Re: [PATCH] misra: add deviation of Rule 2.1 for BUG() macro

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@epam.com>
Cc: xen-devel@lists.xenproject.org,
	"Doug Goldstein" <cardoe@cardoe.com>,
	"Stefano Stabellini" <sstabellini@kernel.org>,
	"Andrew Cooper" <andrew.cooper3@citrix.com>,
	"Anthony PERARD" <anthony.perard@vates.tech>,
	"Michal Orzel" <michal.orzel@amd.com>,
	"Jan Beulich" <jbeulich@suse.com>,
	"Julien Grall" <julien@xen.org>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH] misra: add deviation of Rule 2.1 for BUG() macro
Date: Sun, 24 Aug 2025 17:29:58 +0200	[thread overview]
Message-ID: <7d0b9e8e296ea07b966832b9a047baa7@bugseng.com> (raw)
In-Reply-To: <f7b4112aad84162c25f96a9d6db43a0c2ba85daa.1756046023.git.dmytro_prokopchuk1@epam.com>

On 2025-08-24 16:56, Dmytro Prokopchuk1 wrote:
> MISRA C Rule 2.1 states: "A project shall not contain unreachable 
> code".
> Functions that are non-returning and are not explicitly annotated with
> the 'noreturn' attribute are considered a violation of this rule.
> 
> In certain cases, some functions might be non-returning in specific 
> build
> configurations due to call to '__builtin_unreachable()' in the 
> expansion
> of the macro 'BUG()':
>  - functions 'gicv3_do_LPI()' and 'gicv3_its_setup_collection()' when 
> the
> config CONFIG_HAS_ITS is not defined, it is intentionally used to catch
> and prevent any unintended execution of code that should only run when
> ITS is available;
>  - function 'prepare_acpi()' when the config CONFIG_ACPI is not 
> defined,
> to trigger an error if ACPI-related features are used incorrectly.
> 
> To account for that in specific builds, update the ECLAIR configuration
> to deviate these violations. Update deviations.rst file accordingly.
> No functional changes.
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
> ---
> Test CI pipeline:
> https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2000738682
> ---

https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/jobs/11119212994

Build failure here

>  automation/eclair_analysis/ECLAIR/deviations.ecl | 11 +++++++++++
>  docs/misra/deviations.rst                        | 13 +++++++++++++
>  2 files changed, 24 insertions(+)
> 
> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
> b/automation/eclair_analysis/ECLAIR/deviations.ecl
> index 7f3fd35a33..336aec58c2 100644
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -41,6 +41,17 @@ not executable, and therefore it is safe for them to 
> be unreachable."
>  
> -call_properties+={"name(__builtin_unreachable)&&stmt(begin(any_exp(macro(name(ASSERT_UNREACHABLE)))))", 
> {"noreturn(false)"}}
>  -doc_end
> 
> +-doc_begin="The 'BUG()' macro is intentionally used in the 
> 'prepare_acpi()' function in specific build configuration
> +(when the config CONFIG_ACPI is not defined) to trigger an error if 
> ACPI-related features are used incorrectly."
> +-config=MC3A2.R2.1,reports+={deliberate, 
> "any_area(any_loc(file(^xen/arch/arm/include/asm/domain_build\\.h$))&&context(name(prepare_acpi)))"}
> +-doc_end
> +
> +-doc_begin="The 'BUG()' macro is intentionally used in 
> 'gicv3_do_LPI'() and 'gicv3_its_setup_collection()' functions
> +in specific build configuration (when the config CONFIG_HAS_ITS is not 
> defined) to catch and prevent any unintended
> +execution of code that should only run when ITS is available."
> +-config=MC3A2.R2.1,reports+={deliberate, 
> "any_area(any_loc(file(^xen/arch/arm/include/asm/gic_v3_its\\.h$))&&context(name(gicv3_do_LPI||gicv3_its_setup_collection)))"}
> +-doc_end
> +
>  -doc_begin="Proving compliance with respect to Rule 2.2 is generally 
> impossible:
>  see https://arxiv.org/abs/2212.13933 for details. Moreover, peer 
> review gives us
>  confidence that no evidence of errors in the program's logic has been 
> missed due
> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
> index 2119066531..96eb202502 100644
> --- a/docs/misra/deviations.rst
> +++ b/docs/misra/deviations.rst
> @@ -97,6 +97,19 @@ Deviations related to MISRA C:2012 Rules:
>         Xen expects developers to ensure code remains safe and reliable 
> in builds,
>         even when debug-only assertions like `ASSERT_UNREACHABLE() are 
> removed.
> 
> +   * - R2.1
> +     - The 'BUG()' macro is intentionally used in the 'prepare_acpi()' 
> function
> +       in specific build configuration (when the config CONFIG_ACPI is 
> not
> +       defined) to trigger an error if ACPI-related features are used 
> incorrectly.
> +     - Tagged as `deliberate` for ECLAIR.
> +
> +   * - R2.1
> +     - The 'BUG()' macro is intentionally used in 'gicv3_do_LPI'() and
> +       'gicv3_its_setup_collection()' functions in specific build 
> configuration
> +       (when the config CONFIG_HAS_ITS is not defined) to catch and 
> prevent any
> +       unintended execution of code that should only run when ITS is 
> available.
> +     - Tagged as `deliberate` for ECLAIR.
> +
>     * - R2.2
>       - Proving compliance with respect to Rule 2.2 is generally 
> impossible:
>         see `<https://arxiv.org/abs/2212.13933>`_ for details. 
> Moreover, peer

-- 
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

next prev parent reply	other threads:[~2025-08-24 15:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-24 14:56 [PATCH] misra: add deviation of Rule 2.1 for BUG() macro Dmytro Prokopchuk1
2025-08-24 15:29 ` Nicola Vetrini [this message]
2025-08-25  9:56   ` Dmytro Prokopchuk1
2025-08-25 10:07 ` Jan Beulich
2025-08-25 10:26   ` Dmytro Prokopchuk1
2025-08-26 18:07   ` Dmytro Prokopchuk1
2025-08-26 19:15     ` Nicola Vetrini
2025-08-26 23:51       ` Stefano Stabellini
2025-08-27  6:45         ` Dmytro Prokopchuk1
2025-08-27  6:43     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7d0b9e8e296ea07b966832b9a047baa7@bugseng.com \
    --to=nicola.vetrini@bugseng.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=anthony.perard@vates.tech \
    --cc=cardoe@cardoe.com \
    --cc=dmytro_prokopchuk1@epam.com \
    --cc=jbeulich@suse.com \
    --cc=julien@xen.org \
    --cc=michal.orzel@amd.com \
    --cc=roger.pau@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.