The declarations for {create,replace}_grant_p2m_mapping are
not visible when these functions are defined, therefore the right
header needs to be included to allow them to be visible.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v3:
- asm/paging.h can be replaced
The stub definition of 'consoled_guest_tx' can be removed, since its
its single caller uses the implementation built with PV_SHIM enabled.
Fixes: 5ef49f185c2d ("x86/pv-shim: shadow PV console's page for L2 DomU")
Signed-off-by: Nicola Vetrini
---
xen/include/xen/consoled.h | 7 -
Some variables with external linkage used in C code do not have
a visible declaration where they are defined. Providing such
declaration also resolves violations of MISRA C:2012 Rule 8.4.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- make xenpf_lock static on ARM
Changes in v3:
- moved back
The missing header makes the declaration visible when the function
is defined, thereby fixing a violation of MISRA C:2012 Rule 8.4.
Fixes: 1366a0e76db6 ("x86/vm_event: add hvm/vm_event.{h,c}")
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
xen/arch/x86/hvm/vm_event.c | 1
As specified in rules.rst, these constants can be used
in the code. Suitable deviations records are added in deviations.rst
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace some SAF deviations with configurations
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 8
docs
- vmx_asm_vmexit_handler
Isn't this just a declaration:
void nocall vmx_asm_vmexit_handler(void);
while the function to be deviated is this:
void vmx_vmexit_handler(struct cpu_user_regs *regs)
Am I correct?
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
type. Both this macro and 'sizeof_field' are moved to
'xen/macros.h'.
No functional change intended.
Signed-off-by: Nicola Vetrini
Reviewed-by: Jan Beulich
Reviewed-by: Stefano Stabellini
---
Changes in v2:
- added entry in deviations.rst
Changes in v3:
- dropped access_field
- moved macro
On 19/10/2023 09:03, Jan Beulich wrote:
On 19.10.2023 02:54, Stefano Stabellini wrote:
On Thu, 19 Oct 2023, andrew.coop...@citrix.com wrote:
On 18/10/2023 2:42 pm, Nicola Vetrini wrote:
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index ee7aed0609d2..1b00e4e3e9b7 100644
On 18/10/2023 16:56, Jan Beulich wrote:
On 18.10.2023 16:28, Nicola Vetrini wrote:
On 16/10/2023 16:58, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
These variables are only used by asm code, and therefore
the lack of a declaration is justified by the corresponding
deviation
On 16/10/2023 16:58, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
These variables are only used by asm code, and therefore
the lack of a declaration is justified by the corresponding
deviation comment.
Hmm, you say "declaration" here, but according to my und
type. Both this macro and 'sizeof_field' are moved to
'xen/macros.h'.
No functional change intended.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- added entry in deviations.rst
Changes in v3:
- dropped access_field
- moved macro to macros.h
---
automation/eclair_analysis/ECLAIR
On 18/10/2023 14:38, Julien Grall wrote:
Hi Nicola,
On 18/10/2023 13:30, Nicola Vetrini wrote:
On 17/10/2023 15:28, Julien Grall wrote:
I tested this, and the report is prevented by the ASSERT. It's up to
the maintainers to
decide how do you want to proceed: my suggestion is deviating
is deviating it, and
then when someone
has the time to fix this with proper error handling remove the
deviation.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 17/10/2023 08:46, Jan Beulich wrote:
On 16.10.2023 19:05, Nicola Vetrini wrote:
On 16/10/2023 16:50, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
--- a/xen/arch/x86/include/asm/compat.h
+++ b/xen/arch/x86/include/asm/compat.h
@@ -13,6 +13,7 @@ typedef unsigned long
On 17/10/2023 18:26, Jan Beulich wrote:
On 17.10.2023 17:24, Nicola Vetrini wrote:
On 16/10/2023 16:52, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
--- a/xen/include/xen/consoled.h
+++ b/xen/include/xen/consoled.h
@@ -12,7 +12,7 @@ size_t consoled_guest_tx(char c);
#else
Now, concrete action items. Nicola, I think we should look into having
a
larger-than-usual ECLAIR scan every week which includes all of Intel
files and in general as much as possible of the codebase.
This can be arranged. I'll keep you posted about this.
--
Nicola Vetrini, BSc
Software
On 16/10/2023 16:52, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
--- a/xen/include/xen/consoled.h
+++ b/xen/include/xen/consoled.h
@@ -12,7 +12,7 @@ size_t consoled_guest_tx(char c);
#else
-size_t consoled_guest_tx(char c) { return 0; }
+static inline size_t
On 16/10/2023 16:29, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
--- a/xen/arch/x86/mm/mem_access.c
+++ b/xen/arch/x86/mm/mem_access.c
@@ -249,7 +249,7 @@ bool p2m_mem_access_check(paddr_t gpa, unsigned
long gla,
return (p2ma != p2m_access_n2rwx);
}
-int
On 17/10/2023 10:26, Jan Beulich wrote:
On 17.10.2023 10:12, Nicola Vetrini wrote:
On 17/10/2023 09:02, Jan Beulich wrote:
On 16.10.2023 18:05, Nicola Vetrini wrote:
On 16/10/2023 17:45, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
The definition of MC_NCLASSES contained
On 16/10/2023 17:49, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
--- a/xen/include/xen/types.h
+++ b/xen/include/xen/types.h
@@ -22,6 +22,14 @@ typedef signed long ssize_t;
typedef __PTRDIFF_TYPE__ ptrdiff_t;
+/*
+ * Users of this macro are expected to pass a positive value
On 17/10/2023 08:51, Jan Beulich wrote:
On 16.10.2023 18:49, Nicola Vetrini wrote:
On 16/10/2023 15:43, Jan Beulich wrote:
On 11.10.2023 14:46, Nicola Vetrini wrote:
--- a/xen/include/xen/compiler.h
+++ b/xen/include/xen/compiler.h
@@ -109,13 +109,16 @@
#define offsetof(a,b
On 17/10/2023 09:02, Jan Beulich wrote:
On 16.10.2023 18:05, Nicola Vetrini wrote:
On 16/10/2023 17:45, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration
On 16/10/2023 16:50, Jan Beulich wrote:
On 09.10.2023 08:54, Nicola Vetrini wrote:
Some variables with external linkage used in C code do not have
a visible declaration where they are defined. Providing such
declaration also resolves violations of MISRA C:2012 Rule 8.4.
Signed-off-by: Nicola
On 16/10/2023 15:43, Jan Beulich wrote:
On 11.10.2023 14:46, Nicola Vetrini wrote:
--- a/xen/include/xen/compiler.h
+++ b/xen/include/xen/compiler.h
@@ -109,13 +109,16 @@
#define offsetof(a,b) __builtin_offsetof(a,b)
+/* Access the field of structure type, without defining a local
variable
On 16/10/2023 17:42, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
The definition of IO_APIC_BASE contains a sum of an essentially enum
value (FIX_IO_APIC_BASE_0) that is positive with an index that, in all
instances, is unsigned, therefore the former is cast to unsigned, so
On 16/10/2023 17:42, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
The definition of IO_APIC_BASE contains a sum of an essentially enum
value (FIX_IO_APIC_BASE_0) that is positive with an index that, in all
instances, is unsigned, therefore the former is cast to unsigned, so
On 16/10/2023 17:33, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -274,6 +274,12 @@ still non-negative."
-config=MC3R1.R10.1,etypes+={safe,
"stmt(operat
On 16/10/2023 17:45, Jan Beulich wrote:
On 12.10.2023 17:28, Nicola Vetrini wrote:
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves
the
violation and makes it more resilient to possible additions
On 16/10/2023 13:20, Jan Beulich wrote:
On 29.09.2023 10:51, Nicola Vetrini wrote:
while fixing a violation of R8.4 related to a missing include in
x86/hvm/grant_table.c
I included , since that file contains just the
declarations needed
by the .c file. However, since the declaration uses
On 13/10/2023 11:27, Julien Grall wrote:
Hi Andrew,
On 11/10/2023 08:51, Andrew Cooper wrote:
On 11/10/2023 3:47 pm, Nicola Vetrini wrote:
On 11/10/2023 02:15, Andrew Cooper wrote:
On 10/10/2023 5:31 pm, Nicola Vetrini wrote:
Hi,
as you can see from [1], there's a MISRA C guideline, D4.11
On 13/10/2023 10:25, Julien Grall wrote:
Hi Nicola,
On 12/10/2023 16:28, Nicola Vetrini wrote:
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers
will
give 2^ffs(x), where ffs(x) is the posi
On 13/10/2023 01:31, Stefano Stabellini wrote:
On Thu, 12 Oct 2023, Nicola Vetrini wrote:
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers
will
give 2^ffs(x), where ffs(x) is the position of the lowest
From: Simone Ballarin
Remove deviations for ERROR_EXIT, ERROR_EXIT_DOM and PIN_FAIL:
the aforementioned macros have been removed.
Add deviation for Rule 2.1 for pure declarations.
Remove legacy text-based deviations: these are now implemented
with SAF comments.
Add deviations for Rules 8.4,
=169663845629358=2
Nicola Vetrini (1):
docs/misra: add deviations.rst to document additional deviations.
Simone Ballarin (1):
automation/eclair: update deviations and accepted guidelines
.../eclair_analysis/ECLAIR/deviations.ecl | 135 +-
automation/eclair_analysis/ECLAIR/tagging.ecl
This file contains the deviation that are not marked by
a deviation comment, as specified in
docs/misra/documenting-violations.rst.
Signed-off-by: Nicola Vetrini
Release-acked-by: Henry Wang
---
Changes in v3:
- clarified an entry
---
docs/index.rst| 1 +
docs/misra
On 13/10/2023 01:14, Stefano Stabellini wrote:
On Wed, 11 Oct 2023, Nicola Vetrini wrote:
On 11/10/2023 17:00, Nicola Vetrini wrote:
> > > > > > +
> > > > > > + * - R2.1
> > > > > > + - The compiler implement
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/common/vmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/vmap.c b/xen/common/vmap.c
index 4fd6b3067ec1..34e99d780c03 100644
--- a/xen/common/vmap.c
+++ b/xen/common/vmap.c
@@ -53,7 +53,7 @@ static
This series replaces two instances of the pattern (x & -x) with the
macro LOWEST_BIT, introduced by the series [1]. Therefore, these patches should
be applied on top of patch 1 from that series.
[1] https://marc.info/?l=xen-devel=169712438716424=2
Nicola Vetrini (2):
xen/vmap: use LOWEST
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/drivers/passthrough/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index f9a9f53dbd44..558700788d4a 100644
--- a/xen/drivers/passthrough
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves the
violation and makes it more resilient to possible additions to that enum.
Signed-off-by: Nicola Vetrini
---
Note that the use of an enum constant
The definition of PDX_GROUP_COUNT causes violations of
MISRA C:2012 Rule 10.1, therefore the problematic part now uses
the LOWEST_BIT macro, which encapsulates the pattern.
Signed-off-by: Nicola Vetrini
---
xen/include/xen/pdx.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
The definition of IO_APIC_BASE contains a sum of an essentially enum
value (FIX_IO_APIC_BASE_0) that is positive with an index that, in all
instances, is unsigned, therefore the former is cast to unsigned, so that
the operands are of the same essential type.
No functional change.
---
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers will
give 2^ffs(x), where ffs(x) is the position of the lowest set bit in x.
A deviation for ECLAIR is also introduced.
Signed-off-by: Nicola Vet
-off-by: Nicola Vetrini
---
docs/misra/safe.json| 8
xen/include/xen/iommu.h | 1 +
xen/include/xen/types.h | 8
3 files changed, 17 insertions(+)
diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index 39c5c056c7d4..952324f85cf9 100644
--- a/docs/misra/safe.json
The various definitions of macro CNT (and the related BUILD_BUG_ON)
can be rewritten using LOWEST_BIT, encapsulating a violation of
MISRA C:2012 Rule 10.1.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/x86_64/mm.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git
TMAP(features, IOMMU_FEAT_count);' is deviated, to avoid
harming code readability.
On the contrary, other uses of inappropriate types are changed.
Changes in v2:
- the patch 'x86/cpu-policy' has been dropped, in favour of the patch submitted
by Andrew Cooper.
Nicola Vetrini (8):
xen/include:
BUILD_BUG_ON is the preferred way to induce a build error
upon statically determined incorrect conditions.
This also fixes a MISRA C:2012 Rule 10.1 violation in the
previous formulation.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace the construct with a BUILD_BUG_ON.
---
xen
The definitions of ffs{l}? violate Rule 10.1, by using the well-known
pattern (x & -x); its usage is wrapped by the LOWEST_BIT macro.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/arm/include/asm/bitops.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
On 11/10/2023 18:56, andrew.coop...@citrix.com wrote:
On 11/10/2023 8:46 pm, Nicola Vetrini wrote:
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index ee7aed0609d2..1b00e4e3e9b7 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -199,6 +199,11
Attached is a list of all the unreferenced functions for x86. It's a bit
rough and does not
distinguish the categories mentioned in my previous reply, but it's a
starting point for any
further work on this.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)culprit
On 11/10/2023 17:00, Nicola Vetrini wrote:
+
+ * - R2.1
+ - The compiler implementation guarantees that the
unreachable code
is
+ removed. Constant expressions and unreachable branches of
if and
switch
+ statements are expected.
+ - Tagged as `safe` for ECLAIR
Functions that have no reference only in the current analysis should
have their declaration
#ifdef-ed out in the configurations where they are not used, in an
ideal world.
- Truly unreferenced functions should be removed, or justified
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 11/10/2023 15:03, Nicola Vetrini wrote:
Using enumerators declared in a named enum, such as the one modified,
as operands to arithmetic operators is not allowed by MISRA C:2012 Rule
10.1.
The enumerators of an anonymous enum can be used instead.
Signed-off-by: Nicola Vetrini
Using enumerators declared in a named enum, such as the one modified,
as operands to arithmetic operators is not allowed by MISRA C:2012 Rule 10.1.
The enumerators of an anonymous enum can be used instead.
Signed-off-by: Nicola Vetrini
---
This violation manifeststs itself, for instance, in all
On 10/10/2023 11:57, Andrew Cooper wrote:
MISRA doesn't like !!CONST being used in place of a 1 (Rule 10.1).
Update the
expression to just be a plain 1, which still matches the description.
No functional change.
Reported-by: Nicola Vetrini
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
a struct variable.
No functional change intended.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- added entry in deviations.rst
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 9 +
docs/misra/deviations.rst| 5 +
xen/include/xen/compiler.h
] to insert the deviation record in the newly created
deviations.rst
[1] https://gitlab.com/xen-project/people/andyhhp/xen/-/commits/for-next
[2] https://marc.info/?l=xen-devel=169686613720371=2
Nicola Vetrini (1):
xen: introduce a deviation for Rule 11.9
automation/eclair_analysis/ECLAIR
On 11/10/2023 02:15, Andrew Cooper wrote:
On 10/10/2023 5:31 pm, Nicola Vetrini wrote:
Hi,
as you can see from [1], there's a MISRA C guideline, D4.11, that is
supposed to be clean
(i.e., have no reports), but has a caution on an argument to memcpy
(the second argument might be null according
"enum".
I'll send a patch and document the difference.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 10/10/2023 18:00, Andrew Cooper wrote:
On 10/10/2023 9:02 am, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Nicola Vetrini wrote:
The essential type of the result of an inequality operator is
essentially boolean, therefore it shouldn't be used as an argument of
the multiplication operator
On 10/10/2023 12:53, Julien Grall wrote:
On 10/10/2023 02:09, Stefano Stabellini wrote:
On Mon, 9 Oct 2023, Julien Grall wrote:
On 07/10/2023 02:04, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Julien Grall wrote:
Hi Nicola,
On 06/10/2023 11:10, Nicola Vetrini wrote:
On 06/10/2023 11:34
On 10/10/2023 14:15, Julien Grall wrote:
On 10/10/2023 13:13, Julien Grall wrote:
On 10/10/2023 13:07, Nicola Vetrini wrote:
I agree on everything Julien's wrote and I was about to suggest
to use a
SAF comment to suppress the warning because it is clearer than a
int
cast.
But then I
. I'd like to understand whether we are going to sprinkle the
code with cast. If so, I am afraid I am against this solution.
Cheers,
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 07/10/2023 02:33, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Julien Grall wrote:
On 06/10/2023 10:58, Nicola Vetrini wrote:
> On 06/10/2023 11:27, Julien Grall wrote:
> > Hi,
> >
> > On 05/10/2023 09:45, Nicola Vetrini wrote:
> > > The constant 0 is used ins
rom macro `NODE_MASK_ALL'
xen/common/domain.c:662.5-662.6:
[18] taking false branch
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
blabla */
#define Q3(s) M(s, 0007)
void f(void) {
int x = 1;
int y = 2;
if ( (x & 2) == Q1(y) &&
(x & 3) == Q2(y) &&
(x & 7) == Q3(y) )
{
y = y + 1;
}
}
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
On 10/10/2023 03:19, Stefano Stabellini wrote:
+Henry
On Mon, 9 Oct 2023, Nicola Vetrini wrote:
This file contains the deviation that are not marked by
a deviation comment, as specified in
docs/misra/documenting-violations.rst.
Suggested-by: Stefano Stabellini
Signed-off-by: Nicola Vetrini
On 10/10/2023 03:56, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Nicola Vetrini wrote:
Given the following macros in and
#define perfc_incra(x,y)
\
( (y) <= PERFC_LAST_ ## x - PERFC_ ## x ?
\
++this_
=169663845629358=2
Nicola Vetrini (1):
docs/misra: add deviations.rst to document additional deviations.
Simone Ballarin (1):
automation/eclair: update deviations and accepted guidelines
.../eclair_analysis/ECLAIR/deviations.ecl | 135 +-
automation/eclair_analysis/ECLAIR/tagging.ecl
This file contains the deviation that are not marked by
a deviation comment, as specified in
docs/misra/documenting-violations.rst.
Suggested-by: Stefano Stabellini
Signed-off-by: Nicola Vetrini
---
docs/index.rst| 1 +
docs/misra/deviations.rst | 240
From: Simone Ballarin
Remove deviations for ERROR_EXIT, ERROR_EXIT_DOM and PIN_FAIL:
the aforementioned macros have been removed.
Add deviation for Rule 2.1 for pure declarations.
Remove legacy text-based deviations: these are now implemented
with SAF comments.
Add deviations for Rules 8.4,
On 07/10/2023 02:29, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Julien Grall wrote:
> Hi Nicola,
>
> On 06/10/2023 11:34, Nicola Vetrini wrote:
> > On 06/10/2023 12:22, Julien Grall wrote:
> > > On 06/10/2023 11:
On 07/10/2023 03:04, Stefano Stabellini wrote:
On Fri, 6 Oct 2023, Julien Grall wrote:
Hi Nicola,
On 06/10/2023 11:10, Nicola Vetrini wrote:
> On 06/10/2023 11:34, Julien Grall wrote:
> > Hi Nicola,
> >
> > On 06/10/2023 09:26, Nicola Vetrini wrote:
> > > Gi
On 06/10/2023 16:47, Julien Grall wrote:
Hi Nicola,
On 06/10/2023 11:10, Nicola Vetrini wrote:
On 06/10/2023 11:34, Julien Grall wrote:
Hi Nicola,
On 06/10/2023 09:26, Nicola Vetrini wrote:
Given its use in the declaration
'DECLARE_BITMAP(features, IOMMU_FEAT_count)' the argument
'bits' has
On 06/10/2023 21:11, andrew.coop...@citrix.com wrote:
On 06/10/2023 9:26 am, Nicola Vetrini wrote:
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves
the
violation and makes it more resilient to possible
On 06/10/2023 19:57, Andrew Cooper wrote:
On 06/10/2023 9:26 am, Nicola Vetrini wrote:
The COUNT_LEAVES macro is introduced to avoid using an essentially
boolean value in a subtraction.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/include/xen/lib/x86/cpu-policy.h | 13
On 06/10/2023 18:35, andrew.coop...@citrix.com wrote:
On 06/10/2023 9:26 am, Nicola Vetrini wrote:
diff --git a/xen/include/xen/macros.h b/xen/include/xen/macros.h
index d0caae7db298..bb9a1c9a53d0 100644
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -8,8 +8,10 @@
#define
.
Nicola Vetrini (7):
xen: add declarations for variables where needed
x86: add deviations for variables only used in asm code
x86: add deviation comments for asm-only functions
x86/grant: switch included header to make declarations visible
x86/vm_event: add missing include
The definition of 'consoled_guest_tx' can be static inline,
thereby fixing a violation of MISRA C:2012 Rule 8.4.
Fixes: 5ef49f185c2d ("x86/pv-shim: shadow PV console's page for L2 DomU")
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
xen/include/xen/consoled.h | 2
As stated in rules.rst, functions used only in asm code
are allowed to have no prior declaration visible when being
defined, hence these functions are deviated.
This also fixes violations of MISRA C:2012 Rule 8.4.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
xen/arch/x86
The declarations for {create,replace}_grant_p2m_mapping are
not visible when these functions are defined, therefore the right
header needs to be included to allow them to be visible.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
xen/arch/x86/hvm/grant_table.c
The function is used only within this file, and therefore can be static.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/mm/mem_access.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
index
The missing header makes the declaration visible when the function
is defined, thereby fixing a violation of MISRA C:2012 Rule 8.4.
Fixes: 1366a0e76db6 ("x86/vm_event: add hvm/vm_event.{h,c}")
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/hvm/vm_event.c | 1 +
1 file changed, 1
These variables are only used by asm code, and therefore
the lack of a declaration is justified by the corresponding
deviation comment.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
xen/arch/x86/include/asm/asm_defns.h | 1 +
xen/arch/x86/setup.c | 1 +
2
Some variables with external linkage used in C code do not have
a visible declaration where they are defined. Providing such
declaration also resolves violations of MISRA C:2012 Rule 8.4.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- make xenpf_lock static on ARM
- moved the declaration
On 06/10/2023 16:35, Julien Grall wrote:
Hi Nicola,
On 06/10/2023 11:34, Nicola Vetrini wrote:
On 06/10/2023 12:22, Julien Grall wrote:
On 06/10/2023 11:02, Nicola Vetrini wrote:
On 06/10/2023 11:29, Julien Grall wrote:
Hi,
On 06/10/2023 09:26, Nicola Vetrini wrote:
The purpose
On 06/10/2023 12:22, Julien Grall wrote:
On 06/10/2023 11:02, Nicola Vetrini wrote:
On 06/10/2023 11:29, Julien Grall wrote:
Hi,
On 06/10/2023 09:26, Nicola Vetrini wrote:
The purpose of this macro is to encapsulate the well-known
expression
'x & -x', that in 2's complement architect
On 06/10/2023 11:34, Julien Grall wrote:
Hi Nicola,
On 06/10/2023 09:26, Nicola Vetrini wrote:
Given its use in the declaration
'DECLARE_BITMAP(features, IOMMU_FEAT_count)' the argument
'bits' has essential type 'enum iommu_feature', which is not
allowed by the Rule as an operand
On 06/10/2023 11:29, Julien Grall wrote:
Hi,
On 06/10/2023 09:26, Nicola Vetrini wrote:
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers
will
give 2^ffs(x), where ffs(x) is the position of the lowest
On 06/10/2023 11:27, Julien Grall wrote:
Hi,
On 05/10/2023 09:45, Nicola Vetrini wrote:
The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage for this
purpose is documented in rules.rst as an exception.
Documenting ACCESS_ONCE
two
analyzed builds.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves the
violation and makes it more resilient to possible additions to that enum.
Signed-off-by: Nicola Vetrini
---
Note that the use of an enum constant
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers will
give 2^ffs(x), where ffs(x) is the position of the lowest set bit in x.
A deviation for ECLAIR is also introduced.
Signed-off-by: Nicola Vet
The essential type of the result of an inequality operator is
essentially boolean, therefore it shouldn't be used as an argument of
the multiplication operator, which expects an integer.
Signed-off-by: Nicola Vetrini
---
xen/include/xen/compat.h | 10 ++
1 file changed, 6 insertions
The COUNT_LEAVES macro is introduced to avoid using an essentially
boolean value in a subtraction.
No functional change.
Signed-off-by: Nicola Vetrini
---
xen/include/xen/lib/x86/cpu-policy.h | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/xen/include/xen/lib
The various definitions of macro CNT (and the related BUILD_BUG_ON)
can be rewritten using LOWEST_POW2, encapsulating a violation of
MISRA C:2012 Rule 10.1.
Signed-off-by: Nicola Vetrini
---
I do find somewhat odd the multiple identical #define-s and #undef-s of CNT in
this file, as well
that
values passed are meant to be positive.
Signed-off-by: Nicola Vetrini
---
xen/include/xen/iommu.h | 2 +-
xen/include/xen/types.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h
index 0e747b0bbc1c..34aa0b9b5b81 100644
--- a/xen
The definition of PDX_GROUP_COUNT causes violations of
MISRA C:2012 Rule 10.1, therefore the problematic part now uses
the LOWEST_POW2 macro, which encapsulates the pattern.
Signed-off-by: Nicola Vetrini
---
xen/include/xen/pdx.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
The definitions of ffs{l}? violate Rule 10.1, by using the well-known
pattern (x & -x); its usage is wrapped by the LOWEST_POW2 macro.
No functional change.
---
xen/arch/arm/include/asm/bitops.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git
The definition of IO_APIC_BASE contains a sum of an essentially enum
value (FIX_IO_APIC_BASE_0) that is positive with an index that, in all
instances, is unsigned, therefore the former is cast to unsigned, so that
the operands are of the same essential type.
No functional change.
---
501 - 600 of 928 matches
Mail list logo