Re: [XEN PATCH] xen: rework deviation to address varargs MISRA violations

[Nicola Vetrini <nicola.vetrini@bugseng.com>]

On 2026-01-05 12:54, Andrew Cooper wrote:
> On 02/01/2026 11:53 am, Nicola Vetrini wrote:
>> On 2026-01-02 10:42, Andrew Cooper wrote:
>>> On 31/12/2025 11:22 am, Nicola Vetrini wrote:
>>>> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl
>>>> b/automation/eclair_analysis/ECLAIR/deviations.ecl
>>>> index 219ba6993b90..7dee4a488d45 100644
>>>> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
>>>> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
>>>> @@ -570,13 +570,11 @@ safe."
>>>>  # Series 17.
>>>>  #
>>>> 
>>>> --doc_begin="printf()-like functions are allowed to use the variadic
>>>> features provided by stdarg.h."
>>>> --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printk\\(.*\\)$)))"}
>>>> 
>>>> --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printf\\(.*\\)$)))"}
>>>> 
>>>> --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(panic)&&kind(function))))"}
>>>> 
>>>> --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"}
>>>> 
>>>> --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(vprintk_common)&&kind(function))))"}
>>>> 
>>>> --config=MC3A2.R17.1,macros+={hide , "^va_(arg|start|copy|end)$"}
>>>> +-doc_begin="printf()-like or scanf()-like functions are allowed to
>>>> use the variadic features provided by stdarg.h,
>>>> +provided that they are declared using the `format' attribute."
>>>> +-decl_selector+={format_attr, "property(format)"}
>>>> +-config=MC3A2.R17.1,reports+={deliberate,
>>>> "any_area(^.*va_list.*$&&context(ancestor_or_self(format_attr)))"}
>>>> +-config=MC3A2.R17.1,macros+={deliberate , 
>>>> "^va_(arg|start|copy|end)$"}
>>>>  -doc_end
>>>> 
>>>>  -doc_begin="Not using the return value of a function does not
>>>> endanger safety if it coincides with an actual argument."
>>>> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
>>>> index b3431ef24e26..584907b048ec 100644
>>>> --- a/docs/misra/deviations.rst
>>>> +++ b/docs/misra/deviations.rst
>>>> @@ -570,8 +570,8 @@ Deviations related to MISRA C:2012 Rules:
>>>>       - Tagged as `deliberate` for ECLAIR.
>>>> 
>>>>     * - R17.1
>>>> -     - printf()-like functions  are allowed to use the variadic
>>>> features provided
>>>> -       by `stdarg.h`.
>>>> +     - printf()-like or scanf()-like functions are allowed to use
>>>> the variadic
>>>> +       features provided by `stdarg.h`.
>>>>       - Tagged as `deliberate` for ECLAIR.
>>> 
>>> Much nicer.  But don't we want to repeat the part about
>>> __attribute__((format(...))) here?  After all, that is the 
>>> justification
>>> of why it's safer than nothing.
>>> 
>> 
>> Ok, that would be more accurate for sure. I didn't do that to preserve
>> the original intention of the deviation, but they are practically
>> equivalent with the current codebase, so changing the text makes
>> little difference. I'll tweak that.
> 
> I can adjust on commit, if you're happy?  Everything else is fine 
> AFAICT.
> 
> In fact, this fixes the x86_64-allcode complaint for
> vmcoreinfo_append_str() which is already annotated, and
> debugtrace_printk() too (not yet enabled in *-allcode).
> 
> ~Andrew

Yes, sorry for the delay. I forgot I had to respin the patch here.

-- 
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253