mbox series

[RFC,0/4] fix some issues related to MISRA C:2012 Rule 9.1

Message ID cover.1689329728.git.nicola.vetrini@bugseng.com (mailing list archive)
Headers show
Series fix some issues related to MISRA C:2012 Rule 9.1 | expand

Message

Nicola Vetrini July 14, 2023, 11:49 a.m. UTC
This patch series is aimed at discussing different categories of
patterns concerning local variables that are possibly not
initialized in all code paths, which results in hard-to-prove
correctness. The main categories are as follows:

1. Variables initialized by passing a pointer to them to a function.
   Many such functions are coupled with error handling which results
	 in the variable not being initialized.

2. Some variables are used in switch statements and the control flow
   ensures that all code paths do initialize them, but due to the
	 presence of goto statements, the flow is harder to follow.

I emphasize that, as far as I can tell, the code is already
compliant with the rule, but there is room for improvement, especially
on the side of allowing automatic checks to be more effective.

Nicola Vetrini (4):
  xen/arm: justify or initialize conditionally uninitialized variables
  xen/arm64: bitops: justify uninitialized variable inside a macro
  xen/arm: initialize conditionally uninitialized local variables
  xen/arm: initialize conditionally uninitialized local variables

 docs/misra/safe.json                        | 24 +++++++++++++++
 xen/arch/arm/arm64/lib/bitops.c             |  3 ++
 xen/arch/arm/arm64/lib/find_next_bit.c      |  1 +
 xen/arch/arm/bootfdt.c                      |  6 ++++
 xen/arch/arm/cpuerrata.c                    |  6 ++--
 xen/arch/arm/decode.c                       |  2 ++
 xen/arch/arm/dm.c                           |  2 +-
 xen/arch/arm/domain_build.c                 | 29 ++++++++++++++----
 xen/arch/arm/domctl.c                       |  8 ++---
 xen/arch/arm/efi/efi-boot.h                 |  6 ++--
 xen/arch/arm/gic-v3-its.c                   |  9 +++---
 xen/arch/arm/gic-v3-lpi.c                   | 17 ++++++-----
 xen/arch/arm/guest_walk.c                   | 12 ++++----
 xen/arch/arm/include/asm/guest_atomics.h    |  3 ++
 xen/arch/arm/include/asm/p2m.h              | 10 ++++---
 xen/arch/arm/mm.c                           |  1 +
 xen/arch/arm/p2m.c                          | 33 ++++++++++++---------
 xen/arch/arm/platforms/xilinx-zynqmp-eemi.c | 10 ++-----
 xen/arch/arm/psci.c                         | 10 +++----
 xen/drivers/char/pl011.c                    |  2 +-
 20 files changed, 129 insertions(+), 65 deletions(-)

--
2.34.1

Comments

Stefano Stabellini July 25, 2023, 8:05 p.m. UTC | #1
For the record, as I mentioned during the call today, I asked to
postpone the 9.1 work for later, because it is going to take a lot of
work and discussions to figure out a good way forward for all these
cases. There are at least 3-5 different sub-classes for this issues. So
I think it would be better for the Xen community to make more progress
with other rules and violations fixes first.


On Fri, 14 Jul 2023, Nicola Vetrini wrote:
> This patch series is aimed at discussing different categories of
> patterns concerning local variables that are possibly not
> initialized in all code paths, which results in hard-to-prove
> correctness. The main categories are as follows:
> 
> 1. Variables initialized by passing a pointer to them to a function.
>    Many such functions are coupled with error handling which results
> 	 in the variable not being initialized.
> 
> 2. Some variables are used in switch statements and the control flow
>    ensures that all code paths do initialize them, but due to the
> 	 presence of goto statements, the flow is harder to follow.
> 
> I emphasize that, as far as I can tell, the code is already
> compliant with the rule, but there is room for improvement, especially
> on the side of allowing automatic checks to be more effective.
> 
> Nicola Vetrini (4):
>   xen/arm: justify or initialize conditionally uninitialized variables
>   xen/arm64: bitops: justify uninitialized variable inside a macro
>   xen/arm: initialize conditionally uninitialized local variables
>   xen/arm: initialize conditionally uninitialized local variables
> 
>  docs/misra/safe.json                        | 24 +++++++++++++++
>  xen/arch/arm/arm64/lib/bitops.c             |  3 ++
>  xen/arch/arm/arm64/lib/find_next_bit.c      |  1 +
>  xen/arch/arm/bootfdt.c                      |  6 ++++
>  xen/arch/arm/cpuerrata.c                    |  6 ++--
>  xen/arch/arm/decode.c                       |  2 ++
>  xen/arch/arm/dm.c                           |  2 +-
>  xen/arch/arm/domain_build.c                 | 29 ++++++++++++++----
>  xen/arch/arm/domctl.c                       |  8 ++---
>  xen/arch/arm/efi/efi-boot.h                 |  6 ++--
>  xen/arch/arm/gic-v3-its.c                   |  9 +++---
>  xen/arch/arm/gic-v3-lpi.c                   | 17 ++++++-----
>  xen/arch/arm/guest_walk.c                   | 12 ++++----
>  xen/arch/arm/include/asm/guest_atomics.h    |  3 ++
>  xen/arch/arm/include/asm/p2m.h              | 10 ++++---
>  xen/arch/arm/mm.c                           |  1 +
>  xen/arch/arm/p2m.c                          | 33 ++++++++++++---------
>  xen/arch/arm/platforms/xilinx-zynqmp-eemi.c | 10 ++-----
>  xen/arch/arm/psci.c                         | 10 +++----
>  xen/drivers/char/pl011.c                    |  2 +-
>  20 files changed, 129 insertions(+), 65 deletions(-)
> 
> --
> 2.34.1
>