[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] misra: fix violations in macros GVA_INFO, TRACE_TIME
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Thu, 31 Jul 2025 18:09:57 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1753978198; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=NFAmfO++jaBaaSF8ptPpb12ixK59ZYs1HyzRGK4j40w=; b=zlSvO4nvP20ZvFnXSEj9NE1R61maoGzRx9S/JAJ4XuAvvJHj/DnazaTi0BSGcvEe9oSI Y6syT8ialysce+91KOmXHp19Jx82X/YqIrSOkhGNiufokf/zp1WDnBeBwy1fvbLQEQZbu vNeBdCtFYBex6lJJfuAQY/FB8SCYSgO+dNBIkkZqUDR7y1e4zr1OKfvThJBVM7IofAimE BTaBASfaz2WRKCu907i+sBcZ+maqocoHgoPDiLPGyMQrGpsDzO982P9Tp7UPTclLxVr7V QRbX3hYs2prH7di1ChRQ3B5zWSq1HObQST/CSPKOj2YxzkVlpkQu4xLlptjWTdhBye0O4 KF1tpitCl4ujcMRfJgrhzU82EZDK1pokA0yb8ztzUgoME0gpnpatGogPUCEf5lKb/zoBi qzgGF2RTOsLsbuZSg/exrX4W80i/apEWTVIitJOQZnIptcPTsFgUtJJc+lNxVgt2FOMQV ig6ODh8Pp+qv5E09t29HvYJuZuu1wdgTCi8/fNpm71K74f8Du1isTflx1tZPACJao59OA dk1f79P/q1g9sztUi81GJAR9RjHYLGKPgfWoag6Fcw/mNLJ9Slb8b5poJOHNAuPb3W7sb 3ybPFeskg+L1nClzGvmwwzph2ix0LxlIeAQEFs1behfu83On5Kx4hPymdqqC3dY=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1753978198; b=orN3FtAMCfrY5evuDNG6dlIiNVCZt6qyg26gQIzKuWlf+XKr58PkNCytkS2oEBVASb4Y upj/qOvc1kGNEzeh40RzyYFR951Xpg0uDDarVgOCIlcoLu3UdztR8Zm908PYMwB4V3b/M nqnwoUU4+m4OhfEUNiQVxhjLJF00/q6hR6PnBOJ09THvEBCZL6J7lqLc4bzsU+SE+9JyU 9/dxCiHp00ZYCK1h/5zZ10Ve0xYdhtjgtmOrMY1O7m+vBgSygxJgTVuka0lKFfaHjngnB 6YjnwKRdJF6YcgFK2p36mCFP5AixBEFSl5rXwGC23cdlu6AED8SG0KLq9cTZA5aK5lOI5 u28yfpZGatNUiWoTxn4Xsmnh1DYQdMxrB1wD/0tdLcBrVSR/clsfqw4I2d6UxEd7LOL0u 0i+hNptVguKWOMDkGt8H1GMm0GLnpxI9E5tSUZVmky/7ylzTFICfSiasJyXyl56uIahgL xk4/XU0mWf7Iv4ESyL3Iomx7Jt7thbvUH4dX+aQbiicWMDOKe7q+V6IbtjdZya6Yb/oci AVxayxHEIQsuCHpwqKLf9V4hfCGoKSZYep6Qbt528mOrA587namEKkZnbvLWfDGo3VJ06 qaIeWjun5Qt3c8/FIohxKk+hrgr5Njhik0fZATFvXpD5aBaW4YvGYQDY84zY0Yw=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Thu, 31 Jul 2025 16:10:04 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-31 18:05, Andrew Cooper wrote:
On 31/07/2025 4:58 pm, Jan Beulich wrote:
On 31.07.2025 17:37, Andrew Cooper wrote:
On 31/07/2025 4:16 pm, Dmytro Prokopchuk1 wrote:
MISRA Rule 13.1: Initializer lists shall not contain persistent side
effects.
The violations occur because both the `GVA_INFO` and `TRACE_TIME`
macro
expansions include expressions with persistent side effects
introduced
via inline assembly.
In the case of `GVA_INFO`, the issue stems from the initializer list
containing a direct call to `current`, which evaluates to
`this_cpu(curr_vcpu)` and involves persistent side effects via the
`asm` statement. To resolve this, the side-effect-producing
expression
is computed in a separate statement prior to the macro
initialization:
struct vcpu *current_vcpu = current;
The computed value is passed into the `GVA_INFO(current_vcpu)`
macro,
ensuring that the initializer is clean and free of such side
effects.
Similarly, the `TRACE_TIME` macro violates this rule when accessing
expressions like `current->vcpu_id` and
`current->domain->domain_id`,
which also depend on `current` and inline assembly. To fix this, the
value of `current` is assigned to a temporary variable:
struct vcpu *v = current;
This temporary variable is then used to access `domain_id` and
`vcpu_id`.
This ensures that the arguments passed to the `TRACE_TIME` macro are
simple expressions free of persistent side effects.
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
The macro `current` specifically does not (and must not) have side
effects. It is expected to behave like a plain `struct vcpu
*current;`
variable, and what Eclair is noticing is the thread-local machinery
under this_cpu() (or in x86's case, get_current()).
In ARM's case, it's literally reading the hardware thread pointer
register. Can anything be done to tell Eclair that `this_cpu()`
specifically does not have side effects?
The only reason that GVA_INFO() and TRACE_TIME() are picked out is
because they both contain embedded structure initialisation, and this
is
is actually an example where trying to comply with MISRA interferes
with
what is otherwise a standard pattern in Xen.
Irrespective of what you say, some of the changes here were
eliminating
multiple adjacent uses of current, which - iirc - often the compiler
can't fold via CSE.
Where we have mixed usage, sure. (I'm sure I've got a branch somewhere
trying to add some more pure/const around to try and help out here, but
I can't find it, and don't recall it being a major improvement either.)
The real problem here is that there are a *very few* number of contexts
where Eclair refuses to tolerate the use of `current` citing side
effects, despite there being no side effects.
That is the thing that breaks the principle of least surprise, and we
ought to fix it by making Eclair happy with `current` everywhere,
rather
than force people to learn that 2 macros can't have a `current` in
their
parameter list.
I'll take a look. Likely yes, by adding a handful of properties. There
are subtleties, though.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
