On 2023-11-30 17:44, Jan Beulich wrote:
On 29.11.2023 16:24, Nicola Vetrini wrote:
--- a/xen/arch/x86/desc.c
+++ b/xen/arch/x86/desc.c
@@ -91,7 +91,7 @@ seg_desc_t boot_compat_gdt[PAGE_SIZE /
sizeof(seg_desc_t)] =
* References boot_cpu_gdt_table for a short period, until the CPUs
switch
No functional changes.
Signed-off-by: Nicola Vetrini
---
docs/misra/rules.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
index 53dab0070c7b..75921b9a3463 100644
--- a/docs/misra/rules.rst
+++ b/docs/misra/rules.rst
@@ -531,7
On 2023-11-30 17:48, Jan Beulich wrote:
On 29.11.2023 16:24, Nicola Vetrini wrote:
--- a/xen/arch/x86/i8259.c
+++ b/xen/arch/x86/i8259.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
A patch doing this (among other things) is already pending: &quo
On 2023-11-30 13:03, Andrew Cooper wrote:
On 30/11/2023 12:00 pm, Nicola Vetrini wrote:
On 2023-11-30 08:55, Jan Beulich wrote:
The rule demands that all array elements be initialized (or dedicated
initializers be used). Introduce a small set of macros to allow doing
so
without unduly
om a MISRA perspective this resolves all but one violation: the
initialization of static array
ns16550_com[2] = { { 0 } };
in drivers/char/ns16550.c. This is a case where the explicit initializer
looks unnecessary.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-30 11:27, Andrew Cooper wrote:
On 30/11/2023 9:47 am, Nicola Vetrini wrote:
On 2023-11-30 08:55, Jan Beulich wrote:
The rule demands that all array elements be initialized (or dedicated
initializers be used). Introduce a small set of macros to allow doing
so
without unduly
looks good. Upon applying this patch I noticed that there's no
diffstat, and it doesn't
apply cleanly with git-am.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-29 16:24, Nicola Vetrini wrote:
Hi all,
this series addresses some of the remaining violations of MISRA C:2012
Rule 8.4.
Some of the modifications are done according to the feedback received
in this
thread [1]
missing a reference:
[1]
https://lore.kernel.org/xen-devel
No functional change.
Signed-off-by: Nicola Vetrini
---
The preferred way to deviate is to use asmlinkage, but this modification is only
the consequence of NUMA on ARM (and possibly PPC) being a work in progress.
As stated in the comment above the textual deviation, first_valid_mfn will
likely
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/i8259.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/i8259.c b/xen/arch/x86/i8259.c
index e0fa1f96b4f2..470d690c3594 100644
--- a/xen/arch/x86/i8259.c
+++ b/xen/arch/x86/i8259.c
@@ -19,6 +19,7 @@
#include
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/desc.c | 2 +-
xen/arch/x86/efi/efi-boot.h | 5 +++--
xen/arch/x86/mm.c | 2 +-
xen/arch/x86/smpboot.c | 2 +-
4 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/desc.c b/xen
The definitions needing the inclusion of asm/setup.h are
boot_{first,second,third}(_id)?, whereas vmap.h is needed by arch_vmap_virt_end.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/arm/mmu/setup.c | 1 +
xen/arch/arm/mmu/smpboot.c | 2 ++
2 files changed, 3 insertions
The comment referred to the declaration for do_mca, which
now is part of hypercall-defs.h, therefore the comment is stale.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/cpu/mcheck/mce.c| 2 +-
xen/arch/x86/include/asm/hypercall.h | 2 +-
2 files changed, 2
x86/efi/check.c is not part of the final Xen binary, therefore
it doesn't need to conform to MISRA guidelines at the moment.
Signed-off-by: Nicola Vetrini
---
docs/misra/exclude-list.json | 4
1 file changed, 4 insertions(+)
diff --git a/docs/misra/exclude-list.json b/docs/misra/exclude
This is consistent with other instances of the same function
and also resolves a violation of MISRA C:2012 Rule 8.4.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/hvm/viridian/synic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm
Hi all,
this series addresses some of the remaining violations of MISRA C:2012 Rule 8.4.
Some of the modifications are done according to the feedback received in this
thread [1]
Nicola Vetrini (7):
xen/arm: mmu: add headers for missing declarations
x86/i8259: add missing header
The definitions of ffs{l}? violate Rule 10.1, by using the well-known
pattern (x & -x); its usage is wrapped by the ISOLATE_LSB macro.
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v4:
- Changed macro name.
Changes in v5:
- Changed m
On 2023-11-29 04:26, Stefano Stabellini wrote:
On Mon, 27 Nov 2023, Nicola Vetrini wrote:
> > /*
> > * TODO: make first_valid_mfn static when NUMA is supported on Arm, this
> > * is required because the dummy helpers are using it.
> > */
> > extern mfn_t firs
On 2023-11-28 09:56, Jan Beulich wrote:
On 24.11.2023 10:40, Nicola Vetrini wrote:
in xen/lib.h and xen/sort.h there are definitions of the functions
bsearch and sort that have no prior declarations, and therefore are
subject to a violation of MISRA C Rule 8.4.
I'm wondering whether it would
On 2023-11-27 15:59, Jan Beulich wrote:
On 27.11.2023 15:32, Nicola Vetrini wrote:
Still on the matter of Rule 8.4, though not related to bsearch or
sort:
- the definition of do_mca in x86/cpu/mcheck/mca.c has the following
header:
#include /* for do_mca */
which in turn leads to x86
On 2023-11-24 10:40, Nicola Vetrini wrote:
Hi all,
in xen/lib.h and xen/sort.h there are definitions of the functions
bsearch and sort that have no prior declarations, and therefore are
subject to a violation of MISRA C Rule 8.4.
I'm wondering whether it would be preferred
1. to put
On 2023-11-17 10:21, Nicola Vetrini wrote:
Static analysis tools may detect a possible null pointer
dereference of 'config'. This ASSERT helps them in detecting
that such a condition is not possible given that only
real domains can enter this branch, which are guaranteeed to have
a non-NULL
On 2023-11-17 09:53, Nicola Vetrini wrote:
This series addresses some concerns raised on patches 2 and 3 from [1].
Note that patch 1 from that series has already been applied.
Patch 1 comprises a modified version of patches 2 and 3 of the previous
series.
Patch 2 is brand new, as it merely
and sort.h
2. deviate these functions, as their signatures are well-known and
somewhat standardized
other resolution strategies are possible, but I think these are the main
ones.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-24 09:06, Jan Beulich wrote:
On 23.11.2023 08:37, Nicola Vetrini wrote:
The definitions of ffs{l}? violate Rule 10.1, by using the well-known
pattern (x & -x); its usage is wrapped by the ISOLATE_LSB macro.
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Ste
retain the textual deviation.
No functional change.
Signed-off-by: Nicola Vetrini
Acked-by: Julien Grall
---
This patch does not depend on any other patch.
Changes in v2:
- Edit safe.json.
- Remove mention of SAF-1-safe in deviations.rst.
Changes in v3:
- Sorted #include-s and rebased against
On 2023-11-23 12:36, Jan Beulich wrote:
On 23.11.2023 12:30, Nicola Vetrini wrote:
I guess this one as well should remain as is. Can you confirm?
void asmlinkage __stdcall cmdline_parse_early(const char *cmdline,
early_boot_opts_t *ebo)
Indeed
I guess this one as well should remain as is. Can you confirm?
void asmlinkage __stdcall cmdline_parse_early(const char *cmdline,
early_boot_opts_t *ebo)
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-23 11:26, Julien Grall wrote:
Hi Nicola,
On 23/11/2023 09:25, Nicola Vetrini wrote:
On 2023-11-23 09:57, Jan Beulich wrote:
On 16.11.2023 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute
On 2023-11-23 09:57, Jan Beulich wrote:
On 16.11.2023 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute, for the sake of uniformity.
Add missing 'xen/compiler.h' #include-s where needed.
The text in docs
On 2023-11-23 09:19, Jan Beulich wrote:
On 23.11.2023 08:37, Nicola Vetrini wrote:
This series replaces two instances of the pattern (x & -x) with the
macro ISOLATE_LSB.
Nicola Vetrini (2):
xen/vmap: use ISOLATE_LSB to wrap a violation of Rule 10.1
xen/iommu: use ISOLATE_LSB to
he syntax for the token and gives pointers to other
relevant sections of the manual.
Given that the problem was also present before this patch:
Reviewed-by: Stefano Stabellini
Thanks.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-22 17:46, Andrew Cooper wrote:
On 22/11/2023 4:39 pm, Nicola Vetrini wrote:
On 2023-11-22 15:27, Andrew Cooper wrote:
The differences between inline, __inline and __inline__ keywords are
a
vestigial remnant of older C standards, and in Xen we use inline
almost
exclusively
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v2:
- Changed macro name
Changes in v3:
- Changed macro name
---
xen/common/vmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/vmap.c b/xen/common/vmap.c
index
This series replaces two instances of the pattern (x & -x) with the
macro ISOLATE_LSB.
Nicola Vetrini (2):
xen/vmap: use ISOLATE_LSB to wrap a violation of Rule 10.1
xen/iommu: use ISOLATE_LSB to wrap a violation of Rule 10.1
xen/common/vmap.c | 2 +-
xen/drivers/passthr
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Jan Beulich
---
Changes in v2:
- Changed macro name
Changes in v3:
- Changed macro name
---
xen/drivers/passthrough/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen
This series contains the leftover patches from [1] with the rename
s/ISOLATE_LOW_BIT/ISOLATE_LSB/ applied. All the already committed patches from
the aforementioned series are dropped.
[1] https://marc.info/?l=xen-devel=169841347803987
Nicola Vetrini (3):
arm/bitops: encapsulate violation
The definition of PDX_GROUP_COUNT causes violations of
MISRA C:2012 Rule 10.1, therefore the problematic part now uses
the ISOLATE_LSB macro, which encapsulates the pattern.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v4:
- Changed macro name.
Changes in v5
The definitions of ffs{l}? violate Rule 10.1, by using the well-known
pattern (x & -x); its usage is wrapped by the ISOLATE_LSB macro.
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v4:
- Changed macro name.
Changes in v5:
- Changed m
The various definitions of macro CNT (and the related BUILD_BUG_ON)
can be rewritten using ISOLATE_LSB, encapsulating a violation of
MISRA C:2012 Rule 10.1.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Jan Beulich
---
Changes in v4:
- Changed macro name
Changes in v5
configuration.
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Roger Pau Monné
CC: Wei Liu
CC: Stefano Stabellini
CC: Roberto Bagnara
CC: Nicola Vetrini
CC: Simone Ballarin
I'm entirely guessing at the Eclair configuration.
---
The configuration changes are ok. One observation below
xperiments with
single evaluation anyway.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-21 16:36, Jan Beulich wrote:
On 25.10.2023 15:22, Nicola Vetrini wrote:
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -1034,10 +1034,10 @@ int guest_wrmsr_x2apic(struct vcpu *v,
uint32_t msr, uint64_t val)
case APIC_EOI:
case APIC_ESR
On 2023-10-25 15:22, Nicola Vetrini wrote:
The clauses of a switch should be enclosed directly by a switch
statement to make the code more easily understandable and less
prone to errors.
Signed-off-by: Nicola Vetrini
---
This patch is mainly indended to probe how the community, especially
On 2023-11-07 11:33, Nicola Vetrini wrote:
This series is aimed at presenting some strategies that can be used to
deal with
violations of Rule 15.2:
"The goto statement shall jump to a label declared later in the same
function".
The rule's rationale is about possible developer
On 2023-11-21 11:18, Jan Beulich wrote:
On 21.11.2023 10:46, Nicola Vetrini wrote:
On 2023-11-21 10:16, Jan Beulich wrote:
On 16.11.2023 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute, for the sake
On 2023-11-21 10:16, Jan Beulich wrote:
On 16.11.2023 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute, for the sake of uniformity.
Add missing 'xen/compiler.h' #include-s where needed.
The text in docs
On 2023-11-20 11:27, Julien Grall wrote:
Hi Nicola,
On 20/11/2023 08:39, Nicola Vetrini wrote:
On 2023-11-17 20:15, Julien Grall wrote:
Hi Nicola,
On 16/11/2023 09:15, Nicola Vetrini wrote:
On 2023-11-16 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4
On 2023-11-21 00:08, Andrew Cooper wrote:
On 20/11/2023 4:40 pm, Nicola Vetrini wrote:
I've just rebased and pushed the residual from the past work
(although I
missed the ARM EFI fix.)
https://xenbits.xen.org/gitweb/?p=people/andrewcoop/xen.git;a=commitdiff;h
the intention of
evaluating and then perhaps integrate the fixes that at the moment block
the introduction of -Wwrite-strings and then respin your patch, or
should I do something specifically?
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-17 20:15, Julien Grall wrote:
Hi Nicola,
On 16/11/2023 09:15, Nicola Vetrini wrote:
On 2023-11-16 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute, for the sake of uniformity.
Add missing 'xen
On 2023-11-17 11:17, Nicola Vetrini wrote:
Hi all,
As discussed in this thread [1], which is about complying with MISRA C
Rule 10.1,
a macro was introduced to encapsulate a well-known construct:
/*
* Given an unsigned integer argument, expands to a mask where just the
least
* significant
On 2023-11-17 12:39, Jan Beulich wrote:
On 17.11.2023 11:17, Nicola Vetrini wrote:
Hi all,
As discussed in this thread [1], which is about complying with MISRA C
Rule 10.1,
a macro was introduced to encapsulate a well-known construct:
/*
* Given an unsigned integer argument, expands
On 2023-11-17 12:04, Andrew Cooper wrote:
On 17/11/2023 10:17 am, Nicola Vetrini wrote:
Hi all,
As discussed in this thread [1], which is about complying with MISRA C
Rule 10.1,
a macro was introduced to encapsulate a well-known construct:
/*
* Given an unsigned integer argument, expands
en-devel/8a1313b3ab5ba6dd556cf37409e3b...@bugseng.com/T/#mdeb510325e1acacb6477a88de8577e9e87351ba5
[2] https://gitlab.com/xen-project/people/bugseng/xen/-/jobs/5423693947
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
ake a thread where various aspects that are not so clear yet can
be discussed, so that we can devise a robust solution (also to dig this
out of this deep thread).
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
is not
inferred by the tool.
Checking that the condition given in the assertion holds via
testing is the means to protect release builds, where the assertion
expands to effectively nothing.
Suggested-by: Julien Grall
Signed-off-by: Nicola Vetrini
Acked-by: Stefano Stabellini
---
Changes in v2
-by: Nicola Vetrini
---
Changes from RFC:
- Dropped unused/useless code
- Revised the sed command
- Revised the clean target
Changes in v2:
- Added explanative comment to the makefile
- printf instead of echo
Changes in v3:
- Terminate the generated file with a newline
- Build it with -std=c99, so
]
https://lore.kernel.org/xen-devel/cover.1696231870.git.nicola.vetr...@bugseng.com/
Nicola Vetrini (2):
automation/eclair: make the docs for MISRA C:2012 Dir 4.1 visible to
ECLAIR
docs/misra: add guidance on the format of Dir 4.1 docs for ECLAIR
automation/eclair_analysis/build.sh | 31
Additional guidance on the formatting of the document for ECLAIR
is supplied.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Julien Grall
---
docs/misra/C-runtime-failures.rst | 8
1 file changed, 8 insertions(+)
diff --git a/docs/misra/C-runtime
On 2023-11-16 09:26, Jan Beulich wrote:
On 31.10.2023 11:20, Jan Beulich wrote:
On 31.10.2023 11:03, Nicola Vetrini wrote:
On 2023-10-31 09:28, Nicola Vetrini wrote:
On 2023-10-31 08:43, Jan Beulich wrote:
On 30.10.2023 23:44, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Jan Beulich wrote
On 2023-11-16 10:08, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are replaced
by the asmlinkage pseudo-attribute, for the sake of uniformity.
Add missing 'xen/compiler.h' #include-s where needed.
The text in docs/misra/deviations.rst and docs/misra
-off-by: Nicola Vetrini
---
This patch should be applied after patch 2 of this series.
The request made by Julien to update the wording is
contained in the present patch.
https://lore.kernel.org/all/9ad7f6210c15f520297aac00e8af0...@bugseng.com/
Concerns about efi_multiboot2 will be dealt
On 2023-11-15 12:22, Julien Grall wrote:
Hi,
On 15/11/2023 11:02, Nicola Vetrini wrote:
On 2023-11-14 23:12, Julien Grall wrote:
Hi,
On 14/11/2023 15:36, Nicola Vetrini wrote:
To be able to check for the existence of the necessary subsections
in
the documentation for MISRA C:2012 Dir 4.1
On 2023-11-13 15:44, Jan Beulich wrote:
On 07.11.2023 11:30, Nicola Vetrini wrote:
--- a/xen/arch/x86/boot/cmdline.c
+++ b/xen/arch/x86/boot/cmdline.c
@@ -31,6 +31,7 @@ asm (
);
#include
+#include
#include "defs.h"
#include "video.h"
Please respect the goal of a
On 2023-11-14 23:12, Julien Grall wrote:
Hi,
On 14/11/2023 15:36, Nicola Vetrini wrote:
To be able to check for the existence of the necessary subsections in
the documentation for MISRA C:2012 Dir 4.1, ECLAIR needs to have a
source
file that is built.
This file is generated from 'C-runtime
On 2023-11-11 02:13, Stefano Stabellini wrote:
On Fri, 10 Nov 2023, Nicola Vetrini wrote:
Hi everyone,
I trimmed the thread a bit, to make this more readable.
> > > > > IMHO, the only viable option would be to have a configuration to
> > > > > keep
> &
Additional guidance on the formatting of the document for ECLAIR
is supplied.
Signed-off-by: Nicola Vetrini
---
docs/misra/C-runtime-failures.rst | 8
1 file changed, 8 insertions(+)
diff --git a/docs/misra/C-runtime-failures.rst
b/docs/misra/C-runtime-failures.rst
index 1052b2afca13
]
https://lore.kernel.org/xen-devel/cover.1696231870.git.nicola.vetr...@bugseng.com/
Nicola Vetrini (2):
automation/eclair: make the docs for MISRA C:2012 Dir 4.1 visible to
ECLAIR
docs/misra: add guidance on the format of Dir 4.1 docs for ECLAIR
automation/eclair_analysis/build.sh | 21
-by: Nicola Vetrini
---
Changes from RFC:
- Dropped unused/useless code
- Revised the sed command
- Revised the clean target
Changes in v2:
- Added explanative comment to the makefile
- printf instead of echo
Changes in v3:
- Terminate the generated file with a newline
- Build it with -std=c99, so
On 2023-11-09 13:05, Julien Grall wrote:
Hi,
On 08/11/2023 17:12, Nicola Vetrini wrote:
On 2023-11-08 17:25, Julien Grall wrote:
Hi Stefano,
On 07/11/2023 20:41, Stefano Stabellini wrote:
+Julien, Andrew
Julien and Andrew raised concerns on this patch on the Xen Matrix
channel. Please
On 2023-11-14 08:19, Jan Beulich wrote:
On 14.11.2023 00:58, Stefano Stabellini wrote:
On Mon, 13 Nov 2023, Jan Beulich wrote:
On 19.10.2023 09:55, Nicola Vetrini wrote:
The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage
On 2023-11-08 19:45, Andrew Cooper wrote:
On 08/11/2023 4:24 pm, Nicola Vetrini wrote:
Hi everyone,
I was looking at leftover violations for MISRA Rule 7.4:
'A string literal shall not be assigned to an object unless the
object's type
is "pointer to const-qualified char" '
Y
is
tested with
asserts enabled is a strong enough claim for a justification to be based
on an assertion;
the code path just needs to be exercised by the tests.
Getting into the business of how to define asserts for static analysis
is likely to
just cause more trouble.
--
Nicola Vetrini, BS
On 2023-11-10 02:04, Stefano Stabellini wrote:
On Wed, 8 Nov 2023, Nicola Vetrini wrote:
On 2023-11-08 09:17, Nicola Vetrini wrote:
> Hi Stefano,
>
> sorry for the late reply; see my response below.
>
> On 2023-10-31 22:47, Stefano Stabellini wrote:
> > Hi Simone,
>
9 standard, hence if you
use a different
compiler ECLAIR will complain that you didn't document the toolchain
assumptions according
to D1.1 (which is incidentally why we created the file
C-language-toolchain.rst).
I hope this clears up any doubts about the patch.
Kind Regards,
--
Nicola Vetrini,
ar/local/eclair/XEN.ecdf/ECLAIR_normal/x86_64/staging/X86_64-Set1/376/PROJECT.ecd;/by_service/MC3R1.R7.4.html
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 2023-11-08 14:37, Andrew Cooper wrote:
On 03/11/2023 5:58 pm, Nicola Vetrini wrote:
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c. This ASSERT helps them in
detecting that such a condition is not possible
and also
On 2023-11-08 12:19, Jan Beulich wrote:
On 08.11.2023 12:03, Nicola Vetrini wrote:
On 2023-11-08 09:24, Jan Beulich wrote:
On 03.11.2023 18:58, Nicola Vetrini wrote:
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c
On 2023-11-08 09:24, Jan Beulich wrote:
On 03.11.2023 18:58, Nicola Vetrini wrote:
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c. This ASSERT helps them in
detecting that such a condition is not possible
and also
On 2023-11-08 09:17, Nicola Vetrini wrote:
Hi Stefano,
sorry for the late reply; see my response below.
On 2023-10-31 22:47, Stefano Stabellini wrote:
Hi Simone,
As you might have noticed, all the eclair-ARM64 jobs have been failing
recently for the upstream Xen "staging" bran
On 2023-11-07 18:35, Julien Grall wrote:
On 07/11/2023 14:45, Nicola Vetrini wrote:
Hi Julien,
Hi,
On 2023-11-07 13:44, Julien Grall wrote:
+in the community."
+-config=MC3R1.R15.2,reports+={deliberate,
"any_area(any_loc(text(^.*goto (again|retry).*$)))"}
+-doc_end
+
e of any semi-random failures in the ARM64 analysis, and
applying this patch
should fix the problem. The error "error: No such remote:
'autoPRRemote'" should not impact
the outcome of the job in any way.
Let us know if there are other Arm-related problems to be addressed.
Kind Regards,
-
Hi Julien,
On 2023-11-07 13:44, Julien Grall wrote:
Hi Nicola,
On 07/11/2023 10:33, Nicola Vetrini wrote:
As explained in the deviation record, code constructs such as
"goto retry" and "goto again" are sometimes the best balance between
code complexity and the understandab
On 2023-11-07 11:52, Jan Beulich wrote:
On 07.11.2023 11:33, Nicola Vetrini wrote:
This series is aimed at presenting some strategies that can be used to
deal with
violations of Rule 15.2:
"The goto statement shall jump to a label declared later in the same
function".
I do
The backwards jump due to the "goto retry;" statement
can be transformed into a loop, without losing much in terms
of readability.
Signed-off-by: Stefano Stabellini
Signed-off-by: Nicola Vetrini
---
This specific patch was provided by Stefano, I just added the
commit message.
---
xe
The jump to the label 'parse_error' becomes forward, rather
than backward; at the same time, the else branch can be eliminated.
This also fixes a violation of MISRA C:2012 Rule 15.2.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/dom0_build.c | 14 +++---
1 file changed, 7 insertions
As explained in the deviation record, code constructs such as
"goto retry" and "goto again" are sometimes the best balance between
code complexity and the understandability of the control flow
by developers; as such, these construct are allowed to deviate
from Rule 15.2.
S
ned until all goto-s with a certain label have
been examined. An alternative strategy could be to allow certain files
(most notably those under x86/x86_emulate) to have backward jumps, and resolve
the remaining violations.
Any feedback on this matter is welcome.
Nicola Vetrini (4):
xen/vsprintf: replace back
The backwards goto in the vsnprintf function can be replaced
with a loop, thereby fixing a violation of MISRA C:2012 Rule 15.2.
Signed-off-by: Nicola Vetrini
---
xen/common/vsprintf.c | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/xen/common/vsprintf.c
-off-by: Nicola Vetrini
---
Changes in v2:
- Edit safe.json.
- Remove mention of SAF-1-safe in deviations.rst.
---
docs/misra/deviations.rst | 5 ++---
docs/misra/safe.json| 2 +-
xen/arch/arm/cpuerrata.c| 7 +++
xen/arch/arm/setup.c| 5 ++---
xen/arch/arm/smpboot.c
On 2023-11-07 10:49, Julien Grall wrote:
Hi,
On 07/11/2023 08:36, Nicola Vetrini wrote:
On 2023-11-06 23:57, Julien Grall wrote:
Hi Nicola,
On 03/11/2023 18:05, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute
On 2023-11-06 23:57, Julien Grall wrote:
Hi Nicola,
On 03/11/2023 18:05, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute, for the sake of uniformity.
The deviation with a comment based on the SAF framework
On 2023-11-06 15:27, Jan Beulich wrote:
On 06.11.2023 15:24, Nicola Vetrini wrote:
On 2023-10-19 09:55, Nicola Vetrini wrote:
The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage for this
purpose is deviated.
Furthermore
On 2023-10-19 09:55, Nicola Vetrini wrote:
The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage for this
purpose is deviated.
Furthermore, the 'typeof_field' macro is introduced as a general way
to access the type of a struct
On 2023-10-27 23:38, Stefano Stabellini wrote:
On Thu, 26 Oct 2023, Jan Beulich wrote:
On 26.10.2023 14:32, Nicola Vetrini wrote:
> On 25/10/2023 09:56, Jan Beulich wrote:
>> On 24.10.2023 22:27, Stefano Stabellini wrote:
>>> On Tue, 24 Oct 2023, Jan Beulich wrote:
>&g
On 2023-11-03 18:58, Nicola Vetrini wrote:
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c. This ASSERT helps them in
detecting that such a condition is not possible
and also provides a basic sanity check.
Suggested
in docs/misra/deviations.rst is modified to reflect this change.
Signed-off-by: Nicola Vetrini
---
docs/misra/deviations.rst | 6 +++---
xen/arch/arm/cpuerrata.c| 7 +++
xen/arch/arm/setup.c| 5 ++---
xen/arch/arm/smpboot.c | 3 +--
xen/arch/arm/traps.c| 21
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c. This ASSERT helps them in
detecting that such a condition is not possible
and also provides a basic sanity check.
Signed-off-by: Nicola Vetrini
---
The check may be later
As specified in rules.rst, these constants can be used
in the code.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace some SAF deviations with configurations
Changes in v3:
- refine configurations and justifications
Changes in v4:
- updated deviation record comment.
Changes in v5:
- use
301 - 400 of 939 matches
Mail list logo
