[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH 2/2] Address violation of MISRA C Rule 13.1 involving asm side effects.

  • To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • Date: Wed, 13 Aug 2025 07:41:23 +0000
  • Accept-language: en-US, uk-UA, ru-RU
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jku2S9VOEnY+kzDwWRF4jnCWArjfF9dtIi/k9j2T53Y=; b=Ojb0IucUGeA7JNjFHs0l03xi81HxcF1DalSLyJysi8EO1RzY9+aYoK28U6ZmmwQlhTOtTcVpMGK0A1H6p4xNYtwv86h/p6s25QMOuthJOYB2Pr1Zr7W4CXKpLciwE4wc53OEdjZKPTX6PwOroZrwDvtWFraNniLVvgEU798g929473P5x77iqMv2CZaF6kvhNaUCngz6FMVZtBrTUBjiaYeWhNHb8yI6o1I2jvIxTahxUKUOj840EV0vHLZRwAJmsKhHsrZ1FlEBiUpVJtsgeS87DVfJOKmpuL2jbGirGVZfjRF+pqChSuozNX66KGGqJg8feVuUpTSzJ0XbF/uAIQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uxoGP9SuzABzJkGIL8fBJb50o2iXCTGS9scTWkeaPXbeuqxzmtOgS769osFvne4+Kikv2TpoK1mClYlmlJd9xzuPanD+DuJ6IzwpIZBNJDOdvYrPTmBbCoSxcJ9c6pI6MdbcxCEBwOrRgLO3IjQQ6keiYEVk8L2MjvSbv4G12QuFJZ6PQNkMWRJxakUUzpt90F7NhiJHPZFNG7BhfdRedVlPL80xKDB8+eb7eBJeGylOcHPDe1w+HMXe5S1pEtnFwisb3cPHUkw857porBrAcVq6TNSIvZjM7oDMR0Gy7r7sNFYkn/EsjpHJfzWKPKyPdOf64js94f0O4quUU026qg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>
  • Delivery-date: Wed, 13 Aug 2025 07:41:38 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcCK0jS1rUvIHcNU+6wO2ItjtxCLRgOfkA
  • Thread-topic: [XEN PATCH 2/2] Address violation of MISRA C Rule 13.1 involving asm side effects.

On 8/9/25 00:40, Nicola Vetrini wrote:
> The rule states: "Initializer lists shall not contain persistent side 
> effects".
> The specific way in which the 'mrs' instruction is used does not lead to
> visible side effects for the surrounding code.
> 
> Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
> ---
> Not yet tested on the Xen ECLAIR runner, as the syntax used in the deviation
> is only supported after updating the runner.
> 
> What the tool is reporting is that due to the '=r' constraint and the
> semantics of the instruction, there is the side effect of writing to '_r',
> but this is not observable outside the stmt expr. The deviation ends up being
> a bit too general for my taste, but the restriction on the actual istruction
> should be enough to limit applicability to cases that are arguably safe in
> practice.
> 
> An alternative approach would be represented by stating that side effects in
> 'READ_SYSREG64' are safe, but this is not true in general.
> ---
>   automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
> b/automation/eclair_analysis/ECLAIR/deviations.ecl
> index ec0cac797e5f..6b492e38505d 100644
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -437,6 +437,10 @@ write or not"
>   # Series 13
>   #
>   
> +-doc_begin="Consider the asm instruction to read an Arm system register to 
> have no side effects."
> +-asm_properties+={"asm(any())&&child(text, ast_field(value,^mrs\\s+%0.*$))", 
> {no_side_effect}}
> +-doc_end
> +
>   -doc_begin="All developers and reviewers can be safely assumed to be well 
> aware
>   of the short-circuit evaluation strategy of such logical operators."
>   -config=MC3A2.R13.5,reports+={disapplied,"any()"}

I think it's worth to add example of macro expansion in the commit 
description or asm_properties doc:

uint64_t _r; asm volatile("mrs  %0, ""TPIDR_EL2" : "=r" (_r));

This uses the 'mrs' instruction to read from the TPIDR_EL2 register. 
While this read operation accesses a system register, reading itself 
doesn't cause any persistent side effects, as no program state is modified.

Dmytro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.