[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2] misra: add deviation of Rule 2.1 for BUG() macro

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • Date: Tue, 16 Sep 2025 12:45:22 +0000
  • Accept-language: en-US, uk-UA, ru-RU
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W6XoUttgMRb6pOjMwWhbuAvhXm2rApd18bfiIb1FoJA=; b=OaVc0jI0LmwDZNVrVRWJFN2q5hH09jeIxE05AgraRGXGTdwCScU+xJ6eSSExBFN/oPUI2Gi18oJ9op0a/01bL9vCA9/XHmQsjga9410Aiq1/XjnlNXe3r7YGGHyIdYgTD+2ltjFK5WBJjNO+lFAXYVVTCyGvcnngQwAJ5e60Q6HO1fQ0qtUx2G7lXrVGyIVYRlUKWJMzTy3G2ZcBrHLsyOt7m7EV1Tkc8DqsY5hkeEF2CCIVeQQLf1862B9nQKObdJ6htaaAr5cBQ8DUEQsCV7TNsTfDN3SpOhqYGkcLwYyCIAJbtqaT0/IrU4rnSXp+l5+E2W7rPGzbfGHQsIzt/A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oJ+LhB7yoHFCBWDrO2GttJbrg7hLB45xz2as+yjLTnk6OpjHb3cDg9W73KGe6rWJ2kfNVBW2Bw7xyEXWlrsula/OBSRlb3cP13FL09QWZStAmeJJIjgtiwxJSMvZ5lcyjQdlO6HiFaJrkFueE7ggxwEVVUmJo0AO+w1BK0bE12JuY9GMkeBhtP7C4OCKGSccU3UJjO6VXMYNEREFxQ2gvpTWpY7P9orS3yikVJxxe8NXwfUv+7nXhN+lBemCiT1WhWbziSI2nYELaGEhuYynNUNRiKVPDQmBommTqCJFvdN+56l0UEeMXs1CGreQeKVAmxjjQit6h5werlKcmPdT+A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 16 Sep 2025 12:45:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcJwfEWjVU7vF+102YDgRq9OEY7w==
  • Thread-topic: [PATCH v2] misra: add deviation of Rule 2.1 for BUG() macro
MISRA C Rule 2.1 states: "A project shall not contain unreachable code".
Functions that are non-returning and are not explicitly annotated with
the 'noreturn' attribute are considered a violation of this rule.

In certain cases, some functions might be non-returning in specific build
configurations due to call to '__builtin_unreachable()' in the expansion
of the macro 'BUG()':
 - functions 'gicv3_do_LPI()' and 'gicv3_its_setup_collection()' when the
config CONFIG_HAS_ITS is not defined, it is intentionally used to catch
and prevent any unintended execution of code that should only run when
ITS is available;
 - function 'prepare_acpi()' when the config CONFIG_ACPI is not defined,
to trigger an error if ACPI-related features are used incorrectly.

Although these functions are defined as 'static inline' and the compiler
may remove them from the object if they are not called (e.g., during Dead
Code Elimination (DCE)), they are still present after preprocessing and
are analyzed by the Eclair tool (regardless of whether this code is later
removed by the compiler). This is what causes Eclair to detect these rule
violations.

To account for that in specific builds, update the ECLAIR configuration
to deviate these violations. Update deviations.rst file accordingly.
No functional changes.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
Changes in v2:
- updated commit message (added explanation why the Eclair detects these
  violations)
- aligned Eclair configs with deviations wordings (explicit specify header
  file and function 'static inline' attributes)

Link to v1:
https://patchew.org/Xen/f7b4112aad84162c25f96a9d6db43a0c2ba85daa.1756046023.git.dmytro._5Fprokopchuk1@xxxxxxxx/

Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2042397534
---
 .../eclair_analysis/ECLAIR/deviations.ecl       | 12 ++++++++++++
 docs/misra/deviations.rst                       | 17 +++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 7f3fd35a33..c10dbf4f26 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -41,6 +41,18 @@ not executable, and therefore it is safe for them to be 
unreachable."
 
-call_properties+={"name(__builtin_unreachable)&&stmt(begin(any_exp(macro(name(ASSERT_UNREACHABLE)))))",
 {"noreturn(false)"}}
 -doc_end
 
+-doc_begin="In the specific build configuration (when the config CONFIG_ACPI 
is not defined) the 'BUG()' macro is intentionally
+used in the 'prepare_acpi()' function defined as 'static inline' in the header 
file 'xen/arch/arm/include/asm/domain_build.h'
+to trigger a runtime error if ACPI-related features are used incorrectly."
+-config=MC3A2.R2.1,reports+={deliberate, 
"any_area(any_loc(file(^xen/arch/arm/include/asm/domain_build\\.h$))&&context(name(prepare_acpi)&&written_inline()&&written_storage(static)))"}
+-doc_end
+
+-doc_begin="In the specific build configuration (when the config 
CONFIG_HAS_ITS is not defined) the 'BUG()' macro is intentionally
+used in the 'gicv3_do_LPI()' and 'gicv3_its_setup_collection()' functions 
defined as 'static inline' in the header file 
'xen/arch/arm/include/asm/gic_v3_its.h'
+to catch and prevent any unintended execution of code that should only run 
when ITS is available."
+-config=MC3A2.R2.1,reports+={deliberate, 
"any_area(any_loc(file(^xen/arch/arm/include/asm/gic_v3_its\\.h$))&&context(name(gicv3_do_LPI||gicv3_its_setup_collection)&&written_inline()&&written_storage(static)))"}
+-doc_end
+
 -doc_begin="Proving compliance with respect to Rule 2.2 is generally 
impossible:
 see https://arxiv.org/abs/2212.13933 for details. Moreover, peer review gives 
us
 confidence that no evidence of errors in the program's logic has been missed 
due
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 3271317206..45f665d5e3 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -98,6 +98,23 @@ Deviations related to MISRA C:2012 Rules:
        even when debug-only assertions like `ASSERT_UNREACHABLE()` are removed.
      - ECLAIR has been configured to ignore those statements.
 
+   * - R2.1
+     - In the specific build configuration (when the config CONFIG_ACPI is not
+       defined) the 'BUG()' macro is intentionally used in the 'prepare_acpi()'
+       function in the header file 'xen/arch/arm/include/asm/domain_build.h'
+       defined as 'static inline' to trigger a runtime error if ACPI-related
+       features are used incorrectly.
+     - Tagged as `deliberate` for ECLAIR.
+
+   * - R2.1
+     - In the specific build configuration (when the config CONFIG_HAS_ITS is 
not
+       defined) the 'BUG()' macro is intentionally used in the 'gicv3_do_LPI()'
+       and 'gicv3_its_setup_collection()' functions defined as 'static inline'
+       in the header file 'xen/arch/arm/include/asm/gic_v3_its.h' to catch and
+       prevent any unintended execution of code that should only run when ITS 
is
+       available.
+     - Tagged as `deliberate` for ECLAIR.
+
    * - R2.2
      - Proving compliance with respect to Rule 2.2 is generally impossible:
        see `<https://arxiv.org/abs/2212.13933>`_ for details. Moreover, peer
-- 
2.43.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.