From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: Luca Fancellu <Luca.Fancellu@arm.com>
Cc: "Stefano Stabellini" <sstabellini@kernel.org>,
Xen-devel <xen-devel@lists.xenproject.org>,
michal.orzel@amd.com, xenia.ragiadakou@amd.com,
"Ayan Kumar Halder" <ayan.kumar.halder@amd.com>,
consulting@bugseng.com, "Jan Beulich" <jbeulich@suse.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Henry Wang" <Henry.Wang@arm.com>,
"Simone Ballarin" <simone.ballarin@bugseng.com>,
"Doug Goldstein" <cardoe@cardoe.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Julien Grall" <julien@xen.org>, "Wei Liu" <wl@xen.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>
Subject: Re: [XEN PATCH] xen: Add SAF deviations for MISRA C:2012 Rule 7.1
Date: Wed, 04 Oct 2023 12:29:44 +0200 [thread overview]
Message-ID: <2894008e8f612296da84267346ae4240@bugseng.com> (raw)
In-Reply-To: <DB96C095-5FAF-40A1-9CA8-002291AA1933@arm.com>
On 04/10/2023 12:06, Luca Fancellu wrote:
> Hi Nicola,
>
>> On 4 Oct 2023, at 10:56, andrew.cooper3@citrix.com wrote:
>>
>> On 03/10/2023 9:46 pm, Stefano Stabellini wrote:
>>> On Tue, 3 Oct 2023, Nicola Vetrini wrote:
>>>
>>>> As specified in rules.rst, these constants can be used
>>>> in the code.
>>>> Their deviation is now accomplished by using a SAF comment,
>>>> rather than an ECLAIR configuration.
>>>>
>>>> Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
>>>>
>>> "SAF" discussion aside that can be resolved elsewhere:
>>>
>>> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
>>
>> Well no. "SAF" aside (and SAF does need fixing before reposting this
>> patch, otherwise it's just unnecessary churn), ...
>>
>>>> diff --git a/xen/arch/x86/hvm/svm/svm.h b/xen/arch/x86/hvm/svm/svm.h
>>>> index d2a781fc3fb5..d0623b72ccfa 100644
>>>> --- a/xen/arch/x86/hvm/svm/svm.h
>>>> +++ b/xen/arch/x86/hvm/svm/svm.h
>>>> @@ -57,14 +57,23 @@ static inline void svm_invlpga(unsigned long
>>>> linear, uint32_t asid)
>>>> #define INSTR_INT3 INSTR_ENC(X86EMUL_OPC( 0, 0xcc), 0)
>>>> #define INSTR_ICEBP INSTR_ENC(X86EMUL_OPC( 0, 0xf1), 0)
>>>> #define INSTR_HLT INSTR_ENC(X86EMUL_OPC( 0, 0xf4), 0)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_XSETBV INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0321)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_VMRUN INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0330)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_VMCALL INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0331)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_VMLOAD INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0332)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_VMSAVE INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0333)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_STGI INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0334)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_CLGI INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0335)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_INVLPGA INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0337)
>>>> +/* SAF-2-safe */
>>>> #define INSTR_RDTSCP INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0371)
>>>> #define INSTR_INVD INSTR_ENC(X86EMUL_OPC(0x0f, 0x08), 0)
>>>> #define INSTR_WBINVD INSTR_ENC(X86EMUL_OPC(0x0f, 0x09), 0)
>>
>> ... this has broken a tabulated structure to have comments ahead of
>> lines with octal numbers, while ...
>>
>>>> diff --git a/xen/arch/x86/hvm/svm/emulate.c
>>>> b/xen/arch/x86/hvm/svm/emulate.c
>>>> index aa2c61c433b3..c5e3341c6316 100644
>>>> --- a/xen/arch/x86/hvm/svm/emulate.c
>>>> +++ b/xen/arch/x86/hvm/svm/emulate.c
>>>> @@ -90,9 +90,9 @@ unsigned int svm_get_insn_len(struct vcpu *v,
>>>> unsigned int instr_enc)
>>>> if ( !instr_modrm )
>>>> return emul_len;
>>>>
>>>> - if ( modrm_mod == MASK_EXTR(instr_modrm, 0300) &&
>>>> - (modrm_reg & 7) == MASK_EXTR(instr_modrm, 0070) &&
>>>> - (modrm_rm & 7) == MASK_EXTR(instr_modrm, 0007) )
>>>> + if ( modrm_mod == MASK_EXTR(instr_modrm, 0300) && /* SAF-2-safe */
>>>> + (modrm_reg & 7) == MASK_EXTR(instr_modrm, 0070) && /* SAF-2-safe
>>>> */
>>>> + (modrm_rm & 7) == MASK_EXTR(instr_modrm, 0007) ) /* SAF-2-safe */
>>>> return emul_len;
>>>> }
>>
>> ... this has comments at the end of lines with octal numbers.
>>
>> So which is it?
>
> I agree with Andrew here in this sense: the in-code comment is
> supposed to be on the line *before* the violation,
> not on the same line, so I’m also wondering how it is fixing the very
> first violation.
>
> Cheers,
> Luca
>
Actually it justifies what is on either the previous line or the same
because it's
translated to /* -E> safe MC3R1.R7.1 1 */, where the last number is how
many lines besides
the current one are to be deviated (e.g. you can have 0 deviate only the
current line).
Most of the times the current form is what's needed, as you would put
the comment on a line
of its own. In the case of the if that would break the formatting. The
downside of doing the same thing on the table is that the first entry
not to be deviated would actually be deviated.
#define INSTR_INVD INSTR_ENC(X86EMUL_OPC(0x0f, 0x08), 0)
This may not be problematic, since 0 could be considered an octal
constant, but is an
exception explicitly listed in the MISRA rule.
For the same reason the line
return emul_len;
is deviated by the above comment, but putting an octal constant there
would for sure
be the result of a deliberate choice. There's the alternative of:
/* SAF-2-safe */
if ( modrm_mod == MASK_EXTR(instr_modrm, 0300) &&
/* SAF-2-safe */
(modrm_reg & 7) == MASK_EXTR(instr_modrm, 0070) &&
/* SAF-2-safe */
(modrm_rm & 7) == MASK_EXTR(instr_modrm, 0007) )
to make it consistent with the table and avoid any "hidden" deviated
line or, again,
the modification of the translation script so that it doesn't use a
fixed "1" offset, which
is motivated by what you wrote on the thread of the modification of
xen_analysis.py.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
next prev parent reply other threads:[~2023-10-04 10:30 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-03 15:37 [XEN PATCH] xen: Add SAF deviations for MISRA C:2012 Rule 7.1 Nicola Vetrini
2023-10-03 16:17 ` andrew.cooper3
2023-10-03 17:14 ` Luca Fancellu
2023-10-03 17:27 ` Andrew Cooper
2023-10-03 18:21 ` Stefano Stabellini
2023-10-03 20:46 ` Stefano Stabellini
2023-10-04 9:56 ` andrew.cooper3
2023-10-04 10:06 ` Luca Fancellu
2023-10-04 10:29 ` Nicola Vetrini [this message]
2023-10-04 10:52 ` Luca Fancellu
2023-10-04 11:17 ` Andrew Cooper
2023-10-04 11:36 ` Luca Fancellu
2023-10-04 12:23 ` Nicola Vetrini
2023-10-04 23:32 ` Stefano Stabellini
2023-10-05 7:35 ` Luca Fancellu
2023-10-06 1:02 ` Stefano Stabellini
2023-10-06 7:58 ` Luca Fancellu
2023-10-07 0:43 ` Stefano Stabellini
2023-10-09 8:09 ` Luca Fancellu
2023-10-09 8:51 ` Julien Grall
2023-10-09 22:19 ` Stefano Stabellini
2023-10-10 7:29 ` Luca Fancellu
2023-10-10 9:04 ` Nicola Vetrini
2023-10-10 10:46 ` Julien Grall
2023-10-10 23:39 ` Stefano Stabellini
2023-10-11 9:45 ` Julien Grall
2023-10-11 9:51 ` Julien Grall
2023-10-11 10:53 ` Luca Fancellu
2023-10-11 12:01 ` Julien Grall
2023-10-12 23:17 ` Stefano Stabellini
2023-10-16 9:40 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2894008e8f612296da84267346ae4240@bugseng.com \
--to=nicola.vetrini@bugseng.com \
--cc=Henry.Wang@arm.com \
--cc=Luca.Fancellu@arm.com \
--cc=andrew.cooper3@citrix.com \
--cc=ayan.kumar.halder@amd.com \
--cc=cardoe@cardoe.com \
--cc=consulting@bugseng.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=roger.pau@citrix.com \
--cc=simone.ballarin@bugseng.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
--cc=xenia.ragiadakou@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.