[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Thu, 19 Oct 2023 09:32:41 +0200
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, roger.pau@xxxxxxxxxx, Simone Ballarin <simone.ballarin@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, andrew.cooper3@xxxxxxxxxx
Delivery-date: Thu, 19 Oct 2023 07:32:54 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 19/10/2023 09:03, Jan Beulich wrote:

On 19.10.2023 02:54, Stefano Stabellini wrote:

On Thu, 19 Oct 2023, andrew.cooper3@xxxxxxxxxx wrote:
On 18/10/2023 2:42 pm, Nicola Vetrini wrote:
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index ee7aed0609d2..1b00e4e3e9b7 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -199,6 +199,11 @@ Deviations related to MISRA C:2012 Rules:
See automation/eclair_analysis/deviations.ecl for the fullexplanation.
      - Tagged as `safe` for ECLAIR.

+   * - R11.9
+ - __ACCESS_ONCE uses a 0 as a null pointer constant to checkif a type is
+       scalar, therefore its usage for this purpose is allowed.
This is still deeply misleading.
There is an integer, which happens to be 0 but could be anything,usedfor a compile time typecheck[1]. In some cases this may beinterpreted
as a pointer constant, and is permitted for this purpose.

~Andrew
[1] I know I wrote scalar typecheck in the comment, but I suspectthat
what I actually meant was non-compound-type typecheck.
To help Nicola find the right wording do you have a concretesuggestion
for the text to use?

Reading your reply, I am guessing it would be:

* - R11.9
  - __ACCESS_ONCE uses an integer, which happens to be zero, as a
non-compound-type typecheck. The typecheck uses a cast. The usageof
    zero or other integers for this purpose is allowed.


"non-compound" isn't correct either: __int128_t, for example, isn't a
compound type but may not be used with ACCESS_ONCE(). Furthermore
certain compound types are, as indicated earlier, in principle okay
to use with ACCESS_ONCE(). Both are shortcomings of the present
implementation, which imo shouldn't propagate into this document. I'd
say just "as a compile time check".

Jan


Ok, I'll amend it

--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

References:
- [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9
  - From: Nicola Vetrini
- Re: [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9
  - From: andrew . cooper3
- Re: [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9
  - From: Stefano Stabellini
- Re: [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9
  - From: Jan Beulich

Prev by Date: Re: [PATCH for-4.18 v2] iommu/vt-d: fix SAGAW capability parsing
Next by Date: Re: [XEN PATCH 1/4] xen/arm: address violations of MISRA C:2012 Rule 13.1
Previous by thread: Re: [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9
Next by thread: Re: [XEN PATCH][for-4.19 v3] xen: address violations of Rule 11.9
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.