1. Patchew
  2. Xen
  3. View series

[PATCH v4] automation/eclair: update configuration of D4.10

Stefano Stabellini posted 1 patch 4 months, 3 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/alpine.DEB.2.22.394.2506061403280.2495561@ubuntu-linux-20-04-desktop
There is a newer version of this series
automation/eclair_analysis/ECLAIR/deviations.ecl | 11 +++++++----
automation/eclair_analysis/ECLAIR/tagging.ecl    |  1 +
docs/misra/deviations.rst                        | 12 ++++++++++++
xen/arch/x86/include/asm/cpufeatures.h           |  8 +++++---
xen/include/xen/compile.h.in                     |  3 +++
xen/tools/process-banner.sed                     |  5 +++++
6 files changed, 33 insertions(+), 7 deletions(-)
[PATCH v4] automation/eclair: update configuration of D4.10
Posted by Stefano Stabellini 4 months, 3 weeks ago 
MISRA C Directive 4.10 states that "Precautions shall be taken in order
to prevent the contents of a header file being included more than
once".

Add a SAF tag to the existing comment on top of cpufeatures.h.
Add a header inclusion guard to compile.h.

Update ECLAIR configuration to:
- extend existing deviation to other comments explicitly saying a file
  is intended for multiple inclusion;
- extend existing deviation to other autogenerated files;
- tag the guidelines as clean.

Update deviations.rst accordingly.

Signed-off-by: Federico Serafini <federico.serafini@bugseng.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
---
Changes in v4:
- remove deviation for
  xen/arch/{arm,x86}/include/generated/asm/\*
---
 automation/eclair_analysis/ECLAIR/deviations.ecl | 11 +++++++----
 automation/eclair_analysis/ECLAIR/tagging.ecl    |  1 +
 docs/misra/deviations.rst                        | 12 ++++++++++++
 xen/arch/x86/include/asm/cpufeatures.h           |  8 +++++---
 xen/include/xen/compile.h.in                     |  3 +++
 xen/tools/process-banner.sed                     |  5 +++++
 6 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 9c67358d46..3b5bc87e1d 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -72,11 +72,14 @@ they are not instances of commented-out code."
 -config=MC3A2.D4.3,reports+={deliberate, "any_area(any_loc(file(arm64_bitops))&&context(name(int_clear_mask16)))"}
 -doc_end
 
--doc_begin="Files that are intended to be included more than once do not need to
-conform to the directive."
+-doc_begin="Files that are intended to be included more than once (and have
+a comment that says this explicitly) do not need to conform to the directive."
 -config=MC3A2.D4.10,reports+={safe, "first_area(text(^/\\* This file is intended to be included multiple times\\. \\*/$, begin-4))"}
--config=MC3A2.D4.10,reports+={safe, "first_area(text(^/\\* Generated file, do not edit! \\*/$, begin-3))"}
--config=MC3A2.D4.10,reports+={safe, "all_area(all_loc(file(^xen/include/generated/autoconf.h$)))"}
+-config=MC3A2.D4.10,reports+={safe, "first_area(text(^/\\* Generated file, do not edit! \\*/$, begin-3...begin-2))"}
+-doc_end
+
+-doc_begin="Autogenerated files that do not need to conform to the directive."
+-config=MC3A2.D4.10,reports+={safe, "all_area(all_loc(file(^xen/include/generated/autoconf\\.h$)))"}
 -doc_end
 
 -doc_begin="Including multiple times a .c file is safe because every function or data item
diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/automation/eclair_analysis/ECLAIR/tagging.ecl
index f9da5d5f4d..b95f07feb0 100644
--- a/automation/eclair_analysis/ECLAIR/tagging.ecl
+++ b/automation/eclair_analysis/ECLAIR/tagging.ecl
@@ -23,6 +23,7 @@
 "MC3A2.D1.1||
 MC3A2.D2.1||
 MC3A2.D4.1||
+MC3A2.D4.10||
 MC3A2.D4.11||
 MC3A2.D4.14||
 MC3A2.R1.1||
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index fe0b1e10a2..63caa8f4a2 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -30,6 +30,18 @@ Deviations related to MISRA C:2012 Directives:
        not to add an additional encapsulation layer.
      - Tagged as `deliberate` for ECLAIR.
 
+   * - D4.10
+     - Files that are intended to be included more than once (and have
+       a comment that says this explicitly) do not need to conform to the
+       directive.
+     - Tagged as `safe` for ECLAIR.
+
+   * - D4.10
+     - There are autogenerated files that do not need to comply to the
+       directive.
+     - Tagged as `safe` for ECLAIR. Such files are:
+        - xen/include/generated/autoconf.h
+
    * - D4.10
      - Including multiple times a .c file is safe because every function or data item
        it defines would in (the common case) be already defined.
diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h
index 9e3ed21c02..bd1f00f5d2 100644
--- a/xen/arch/x86/include/asm/cpufeatures.h
+++ b/xen/arch/x86/include/asm/cpufeatures.h
@@ -1,6 +1,6 @@
-/*
- * Explicitly intended for multiple inclusion.
- */
+/* This file is intended to be included multiple times. */
+/*#ifndef X86_CPUFEATURES_H */
+/*#define X86_CPUFEATURES_H */
 
 #include <xen/lib/x86/cpuid-autogen.h>
 
@@ -63,3 +63,5 @@ XEN_CPUFEATURE(USE_VMCALL,        X86_SYNTH(30)) /* Use VMCALL instead of VMMCAL
 
 /* Total number of capability words, inc synth and bug words. */
 #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */
+
+/*#endif X86_CPUFEATURES_H */
diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in
index 3151d1e7d1..9206341ba6 100644
--- a/xen/include/xen/compile.h.in
+++ b/xen/include/xen/compile.h.in
@@ -1,3 +1,6 @@
+#ifndef XEN_COMPILE_H
+#define XEN_COMPILE_H
+
 #define XEN_COMPILE_DATE	"@@date@@"
 #define XEN_COMPILE_TIME	"@@time@@"
 #define XEN_COMPILE_BY		"@@whoami@@"
diff --git a/xen/tools/process-banner.sed b/xen/tools/process-banner.sed
index 56c76558bc..4cf3f9a116 100755
--- a/xen/tools/process-banner.sed
+++ b/xen/tools/process-banner.sed
@@ -12,3 +12,8 @@ s_(.*)_"\1\\n"_
 
 # Trailing \ on all but the final line.
 $!s_$_ \\_
+
+# Append closing header guard
+$a\
+\
+#endif /* XEN_COMPILE_H */
-- 
2.25.1
Re: [PATCH v4] automation/eclair: update configuration of D4.10
Posted by Jan Beulich 4 months, 3 weeks ago 
On 06.06.2025 23:04, Stefano Stabellini wrote:
> --- a/xen/arch/x86/include/asm/cpufeatures.h
> +++ b/xen/arch/x86/include/asm/cpufeatures.h
> @@ -1,6 +1,6 @@
> -/*
> - * Explicitly intended for multiple inclusion.
> - */
> +/* This file is intended to be included multiple times. */

While I can see that this may indeed be needed, ...

> +/*#ifndef X86_CPUFEATURES_H */
> +/*#define X86_CPUFEATURES_H */

... I wonder what this is about. Sorry, I didn't spot this as a change
in v3. If it's needed, these comments want to be well formed (have a
space between * and #).

Beyond this - why is this header ending up different from e.g.
public/errno.h, where a SAF-8 comment is used?

Jan
Re: [PATCH v4] automation/eclair: update configuration of D4.10
Posted by Stefano Stabellini 4 months, 1 week ago 
On Tue, 10 Jun 2025, Jan Beulich wrote:
> On 06.06.2025 23:04, Stefano Stabellini wrote:
> > --- a/xen/arch/x86/include/asm/cpufeatures.h
> > +++ b/xen/arch/x86/include/asm/cpufeatures.h
> > @@ -1,6 +1,6 @@
> > -/*
> > - * Explicitly intended for multiple inclusion.
> > - */
> > +/* This file is intended to be included multiple times. */
> 
> While I can see that this may indeed be needed, ...
> 
> > +/*#ifndef X86_CPUFEATURES_H */
> > +/*#define X86_CPUFEATURES_H */
> 
> ... I wonder what this is about. Sorry, I didn't spot this as a change
> in v3. If it's needed, these comments want to be well formed (have a
> space between * and #).

Without it, ECLAIR throws other violations. But I can fix the lack of a
space.


> Beyond this - why is this header ending up different from e.g.
> public/errno.h, where a SAF-8 comment is used?

Because SAF-8 is meant to be used on top of an #ifndef and there is no
#ifndef here
Re: [PATCH v4] automation/eclair: update configuration of D4.10
Posted by Jan Beulich 4 months, 1 week ago 
On 21.06.2025 04:19, Stefano Stabellini wrote:
> On Tue, 10 Jun 2025, Jan Beulich wrote:
>> On 06.06.2025 23:04, Stefano Stabellini wrote:
>>> --- a/xen/arch/x86/include/asm/cpufeatures.h
>>> +++ b/xen/arch/x86/include/asm/cpufeatures.h
>>> @@ -1,6 +1,6 @@
>>> -/*
>>> - * Explicitly intended for multiple inclusion.
>>> - */
>>> +/* This file is intended to be included multiple times. */
>>
>> While I can see that this may indeed be needed, ...
>>
>>> +/*#ifndef X86_CPUFEATURES_H */
>>> +/*#define X86_CPUFEATURES_H */
>>
>> ... I wonder what this is about. Sorry, I didn't spot this as a change
>> in v3. If it's needed, these comments want to be well formed (have a
>> space between * and #).
> 
> Without it, ECLAIR throws other violations. But I can fix the lack of a
> space.

So the original comment that was there didn't serve its purpose?

>> Beyond this - why is this header ending up different from e.g.
>> public/errno.h, where a SAF-8 comment is used?
> 
> Because SAF-8 is meant to be used on top of an #ifndef and there is no
> #ifndef here

How can that be? SAF-8 is specifically to cover for the lack of a guard,
i.e. typically the lack of any (respective) #ifndef. SAF-8's description
also says nothing along these lines. And then it looks to be possible to
add some #ifndef here, e.g. checking NCAPINTS. Just that the #endif would
need to come early, and another #ifndef would then be wanted at about 2/3
of the file.

Jan

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.