26 Aug 2025 18:07:10 +0000

Accept-language: en-US, uk-UA, ru-RU

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zIRdzFRKj2OPMDf0RDq7Ij2/j14ifvdzSED+t/Zmo0M=; b=o8sL+VH+kbOYOMF1y0CnZ+NN9m2EOJERm/1cQ4u/J5qklSzkpnwVO2JAPwS18SFXMlkSLSSiHCIXPcC/HTspm0L+5O8V6U+QqrAvaDW+UU8JHQALHmsYUQ9J/YERbc/G5YJJcc51QW4/JPH9tKvG2d91IEHv656N0AYYwknBxQF6+I3I/MN0CTnj/Ewj9itBE0S25+CsZdU1qInsRdnYdvTEa3k6z/0gSdhLmMLPzZaTzDVu5CkqYj+uyjpO0zLcoIz1J3kLTGGsT85+RCO4KMoyRzsXb1Mikfz4AgtqGOtWQI3cWcqu2+N+oB6cj9ZBLnYJwavnIaOnFWKu7VGj3A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iDZ5GiNQjRsIT1AXGl3F6fGwrvgr9tvrz0fNBVc9Lju0SDxKLFTBEk0kzmlg5HfJjDV5Lll5ANWdtAiKxFlWR48RfsKqoKA+WBOUczbPsluC+Uiz3zGg6j1WFUINjdJLP7DmuM1RXeZYw2+UQkL4ifshFueQApKC4Llx0ozp+odM6Ftgzdm0fisFo2BTb3LbycQKENXyKeppYDob0/R94GiuHwWg+XGoVMPjhnVTfjVSwY7LY3E2Ib/au+9eCloVC9xJ2aT7NtaDYIdb4LFWlDNpwuQJRAohJkh01sfiqNx4H9TDjj0Sszb8qM/CSVjekbIPD4OWmNyTBYRb8B5epw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: Doug Goldstein <cardoe@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 26 Aug 2025 18:07:27 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHcFQc77bBOPokbA0m9oV6J6fEgkLRzJgAAgAIYbQA=

Thread-topic: [PATCH] misra: add deviation of Rule 2.1 for BUG() macro

On 8/25/25 13:07, Jan Beulich wrote: > On 24.08.2025 16:56, Dmytro Prokopchuk1 wrote: >> --- a/docs/misra/deviations.rst >> +++ b/docs/misra/deviations.rst >> @@ -97,6 +97,19 @@ Deviations related to MISRA C:2012 Rules: >> Xen expects developers to ensure code remains safe and reliable in >> builds, >> even when debug-only assertions like `ASSERT_UNREACHABLE() are >> removed. >> >> + * - R2.1 >> + - The 'BUG()' macro is intentionally used in the 'prepare_acpi()' >> function >> + in specific build configuration (when the config CONFIG_ACPI is not >> + defined) to trigger an error if ACPI-related features are used >> incorrectly. >> + - Tagged as `deliberate` for ECLAIR. > > With > > #define acpi_disabled true > > in xen/acpi.h I don't see why we even have that inline stub. When it's dropped > and the declaration left in place without #ifdef CONFIG_ACPI around it, the > compiler will DCE the code (much like we arrange for in many other places). No > deviation needed then. > > If such a deviation was to be added, it would need disambiguating. A function > of the given name could appear in x86 as well. That wouldn't be covered by the > Eclair config then, but it would be covered by the text here. > >> + * - R2.1 >> + - The 'BUG()' macro is intentionally used in 'gicv3_do_LPI'() and >> + 'gicv3_its_setup_collection()' functions in specific build >> configuration >> + (when the config CONFIG_HAS_ITS is not defined) to catch and prevent >> any >> + unintended execution of code that should only run when ITS is >> available. >> + - Tagged as `deliberate` for ECLAIR. > > I didn't look at this, but I would very much hope that something similar could > be done there as well. > > Jan After small changes related to prepare_acpi() function, Misra R2.1 violation has gone. The compiler really does DCE: if ( acpi_disabled <<< this is TRUE ) { rc = prepare_dtb_hwdom(d, kinfo); if ( rc < 0 ) return rc; #ifdef CONFIG_HAS_PCI rc = pci_host_bridge_mappings(d); #endif } else rc = prepare_acpi(d, kinfo); <<< DCE I will publish it as separate patch. Thanks to Jan, I really appreciate his help. The situation with functions gicv3_do_LPI(), gicv3_its_setup_collection() and config CONFIG_HAS_ITS is little bit different. The compiler can do DCE in case when config CONFIG_HAS_ITS is "y", and Misra R2.1 violation related to these functions also can be resolved. Actually, no changes in source code need for that. But Eclair detects these violations because config CONFIG_HAS_ITS is "n", and source code is really compiled with inline stub functions (with BUG() macro). This is because config CONFIG_HAS_ITS is "experimental/unsupported" config HAS_ITS bool "GICv3 ITS MSI controller support (UNSUPPORTED)" if UNSUPPORTED depends on GICV3 && !NEW_VGIC && !ARM_32 and to enable it need to set additional config: "CONFIG_UNSUPPORTED=y". I tried to test it (added "CONFIG_UNSUPPORTED=y" into automation/gitlab-ci/analyze.yaml file). You can see my CI pipeline: https://eclair-analysis-logs.xenproject.org/fs/var/local/eclair/xen-project.ecdf/xen-project/people/dimaprkp4k/xen/ECLAIR_normal/rule_2.1_gicv3_its_host_has_its_v2/ARM64/11144854092/PROJECT.ecd;/by_service.html#service&kind Unfortunately, I observed +6 new violations with that additional config "CONFIG_UNSUPPORTED=y". I don't know how and why these EXTRA_XEN_CONFIG were selected in the file 'automation/gitlab-ci/analyze.yaml'. And are we able to add new configs here ?.... So, I see the next plan (just from my point of view): 1. Add "CONFIG_UNSUPPORTED=y" and resolve new violations. 2. Continue with proposed deviation 3. ... ? Thank you in advance. Dmytro.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.