On 28/03/24 11:31, Jan Beulich wrote:
On 28.03.2024 11:29, Simone Ballarin wrote:
The Xen community wants to avoid using variadic functions except for
specific circumstances where it feels appropriate by strict code review.
In the title, s/20.7/17.1/ I suppose?
Jan
Functions
se regexes to exempt all .*printk and .*printf functions, instead
of manually listing them one by one;
- rebase: change SAF-3-safe in SAF-4-safe.
Changes in v2:
- replace "related to console output" with "printf()-like functions";
- replace "special hypercalls" with
calls. They take a variable number of arguments depending on the
original hypercall they are trying to continue.
Add SAF deviations for the aforementioned functions.
Signed-off-by: Simone Ballarin
---
Changes in v3:
- rebase: change SAF-3-safe to SAF-4-safe.
Changes in v2:
- replaced "sp
The Xen community wants to avoid using variadic functions except for
specific circumstances where it feels appropriate by strict code review.
Add deviation for printf()-like functions.
Signed-off-by: Simone Ballarin
---
Changes in v3:
- use regex to exempt all .*printk and .*printf functions
On 22/03/24 15:12, Jan Beulich wrote:
On 22.03.2024 14:44, Simone Ballarin wrote:
On 22/03/24 10:44, Jan Beulich wrote:
On 22.03.2024 09:46, Simone Ballarin wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -382,6 +382,32
On 22/03/24 10:44, Jan Beulich wrote:
On 22.03.2024 09:46, Simone Ballarin wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -382,6 +382,32 @@ explicit comment indicating the fallthrough intention is
present."
-c
- replace "related to console output" with "printf()-like functions";
- replace "special hypercalls" with "internal helpers".
Simone Ballarin (2):
automation/eclair: add deviation for MISRA C:2012 Rule 17.1
xen: address violations of MISRA C Rule 17.1
e internal helper functions made to break long running hypercalls into
multiple calls. They take a variable number of arguments depending on the
original hypercall they are trying to continue.
Add SAF deviations for the aforementioned functions.
Signed-off-by: Simone Ballarin
---
Changes in v2:
MISRA C:2012 Rule 17.1 states:
The features of `' shall not be used
The Xen community wants to avoid using variadic functions except for
specific circumstances where it feels appropriate by strict code review.
Add deviation for printf()-like functions.
Signed-off-by: Simone Ballarin
On 21/03/24 02:47, Stefano Stabellini wrote:
On Wed, 20 Mar 2024, Jan Beulich wrote:
On 20.03.2024 09:51, Simone Ballarin wrote:
MISRA C Rule 20.7 states: "The features of `' shall not be used"
The Xen community wants to avoid using variadic functions except for
specific circumsta
On 21/03/24 19:00, Stefano Stabellini wrote:
On Thu, 21 Mar 2024, Jan Beulich wrote:
On 21.03.2024 02:50, Stefano Stabellini wrote:
On Wed, 20 Mar 2024, Jan Beulich wrote:
On 20.03.2024 09:50, Simone Ballarin wrote:
MISRA C:2012 Rule 17.1 states:
The features of `' shall not be used
The Xen
re special hypercalls made to break long running hypercalls into multiple
calls. They take a variable number of arguments depending on the original
hypercall they are trying to continue.
Add SAF deviations for the aforementioned functions.
Signed-off-by: Simone Ballarin
---
docs/misra/safe.js
-off-by: Simone Ballarin
---
.../eclair_analysis/ECLAIR/deviations.ecl | 26 +++
docs/misra/deviations.rst | 5
2 files changed, 31 insertions(+)
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl
b/automation/eclair_analysis/ECLAIR
nd similar).
Simone Ballarin (2):
automation/eclair: add deviation for MISRA C:2012 Rule 17.1
xen: address violations of MISRA C Rule 17.1
.../eclair_analysis/ECLAIR/deviations.ecl | 26 +++
docs/misra/deviations.rst | 5
docs/misra
On 11/03/24 14:56, Jan Beulich wrote:
On 11.03.2024 13:00, Simone Ballarin wrote:
On 11/03/24 11:08, Jan Beulich wrote:
On 11.03.2024 09:59, Simone Ballarin wrote:
--- a/xen/arch/arm/include/asm/hypercall.h
+++ b/xen/arch/arm/include/asm/hypercall.h
@@ -1,3 +1,4 @@
+/* SAF-5-safe direct
On 11/03/24 11:10, Jan Beulich wrote:
On 11.03.2024 09:59, Simone Ballarin wrote:
--- a/xen/arch/arm/efi/efi-boot.h
+++ b/xen/arch/arm/efi/efi-boot.h
@@ -3,6 +3,10 @@
* is intended to be included by common/efi/boot.c _only_, and
* therefore can define arch specific global variables
On 11/03/24 11:08, Jan Beulich wrote:
On 11.03.2024 09:59, Simone Ballarin wrote:
Add deviation comments to address violations of
MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order
to prevent the contents of a header file being included more than
once").
Inclusion g
On 11/03/24 10:59, Jan Beulich wrote:
On 11.03.2024 09:59, Simone Ballarin wrote:
The Xen sources contain violations of MISRA C:2012 Directive 4.10 whose
headline states:
"Precautions shall be taken in order to prevent the contents of a header file
being included more than once".
ia Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/x86/cpu/mtrr/mtrr.h | 4
1 file changed, 4 insertions(+)
diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h
index a9741e0cb0..632bf658be 100644
--- a/xen/arch/x86/cpu/mtrr/mtrr.h
+++ b/xen/arch/x86/cpu/mtrr/mtrr
standard.
Mechanical change.
---
Commit introduced in v3
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/build.mk | 6 --
xen/scripts/Makefile.asm-generic | 16 +++-
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git
d anywhere) and the #if directive cannot
be used for other checks.
Mechanical change.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Changes in v3:
- remove trailing underscores
- change inclusion guard name to adhere to the new standard
Changes in v2:
- drop changes in xen/i
-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/arm/include/asm/domain.h | 6 +++---
xen/arch/arm/include/asm/efibind.h | 5 +
xen/arch/arm/include/asm/event.h | 6 +++---
xen/arch/arm/include/asm/grant_table.h | 6 +++---
xen/arch/arm/include/asm/io.h
Add inclusion guards to address violations of
MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order
to prevent the contents of a header file being included more than
once").
Mechanical change.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Cha
This patch adds deviation comments using the format specified
in docs/misra/safe.json for headers with just the direct
inclusion guard before the inclusion guard since they are
safe and not supposed to comply with the directive.
Signed-off-by: Simone Ballarin
---
Changes in v3:
- fix inconsistent
d anywhere).
Mechanical change.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Changes in v3:
- remove trailing underscores
- change inclusion guard name to adhere to the new standard
Changes in v2:
- remove extra blanks
- drop changes in C files
Note:
Changes in Mak
ed in
docs/misra/safe.json.
Generated headers are not generally safe against multi-inclusions,
whether a header is safe depends on the nature of the generated code
in the header. For that reason, this patch drops the deviation for
generated headers.
Signed-off-by: Simone Ballarin
---
Changes in
ia Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/x86/include/asm/domain.h | 6 +++---
xen/arch/x86/include/asm/event.h | 6 +++---
xen/arch/x86/include/asm/grant_table.h | 6 +++---
xen/arch/x86/include/asm/io.h | 6 +++---
xen/arch/x86/include/asm/irq.h
ia Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/common/lz4/defs.h | 5 +
1 file changed, 5 insertions(+)
diff --git a/xen/common/lz4/defs.h b/xen/common/lz4/defs.h
index 6d81113266..ecfbf07f83 100644
--- a/xen/common/lz4/defs.h
+++ b/xen/common/lz4/defs.h
@@ -8,6 +8,9 @@
* published b
From: Maria Celeste Cesario
Add safe deviation for *.c files, as estabilished in past discussion.
Add SAF deviation for files that need an #include directive before guard.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Commit introduced in v3
Link to the discussion
at.h.
Add deviation comment for files intended for multiple inclusion.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Changes in v3:
- fix inconsistent deviation ID
- remove trailing underscores
Changes in v2:
- merge patches 7/13 and 13/13 of v1 as they had the sam
Add inclusion guard to address violations of
MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order
to prevent the contents of a header file being included more than
once").
Mechanical change.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Cha
event the contents of a header
file being included more than once"
This patch adds deviation cooments for headers that avoid guards.
Signed-off-by: Simone Ballarin
---
Changes in v3:
- fix inconsistent deviation ID
- change comment-based deviation text
Changes in v2:
- use the format
n: address violations of MISRA C:2012 Directive 4.10
xen: add deviations for MISRA C.2012 Directive 4.10
xen/x86: address violations of MISRA C:2012 Directive 4.10
x86/mtrr: address violations of MISRA C:2012 Directive 4.10
xen/lz4: address violations of MISRA C:2012 Directive 4.10
Simone Ba
Add inclusion guards to address violations of
MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order
to prevent the contents of a header file being included more than
once").
Mechanical change.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Cha
Add inclusion guard to address violations of
MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order
to prevent the contents of a header file being included more than
once").
Mechanical change.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Cha
On 26/02/24 16:44, Andrew Cooper wrote:
On 02/02/2024 3:16 pm, Simone Ballarin wrote:
From: Maria Celeste Cesario
Function and macro properties contained in ECLAIR/call_properties.ecl are of
general interest: this patch moves these annotations in a generaric JSON file
in docs. In this way
by the missing inclusion
of the rst file in the toctree.
Reported-by: Andrew Cooper
Fixes: f4519ee8 ("eclair: move function and macro properties outside ECLAIR")
Signed-off-by: Simone Ballarin
---
automation/eclair_analysis/propertyparser.py| 2 +-
.../function-macro-prope
On 09/02/24 23:13, Stefano Stabellini wrote:
On Wed, 7 Feb 2024, Simone Ballarin wrote:
On 07/02/24 11:24, Jan Beulich wrote:
On 07.02.2024 11:03, Simone Ballarin wrote:
On 06/02/24 13:04, Jan Beulich wrote:
On 02.02.2024 16:16, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall
properties.ecl does not exist and it is not
even generated by propertyparser.py. Loading
this file causes empty ECLAIR analysis.
Fixes: f4519ee8 ("eclair: move function and macro properties outside ECLAIR")
Signed-off-by: Simone Ballarin
---
automation/eclair_analysis/ECLAIR/analys
On 07/02/24 13:40, Jan Beulich wrote:
On 07.02.2024 13:21, Simone Ballarin wrote:
On 07/02/24 11:24, Jan Beulich wrote:
On 07.02.2024 11:03, Simone Ballarin wrote:
On 06/02/24 13:04, Jan Beulich wrote:
On 02.02.2024 16:16, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall
On 06/02/24 14:13, Jan Beulich wrote:
On 02.02.2024 16:16, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall not contain persistent side effects
This patch moves expressions with side-effects into new variables before
the initializer lists.
No functional changes.
Signed-off
On 07/02/24 11:24, Jan Beulich wrote:
On 07.02.2024 11:03, Simone Ballarin wrote:
On 06/02/24 13:04, Jan Beulich wrote:
On 02.02.2024 16:16, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall not contain persistent side effects
Effects caused by debug/logging macros and functions
On 06/02/24 13:04, Jan Beulich wrote:
On 02.02.2024 16:16, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall not contain persistent side effects
Effects caused by debug/logging macros and functions (like ASSERT,
__bad_atomic_size,
LOG, etc ...) that crash execution or produce logs
On 02/02/24 10:37, Simone Ballarin wrote:
From: Maria Celeste Cesario
The Xen sources contain violations of MISRA C:2012 Rule 13.1 whose headline
states:
"Initializer lists shall not contain persistent side effects".
The file properties.json containing function and macro
Rule 13.1: Initializer lists shall not contain persistent side effects
The assignment operation in:
.irq = rc = uart->irq,
is a persistent side effect in a struct initializer list.
This patch assigns rc separately outside the structure.
No functional change.
Signed-off-by: Simone Balla
:
eclair: move function and macro properties outside ECLAIR
Simone Ballarin (3):
xen: add SAF deviation for debugging and logging effects
xen/ns16550: address violations of MISRA C:2012 Rule 13.1
xen/x86: address violations of MISRA C:2012 Rule 13.1
.../eclair_analysis/ECLAIR/analysis.ecl
containing explanation on how to update
function_macro_properties.json.
Add script to convert the JSON file in ECL configurations.
Remove ECLAIR/call_properties.ecl: the file is now automatically generated from
the JSON file.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
Rule 13.1: Initializer lists shall not contain persistent side effects
This patch moves expressions with side-effects into new variables before
the initializer lists.
No functional changes.
Signed-off-by: Simone Ballarin
---
xen/arch/x86/io_apic.c | 9 ++---
xen/arch/x86/mpparse.c | 3
caused by uses of the current
macro
(that contains an asm volatile) in initializer lists.
No functional changes.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Changes in v3:
- change commit prefix from xen/arm to xen
- specify where saf-3-safe comments are applied
On 02/02/24 10:37, Simone Ballarin wrote:
From: Maria Celeste Cesario
Add JSON file containing properties.
Add rst file containing explanation on how to update properties.json.
Add instruction to eclair_analysis/prepare.sh to parse the JSON file.
Signed-off-by: Maria Celeste Cesario
Signed
Rule 13.1: Initializer lists shall not contain persistent side effects
The assignment operation in:
.irq = rc = uart->irq,
is a persistent side effect in a struct initializer list.
This patch assigns rc separately outside the structure.
No functional change.
Signed-off-by: Simone Balla
From: Maria Celeste Cesario
Add JSON file containing properties.
Add rst file containing explanation on how to update properties.json.
Add instruction to eclair_analysis/prepare.sh to parse the JSON file.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
expression in the following if-statement
- change commit prefix from xen/arm to xen
- specify where saf-3-safe comments are applied in guestcopy.c
- reword saf comments text
Maria Celeste Cesario (1):
eclair: add and manage properties
Simone Ballarin (3):
xen: add SAF deviation for debugging and logging eff
caused by uses of the current
macro
(that contains an asm volatile) in initializer lists.
No functional changes.
Signed-off-by: Simone Ballarin
Signed-off-by: Maria Celeste Cesario
---
Changes in v3:
- change commit prefix from xen/arm to xen
- specify where saf-3-safe comments are applied
Rule 13.1: Initializer lists shall not contain persistent side effects
This patch moves expressions with side-effects into new variables before
the initializer lists.
No functional changes.
Signed-off-by: Simone Ballarin
---
xen/arch/x86/io_apic.c | 9 ++---
xen/arch/x86/mpparse.c | 3
t.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
Reviewed-by: Stefano Stabellini
---
Adaptation requested by the community to make the code more consistent.
---
xen/arch/ppc/include/asm/atomic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/p
to comply with function
signature.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v2:
- reword SAF-3-safe text;
- merge comments on __hvm_copy;
- add SAF-3-safe comment in x86/hvm.c:3433;
- add SAF-3-safe comment on arm/guestcopy.c raw_cop
originally const-qualified.
There's no reason to drop the qualifiers.
Drop redundant cast to preserve const qualifier.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v2:
- drop redundant cast on fdt
---
xen/arch/arm
From: Maria Celeste Cesario
The xen sources contain violations of MISRA C:2012 Rule 11.8 whose
headline states:
"A conversion shall not remove any const, volatile or _Atomic
qualification from the type pointed to by a pointer".
This patch amends or drops casts that unnecessarily
drop const
t resulted in violation of the Rule, a cast to type uintptr_t
is more appropriate type-wise.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Commit introduced in v2
---
xen/common/version.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/v
to remove it.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Commit introduced in v2.
---
xen/include/xen/err.h | 13 -
1 file changed, 13 deletions(-)
diff --git a/xen/include/xen/err.h b/xen/include/xen/err.h
index 2f29b57d28..cbdd1bf7f8 100644
--- a/x
casts away any
qualifier to do pointer arithmetic, but making the macro definition compliant
would add additional complexity, therefore a deviation is introduced.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v2:
- remove deviation for function ERR_CAST;
co
On 14/12/23 17:36, Jan Beulich wrote:
On 14.12.2023 13:07, Simone Ballarin wrote:
--- a/xen/include/acpi/acmacros.h
+++ b/xen/include/acpi/acmacros.h
@@ -116,7 +116,7 @@
#define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i)
#ifndef ACPI_MISALIGNMENT_NOT_SUPPORTED
-#define
On 14/12/23 17:32, Jan Beulich wrote:
On 14.12.2023 13:07, Simone Ballarin wrote:
--- a/xen/common/version.c
+++ b/xen/common/version.c
@@ -178,7 +178,7 @@ void __init xen_build_init(void)
if ( [1] >= __note_gnu_build_id_end )
return;
-sz = (void *)__note_gnu_build_id_
On 14/12/23 13:36, Jan Beulich wrote:
On 14.12.2023 13:07, Simone Ballarin wrote:
From: Maria Celeste Cesario
The xen sources contain violations of MISRA C:2012 Rule 11.8 whose
headline states:
"A conversion shall not remove any const, volatile or _Atomic
qualification from the type po
to comply with its
function signature. There's no modification of the pointee during its
execution, therefore its use can be deemed as safe.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
docs/misra/safe.json | 8
xen/arch/x86/hvm/hvm.c | 1 +
2 files
n ERR_CAST.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
container_of: Fixing this violation would require the declaration of a new
macro taking advantage of the return value of the ternary operator ?: :
its return value preserves qualifiers present on both express
er to void and the function
hvm_copy_to_guest_linear
requires a const void* type argument, therefore the cast to void* is not
necessary.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/x86/hvm/hvm.c | 2 +-
1 file changed, 1 inser
no reason to drop the const qualifier in ACPI_COMPARE_NAME since
the macro arguments are not modified in its body.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/include/acpi/acmacros.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/in
ta returns values that are const-qualified.
The results are stored in const struct pointers, hence
there's no need to cast away the const qualifiers.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/x86/boot/reloc.c | 4 ++--
1 file changed, 2 insertions(+), 2
originally const-qualified.
There's no reason to drop the qualifiers.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/common/efi/boot.c | 6 +++---
xen/common/version.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/xen/common/efi/boot.c b/
From: Maria Celeste Cesario
The xen sources contain violations of MISRA C:2012 Rule 11.8 whose
headline states:
"A conversion shall not remove any const, volatile or _Atomic
qualification from the type pointed to by a pointer".
This patch amends or removes casts that unnecessarily drop
const
t.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Adaptation requested by the community to make the code more consistent.
---
xen/arch/ppc/include/asm/atomic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/ppc/include/asm/atomic.h
b/xe
p and ptr are originally volatile-qualified.
There's no reason to drop the qualifiers.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/arm/arm64/lib/bitops.c | 6 --
xen/arch/arm/include/asm/arm64/cmpxchg.h | 10 +-
2 fil
originally const-qualified.
There's no reason to drop the qualifiers.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/arm/bootfdt.c | 6 +++---
xen/arch/arm/include/asm/alternative.h | 2 +-
2 files changed, 4 insert
using enum constants as controlling expressions
to comply with Rule 14.4.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v2
- rename prefix from AMD/IOMMU to x86/IOMMU
- move changes on msi.c and hpet.c in this patch.
---
xen/arch/
using enum constants as controlling expressions
to comply with Rule 14.4.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v2:
- move changes on hpet.c and msi.c to x86/IOMMU patch.
- rename prefix from xen/x86 to xen/x86_emulate.
---
xe
From: Maria Celeste Cesario
The xen sources contain violations of MISRA C:2012 Rule 14.4 whose
headline states:
"The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type".
Add comparisons to avoid using enum
On 07/12/23 15:15, Jan Beulich wrote:
On 07.12.2023 14:53, Simone Ballarin wrote:
On 07/12/23 11:54, Jan Beulich wrote:
On 07.12.2023 10:48, Simone Ballarin wrote:
--- a/xen/arch/x86/hpet.c
+++ b/xen/arch/x86/hpet.c
@@ -279,7 +279,7 @@ static int hpet_msi_write(struct hpet_event_channel *ch
On 07/12/23 11:54, Jan Beulich wrote:
On 07.12.2023 10:48, Simone Ballarin wrote:
--- a/xen/arch/x86/hpet.c
+++ b/xen/arch/x86/hpet.c
@@ -279,7 +279,7 @@ static int hpet_msi_write(struct hpet_event_channel *ch,
struct msi_msg *msg)
{
ch->msi.msg = *msg;
-if ( iommu_intre
r is_dying is an anonymous enum designed to act as boolean.
Add deviation to mark its uses in controlling expressions as deliberate.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 6 ++
docs/misra/deviations.rst
using enum constants as controlling expressions
to comply with Rule 14.4.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/drivers/passthrough/amd/iommu_init.c | 4 ++--
xen/drivers/passthrough/vtd/iommu.c | 4 ++--
xen/drivers/passthrough/vt
using enum constants as controlling expressions
to comply with Rule 14.4.
No functional change.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/x86/hpet.c| 6 +++---
xen/arch/x86/msi.c | 4 ++--
xen/arch/x86/x86_emulate/x86_emu
From: Maria Celeste Cesario
The xen sources contain violations of MISRA C:2012 Rule 14.4 whose
headline states:
"The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type".
Add comparisons to avoid using enum
On 04/12/23 17:54, Jan Beulich wrote:
On 04.12.2023 17:32, Simone Ballarin wrote:
From: Maria Celeste Cesario
Remove or amend casts to comply with Rule 11.8.
Fix violations by adding missing const qualifier in cast.
Fix violations by removing unnecessary cast.
Change type of operands from
.
No functional changes.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v3:
- drop const qualifier in both operands of the variable diff.
- fix parentheses error.
Changes in v2:
- arm/regs.h: add const qualifier to the first operand,
change types of both
On 28/11/23 09:42, Jan Beulich wrote:
On 27.11.2023 18:34, Simone Ballarin wrote:
On 27/11/23 16:09, Jan Beulich wrote:
On 27.11.2023 15:35, Simone Ballarin wrote:
On 27/11/23 11:46, Jan Beulich wrote:
On 24.11.2023 18:29, Simone Ballarin wrote:
--- a/docs/misra/safe.json
+++ b/docs/misra
On 02/12/23 04:19, Stefano Stabellini wrote:
On Fri, 24 Nov 2023, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall not contain persistent side effects
Invocations of functions in initializer lists cause violations of rule
13.1 if the called functions are not tagged
On 01/12/23 14:48, Julien Grall wrote:
On 01/12/2023 13:42, Simone Ballarin wrote:
On 01/12/23 12:48, Julien Grall wrote:
Hi Simone,
On 01/12/2023 11:37, Simone Ballarin wrote:
From: Maria Celeste Cesario
Remove or amend casts to comply with Rule 11.8.
The violations are resolved either
On 01/12/23 14:03, Jan Beulich wrote:
On 01.12.2023 12:48, Julien Grall wrote:
On 01/12/2023 11:37, Simone Ballarin wrote:
--- a/xen/arch/arm/include/asm/regs.h
+++ b/xen/arch/arm/include/asm/regs.h
@@ -48,7 +48,7 @@ static inline bool regs_mode_is_32bit(const struct
cpu_user_regs *regs
On 01/12/23 12:48, Julien Grall wrote:
Hi Simone,
On 01/12/2023 11:37, Simone Ballarin wrote:
From: Maria Celeste Cesario
Remove or amend casts to comply with Rule 11.8.
The violations are resolved either by adding missing const
qualifiers in casts or by removing unnecessary cast.
Change
with the arm version.
- dom0less-build.c: rebase change in the new file.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
xen/arch/arm/dom0less-build.c | 2 +-
xen/arch/arm/include/asm/atomic.h | 2 +-
xen/arch/arm/include/asm/regs.h | 2 +-
xen/arch/x86/include/asm/regs.h
Signed-off-by: Simone Ballarin
---
Changes in v3:
- fix guard for inclusion of out_of_scope.ecl.
Changes in v2:
- drop changes to inhibit test and build stages in scheduled pipelines.
---
automation/eclair_analysis/ECLAIR/action.settings | 2 +-
automation/eclair_analysis/ECLAIR/analysis.e
On 30/11/23 04:13, Stefano Stabellini wrote:
On Thu, 23 Nov 2023, Simone Ballarin wrote:
The scheduled analyses are intended to maintain an overall vision
of the MISRA complaince of the entire project. For this reason,
the file exclusions in "out_of_scope.ecl" should not be applied.
On 27/11/23 16:09, Jan Beulich wrote:
On 27.11.2023 15:35, Simone Ballarin wrote:
On 27/11/23 11:46, Jan Beulich wrote:
On 24.11.2023 18:29, Simone Ballarin wrote:
--- a/docs/misra/safe.json
+++ b/docs/misra/safe.json
@@ -28,6 +28,22 @@
},
{
"id&quo
On 27/11/23 11:46, Jan Beulich wrote:
On 24.11.2023 18:29, Simone Ballarin wrote:
Rule 13.1: Initializer lists shall not contain persistent side effects
Effects caused by debug/logging macros and functions (like ASSERT,
__bad_atomic_size,
LOG, etc ...) that crash execution or produce logs
On 24/11/23 18:56, Andrew Cooper wrote:
On 24/11/2023 4:29 pm, Simone Ballarin wrote:
Maria Celeste Cesario (5):
x86/platform_hypercall: address violations of MISRA C:2012 Rule 11.8
x86/boot/reloc: address violations of MISRA C:2012 Rule 11.8
AMD/IOMMU: address violations of MISRA C
caused by uses of the current
macro
(that contains an asm volatile) in initializer lists.
No functional changes.
Signed-off-by: Simone Ballarin
---
Changes in v2:
New patch based on the discussion for "xen/arm: address violations of MISRA
C:2012 Rule 13.1".
---
docs/misra/safe.jso
definition:
"like pure but can also read volatile variable not triggering side effects"
These patch tags some functions used in initializer lists to address
violations of Rule 13.1.
No functional changes.
Signed-off-by: Simone Ballarin
---
Changes in v2:
New patch partly based o
hanges.
Signed-off-by: Maria Celeste Cesario
Signed-off-by: Simone Ballarin
---
Changes in v2:
- avoid assignment of rc;
- drop changes in vcpu_yield(void).
---
xen/drivers/char/ns16550.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/xen/drivers/char/ns16550.c
1 - 100 of 321 matches
Mail list logo
