From nobody Mon Feb  9 07:43:01 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1697638759582686.5557056535615;
 Wed, 18 Oct 2023 07:19:19 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.618597.962454 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qt7Nz-0005fX-O1; Wed, 18 Oct 2023 14:18:59 +0000
Received: by outflank-mailman (output) from mailman id 618597.962454;
 Wed, 18 Oct 2023 14:18:59 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qt7Nz-0005eA-HF; Wed, 18 Oct 2023 14:18:59 +0000
Received: by outflank-mailman (input) for mailman id 618597;
 Wed, 18 Oct 2023 14:18:58 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=7etD=GA=bugseng.com=simone.ballarin@srs-se1.protection.inumbo.net>)
 id 1qt7Ny-0004vw-BC
 for xen-devel@lists.xenproject.org; Wed, 18 Oct 2023 14:18:58 +0000
Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47])
 by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id 4527c161-6dc1-11ee-9b0e-b553b5be7939;
 Wed, 18 Oct 2023 16:18:55 +0200 (CEST)
Received: from beta.station (net-188-218-250-245.cust.vodafonedsl.it
 [188.218.250.245])
 by support.bugseng.com (Postfix) with ESMTPSA id A47764EE0743;
 Wed, 18 Oct 2023 16:18:54 +0200 (CEST)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 4527c161-6dc1-11ee-9b0e-b553b5be7939
From: Simone Ballarin <simone.ballarin@bugseng.com>
To: xen-devel@lists.xenproject.org
Cc: consulting@bugseng.com,
	sstabellini@kernel.org,
	Simone Ballarin <simone.ballarin@bugseng.com>,
	Doug Goldstein <cardoe@cardoe.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	George Dunlap <george.dunlap@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Julien Grall <julien@xen.org>,
	Wei Liu <wl@xen.org>
Subject: [XEN PATCH 2/4] automation/eclair: add deviations and call
 properties.
Date: Wed, 18 Oct 2023 16:18:49 +0200
Message-Id: 
 <8f426cc761c734d457a74416dd5b83fd10128c26.1697638210.git.simone.ballarin@bugseng.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1697638210.git.simone.ballarin@bugseng.com>
References: <cover.1697638210.git.simone.ballarin@bugseng.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1697638760487100001
Content-Type: text/plain; charset="utf-8"

Deviate violations of MISRA C:2012 Rule 13.1 caused by
functions vcpu_runnable and __bad_atomic_size. These functions
contain side-effects such as debugging logs, assertions and
failures that cannot cause unexpected behaviors.

Add "noeffect" call property to functions read_u.*_atomic and
get_cycles.

Signed-off-by: Simone Ballarin <simone.ballarin@bugseng.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
---
 .../eclair_analysis/ECLAIR/call_properties.ecl      | 10 ++++++++++
 automation/eclair_analysis/ECLAIR/deviations.ecl    | 13 +++++++++++++
 docs/misra/deviations.rst                           | 11 +++++++++++
 3 files changed, 34 insertions(+)

diff --git a/automation/eclair_analysis/ECLAIR/call_properties.ecl b/automa=
tion/eclair_analysis/ECLAIR/call_properties.ecl
index 3f7794bf8b..f410a6aa58 100644
--- a/automation/eclair_analysis/ECLAIR/call_properties.ecl
+++ b/automation/eclair_analysis/ECLAIR/call_properties.ecl
@@ -104,3 +104,13 @@ Furthermore, their uses do initialize the involved var=
iables as needed by futher
 -call_properties+=3D{"macro(^(__)?(raw_)?copy_from_(paddr|guest|compat)(_o=
ffset)?$)", {"pointee_write(1=3Dalways)", "pointee_read(1=3Dnever)", "taken=
()"}}
 -call_properties+=3D{"macro(^(__)?copy_to_(guest|compat)(_offset)?$)", {"p=
ointee_write(2=3Dalways)", "pointee_read(2=3Dnever)", "taken()"}}
 -doc_end
+
+-doc_begin=3D"Functions generated by build_atomic_read cannot be considere=
d pure
+since the input pointer is volatile."
+-call_properties+=3D{"^read_u(8|16|32|64|int)_atomic.*$", {"noeffect"}}
+-doc_end
+
+-doc_begin=3D"get_cycles does not perform visible side-effects "
+-call_property+=3D{"name(get_cycles)", {"noeffect"}}
+-doc_end
+
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/=
eclair_analysis/ECLAIR/deviations.ecl
index fa56e5c00a..b80ccea7bc 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -233,6 +233,19 @@ this."
 -config=3DMC3R1.R10.1,etypes+=3D{safe,
   "stmt(operator(and||or||xor||not||and_assign||or_assign||xor_assign))",
   "any()"}
+#
+# Series 13.
+#
+
+-doc_begin=3D"Function __bad_atomic_size is intended to generate a linkage=
 error
+if invoked. Calling it in intentionally unreachable switch cases is safe e=
ven
+in a initializer list."
+-config=3DMC3R1.R13.1,reports+=3D{safe, "first_area(^.*__bad_atomic_size.*=
$)"}
+-doc_end
+
+-doc_begin=3D"Function vcpu_runnable contains pragmas and other side-effec=
ts for
+debugging purposes, their invocation is safe even in a initializer list."
+-config=3DMC3R1.R13.1,reports+=3D{safe, "first_area(^.*vcpu_runnable.*$)"}
 -doc_end
=20
 -doc_begin=3D"See Section \"4.5 Integers\" of \"GCC_MANUAL\", where it say=
s that
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 8511a18925..2fcdb8da58 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -192,6 +192,17 @@ Deviations related to MISRA C:2012 Rules:
        See automation/eclair_analysis/deviations.ecl for the full explanat=
ion.
      - Tagged as `safe` for ECLAIR.
=20
+   * - R13.1
+     - Function __bad_atomic_size is intended to generate a linkage error =
if
+       invoked. Calling it in intentionally unreachable switch cases is
+       safe even in a initializer list.
+     - Tagged as `safe` for ECLAIR.
+
+   * - R13.1
+     - Function vcpu_runnable contains pragmas and other side-effects for
+       debugging purposes, their invocation is safe even in a initializer =
list.
+     - Tagged as `safe` for ECLAIR.
+
    * - R13.5
      - All developers and reviewers can be safely assumed to be well aware=
 of
        the short-circuit evaluation strategy for logical operators.
--=20
2.34.1