ler/arch (this is an
IDB in the first place, so it is unlikely that a general statement can
be made). Perhaps the BUILD_BUG_ON should be limited to these
arch-es/compilers, so that there is little doubt about the intended
motivation of the check.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
pointer are
properly aligned when it matters, which in this case is the same as
making sure that "ptr" indeed points to a struct member. What might be a
convincing argument is to have sufficient testing and sanitizers (ASAN
mostly helps here) to show that this assumption is met wi
ns on runners tagged
`eclair-analysis-safety`.
- eclair-{x86_64,ARM64}-testing: analyze Xen using the default
configuration for the purposes of testing new runner updates; runs on
runners tagged `eclair-analysis-testing`.
Signed-off-by: Nicola Vetrini
---
Naturally the right tags to the ru
default value
for the selected jobs regex to remove the need to always check if the
variable is empty.
Signed-off-by: Victor Lira
Reviewed-by: Nicola Vetrini # ECLAIR
If this goes in before [1] (which is likely), then I should rebase
because it will probably conflict
[1]
https
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-08-28 17:54, Dmytro Prokopchuk1 wrote:
On 8/25/25 16:08, Nicola Vetrini wrote:
On 2025-08-25 14:53, Nicola Vetrini wrote:
On 2025-08-22 18:34, Dmytro Prokopchuk1 wrote:
On 8/21/25 11:25, Nicola Vetrini wrote:
On 2025-08-21 10:01, Jan Beulich wrote:
On 19.08.2025 20:55, Dmytro
00644
--- a/xen/common/device-tree/static-shmem.c
+++ b/xen/common/device-tree/static-shmem.c
@@ -185,7 +185,7 @@ static int __init assign_shared_memory(struct
domain *d, paddr_t gbase,
return 0;
fail:
-while ( --i >= 0 )
+while ( i-- )
put_page_nr(page + i, nr_borrowers
unsigned long nr_pages, nr_borrowers, i;
+unsigned long nr_pages, nr_borrowers;
+long i;
struct page_info *page;
paddr_t pbase, psize;
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
86 has been selected ~2 years ago.
So, I see the next plan (just from my point of view):
1. Add "CONFIG_UNSUPPORTED=y" and resolve new violations.
2. Continue with proposed deviation
3. ... ?
Thank you in advance.
Dmytro.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-08-26 15:14, Dmytro Prokopchuk1 wrote:
On 8/26/25 10:56, Nicola Vetrini wrote:
On 2025-08-26 09:45, Jan Beulich wrote:
On 26.08.2025 09:36, Dmytro Prokopchuk1 wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -575,6
e
standpoint it would be better not to make the written justification and
the actual deviation diverge, and then wide both the ECLAIR
configuration and its justification suitably once new cases want to be
deviated. Other than that,
Reviewed-by: Nicola Vetrini
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-08-25 14:53, Nicola Vetrini wrote:
On 2025-08-22 18:34, Dmytro Prokopchuk1 wrote:
On 8/21/25 11:25, Nicola Vetrini wrote:
On 2025-08-21 10:01, Jan Beulich wrote:
On 19.08.2025 20:55, Dmytro Prokopchuk1 wrote:
Rule 11.1 states as following: "Conversions shall not be performed
be
On 2025-08-22 18:34, Dmytro Prokopchuk1 wrote:
On 8/21/25 11:25, Nicola Vetrini wrote:
On 2025-08-21 10:01, Jan Beulich wrote:
On 19.08.2025 20:55, Dmytro Prokopchuk1 wrote:
Rule 11.1 states as following: "Conversions shall not be performed
between a pointer to a function and any other
h and
prevent any
+ unintended execution of code that should only run when ITS is
available.
+ - Tagged as `deliberate` for ECLAIR.
+
* - R2.2
- Proving compliance with respect to Rule 2.2 is generally
impossible:
see `<https://arxiv.org/abs/2212.13933>`_ for details.
Moreover, peer
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
* - R11.3
+ - Convesions in the 'container_of' macro are safe because it
relies on
+ the standardized and well-defined 'offsetof' macro to
calculate the memory
Actually another nit: Here as well as in the description, it would be
nice
to add parentheses, so indicate
is not (* acts as a bullet
point in rst iirc)
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
rived from these linker symbols:
if ( (void *)addr >= iter->text_start &&
(void *)addr < iter->text_end )
Configure Eclair to suppress violation reports occured in the function
'find_text_region()'. Update 'deviations.rst' file accordingly.
No funct
On 2025-08-18 12:16, Dmytro Prokopchuk1 wrote:
On 8/14/25 23:43, Nicola Vetrini wrote:
On 2025-08-14 10:36, Jan Beulich wrote:
On 13.08.2025 20:27, Dmytro Prokopchuk1 wrote:
...
from `vaddr_t' (that is `unsigned long') to `switch_ttbr_fn*' (that
is `void(*)(unsigned long)&#
On 2025-08-15 10:30, Jan Beulich wrote:
On 14.08.2025 20:20, Andrew Cooper wrote:
On 14/08/2025 8:26 am, Jan Beulich wrote:
On 13.08.2025 13:36, Andrew Cooper wrote:
On 12/08/2025 10:43 am, Nicola Vetrini wrote:
On 2025-08-08 22:23, Andrew Cooper wrote:
diff --git a/xen/arch/x86/traps
On 2025-08-15 10:17, Andrew Cooper wrote:
On 15/08/2025 8:20 am, Nicola Vetrini wrote:
On 2025-08-15 00:25, Andrew Cooper wrote:
In macros it is common to declare local variables using typeof(param)
in order
to ensure that side effects are only evaluated once. A consequence
of this is
double
nested macros.
In C23, the auto keyword has been repurposed to perform type inference.
A GCC extension, __auto_type, is now avaialble in the new toolchain
baseline
and avoids the double textural expansion.
Signed-off-by: Andrew Cooper
Reviewed-by: Nicola Vetrini
with a nit below:
---
CC
[docutils]
Signed-off-by: Dmytro Prokopchuk
Reviewed-by: Nicola Vetrini
I recall that Andrew wanted to add a doc build test to avoid introducing
warnings. On that front, with my Sphinx version I also see this build
warning:
Running Sphinx v8.1.3
WARNING: Calling get_html_theme_path is depr
On 2025-08-14 21:44, Andrew Cooper wrote:
On 14/08/2025 8:37 pm, Nicola Vetrini wrote:
On 2025-08-14 13:47, Andrew Cooper wrote:
On 14/08/2025 12:44 pm, Jan Beulich wrote:
On 14.08.2025 13:42, Andrew Cooper wrote:
On 14/08/2025 12:20 pm, Jan Beulich wrote:
On 08.08.2025 22:23, Andrew Cooper
h check to live e.g. in compiler.h or any
similarly general header, since this is a widespread and largely
arch-neutral property that Xen wants to be always true I believe.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-08-14 21:37, Nicola Vetrini wrote:
On 2025-08-14 13:47, Andrew Cooper wrote:
On 14/08/2025 12:44 pm, Jan Beulich wrote:
On 14.08.2025 13:42, Andrew Cooper wrote:
On 14/08/2025 12:20 pm, Jan Beulich wrote:
On 08.08.2025 22:23, Andrew Cooper wrote:
--- a/xen/arch/x86/include/asm/x86
time allows. Is [1]
the right branch to look at?
[1]
https://gitlab.com/xen-project/hardware/xen-staging/-/commits/andrew/fred
~Andrew
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-08-14 09:36, Jan Beulich wrote:
On 08.08.2025 23:40, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -437,6 +437,10 @@ write or not"
# Series 13
#
+-doc_begin="Consider the asm instructi
On Thu, Aug 14, 2025, 10:08 Jan Beulich wrote:
> On 13.08.2025 21:12, nicola.vetr...@gmail.com wrote:
> > From: Nicola Vetrini
> >
> > The toolchain baseline for GCC is 5.1, which supports _Static_assert
> > in c99 mode
>
> Hmm, interesting. I can confirm t
From: Nicola Vetrini
Since the toolchain baseline for GCC is 5.1, there is no need for
this case.
Signed-off-by: Nicola Vetrini
---
Mentioned in https://gitlab.com/xen-project/xen/-/issues/201
---
xen/arch/x86/include/asm/x86_64/efibind.h | 4 +---
1 file changed, 1 insertion(+), 3 deletions
From: Nicola Vetrini
The GCC baseline version is 5.1, which supports __builtin_unreachable(),
therefore the alternative definition can be dropped
Signed-off-by: Nicola Vetrini
---
Mentioned in https://gitlab.com/xen-project/xen/-/issues/201
---
xen/include/xen/compiler.h | 4
1 file
From: Nicola Vetrini
Similar to e4a042062787, drop alternative defines for older GCC versions
Nicola Vetrini (3):
xen/compiler: drop alternative unreachable() definition for older GCC
xen/macros: Drop alternative definition of BUILD_BUG_ON(_ZERO)? for
old GCC
xen/efi: efibind: Drop
From: Nicola Vetrini
The toolchain baseline for GCC is 5.1, which supports _Static_assert
in c99 mode
No functional change.
Signed-off-by: Nicola Vetrini
---
Mentioned in https://gitlab.com/xen-project/xen/-/issues/201
---
xen/include/xen/macros.h | 8
1 file changed, 8 deletions
On 2025-08-13 09:41, Dmytro Prokopchuk1 wrote:
On 8/9/25 00:40, Nicola Vetrini wrote:
The rule states: "Initializer lists shall not contain persistent side
effects".
The specific way in which the 'mrs' instruction is used does not lead
to
visible side effects for the surro
s I made a patch a
while ago, but evidently I forgot to send it.
Signed-off-by: Dmytro Prokopchuk
Reviewed-by: Nicola Vetrini
---
Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1980129839
---
xen/arch/arm/traps.c | 2 +-
1 file changed, 1 insertion(+),
On 2025-08-12 09:25, Jan Beulich wrote:
On 11.08.2025 23:25, Nicola Vetrini wrote:
On 2025-08-11 22:30, Dmytro Prokopchuk1 wrote:
--- a/xen/arch/arm/decode.c
+++ b/xen/arch/arm/decode.c
@@ -178,6 +178,9 @@ static int decode_thumb(register_t pc, struct
hsr_dabt *dabt)
case 3: /* Signed
+}
diff --git a/xen/include/xen/macros.h b/xen/include/xen/macros.h
index cd528fbdb127..726ba221e0d8 100644
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -102,6 +102,8 @@
*/
#define sizeof_field(type, member) sizeof(((type *)NULL)->member)
+#define endof_field(type, member
ode_upd(param_2_parfs(parse_console_timestamps));
return 0;
+default:
+ASSERT_UNREACHABLE();
+break;
}
if ( *s == '\0' || /* Compat for old booleanparam() */
!strcmp(s, "date") )
And here as well.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
cate crash note buffers
+ * for a newly onlined CPU. Other actions do not pertain to
crash note allocation
+ * or memory preservation for kexec.
+ */
break;
}
return NOTIFY_DONE;
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-08-11 16:35, Roger Pau Monné wrote:
On Mon, Aug 11, 2025 at 11:37:46AM +0200, Nicola Vetrini wrote:
On 2025-08-11 09:47, Roger Pau Monné wrote:
> On Sun, Aug 10, 2025 at 03:03:53PM +0200, nicola.vetr...@gmail.com
> wrote:
> > From: Nicola Vetrini
> >
> > The enf
On 2025-08-11 09:47, Roger Pau Monné wrote:
On Sun, Aug 10, 2025 at 03:03:53PM +0200, nicola.vetr...@gmail.com
wrote:
From: Nicola Vetrini
The enforced toolchain baseline for clang is version 11,
therefore this logic is effectively dead code.
No functional change.
Signed-off-by: Nicola
On 2025-08-11 10:07, Andrew Cooper wrote:
On 10/08/2025 2:03 pm, nicola.vetr...@gmail.com wrote:
From: Nicola Vetrini
The enforced toolchain baseline for clang is version 11,
therefore this logic is effectively dead code.
No functional change.
Signed-off-by: Nicola Vetrini
Thanks for the
From: Nicola Vetrini
The enforced toolchain baseline for clang is version 11,
therefore this logic is effectively dead code.
No functional change.
Signed-off-by: Nicola Vetrini
---
Mentioned in https://gitlab.com/xen-project/xen/-/issues/201
---
xen/common/coverage/llvm.c | 4
xen
On 2025-08-08 23:40, Nicola Vetrini wrote:
Update configurations to adapt to the new syntax used by the newer
version of the tool in the GitLab runner.
Sorry, forgot to include the cover letter. See below.
From c4da2554d94c3f7bd4b1e460dcaa27db382ece2f Mon Sep 17 00:00:00 2001
Message-ID
Update configurations to adapt to the new syntax used by the newer
version of the tool in the GitLab runner.
No functional changes.
Signed-off-by: Nicola Vetrini
---
This will of course need coordination with me to update the runners
just before committing the patches, as any analysis done in
The rule states: "Initializer lists shall not contain persistent side effects".
The specific way in which the 'mrs' instruction is used does not lead to
visible side effects for the surrounding code.
Signed-off-by: Nicola Vetrini
---
Not yet tested on the Xen ECLAIR runner, a
The clean target also clears files outside the xen directory,
which is not needed for the purposes of running an analysis.
No functional change.
Reported-by: Andrew Cooper
Signed-off-by: Nicola Vetrini
---
automation/eclair_analysis/prepare.sh | 4 ++--
1 file changed, 2 insertions(+), 2
by: Dmytro Prokopchuk
Reviewed-by: Nicola Vetrini
---
Changes in v4:
- fixed formatting (aligned length chars per line)
- set 'ignored_macros' as a regex expression
- set a deviation restriction on xen/common/grant_table.c
- s/ensures/to ensure/
- fixed grammar errors
Link to v3:
htt
On 2025-08-05 15:22, Nicola Vetrini wrote:
On 2025-08-05 13:49, Dmytro Prokopchuk1 wrote:
On 7/31/25 19:09, Nicola Vetrini wrote:
On 2025-07-31 18:05, Andrew Cooper wrote:
On 31/07/2025 4:58 pm, Jan Beulich wrote:
On 31.07.2025 17:37, Andrew Cooper wrote:
On 31/07/2025 4:16 pm, Dmytro
On 2025-08-05 13:49, Dmytro Prokopchuk1 wrote:
On 7/31/25 19:09, Nicola Vetrini wrote:
On 2025-07-31 18:05, Andrew Cooper wrote:
On 31/07/2025 4:58 pm, Jan Beulich wrote:
On 31.07.2025 17:37, Andrew Cooper wrote:
On 31/07/2025 4:16 pm, Dmytro Prokopchuk1 wrote:
MISRA Rule 13.1: Initializer
n is to set a block of memory
to a specific value, not to use the pointer returned by the function."
But due to the large number of violations, it will be tricky to address
all of them.
I don't know, maybe the only right solution is to deviate all.
Thanks!
Dmytro.
--
Nicola Vet
;For now, configure Eclair to just
treat
...". Can adjust when committing, assuming an ack for the .ecl change
appears.
Signed-off-by: Dmytro Prokopchuk
Acked-by: Jan Beulich # docs
Feels weird to review my own ecl honestly, but for the sake of the patch
I verified that it
by: Dmytro Prokopchuk
Reviewed-by: Nicola Vetrini # ECLAIR
---
Changes in v4:
- fixed formatting (aligned length chars per line)
- set 'ignored_macros' as a regex expression
- set a deviation restriction on xen/common/grant_table.c
- s/ensures/to ensure/
- fixed grammar errors
Link to v3:
htt
a `current` in
their
parameter list.
I'll take a look. Likely yes, by adding a handful of properties. There
are subtleties, though.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
onal logic into a single,
reusable form;
+ which simplifies the code, avoids redundant function call.
What's "redundant" referring to here?
+ Also this bitops API was inherited from Linux and should be
kept for familiarity.
At least this line is clearly beyond 80 chars.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
ble finding the proper wording here, so feel free to
improve it. It's just to highlight that the code would be truly
unreachable in debug builds, so an assessor expecting violations there
won't find them because of this configuration.
~Andrew
--
Nicola Vetrini, B.Sc.
Software Enginee
On 2025-07-30 12:42, Nicola Vetrini wrote:
On 2025-07-30 11:50, Jan Beulich wrote:
On 28.07.2025 07:03, Jiqian Chen wrote:
+static int vpci_ext_capability_hide(
+const struct pci_dev *pdev, unsigned int cap)
+{
+const unsigned int offset = pci_find_ext_capability(pdev->sbdf,
is fine for R11.9 of course. As Andrew noted, I don't see the need
for the use of uintptr_t either.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-07-29 15:09, Jan Beulich wrote:
On 29.07.2025 15:02, Nicola Vetrini wrote:
On 2025-07-29 14:39, Jan Beulich wrote:
On 29.07.2025 14:21, Dmytro Prokopchuk1 wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -367,6
r I agree that adding that is
clearer.
I'm also on the edge of complaining again about the patch subject, as
that's
still not quite accurate: It's only one direction in which things are
safe.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-07-29 09:26, Jan Beulich wrote:
On 28.07.2025 21:17, Nicola Vetrini wrote:
On 2025-07-28 20:58, Dmytro Prokopchuk1 wrote:
It works.
The violation "non-compliant cast: implicit cast from
`void(*)(void*)'
to `void(*)(void*)'" is gone.
Great. Now what would be re
on void (*fp)(void*) as safe. This is because the
deviation actually just deviates void noreturn (*fp)(void*) -> void
(*fp)(void*)
This one is still way to imprecise, though. And I hope it's only this
description, not also the Eclair configuration item that's overly lax.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-07-28 20:58, Dmytro Prokopchuk1 wrote:
On 7/28/25 21:03, Dmytro Prokopchuk wrote:
On 7/28/25 20:43, Nicola Vetrini wrote:
On 2025-07-28 12:49, Andrew Cooper wrote:
On 28/07/2025 10:56 am, Jan Beulich wrote:
On 27.07.2025 22:27, Dmytro Prokopchuk1 wrote:
Explicitly cast
tested it yet, though, but on a toy example [1] it works.
[1]
void __attribute__((noreturn)) f(void *p) {
__builtin_abort();
}
void g(int x, void (*fp)(void *p)) {
if (x < 3) {
f((void*)x);
}
}
int main(int argc, char **argv) {
g(argc, f);
return 0;
}
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
pile-time,
+ effectively discarding unused parameters to avoid warnings or
errors
+ related to unused arguments.
+ - Specified macro should be ignored.
... here it again isn't.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
on is
general, which is not
* - R5.6
- The type ret_t is deliberately defined multiple times depending
on the
type of guest to service.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
clean pipeline. Assuming you have it:
Acked-by: Stefano Stabellini
Reviewed-by: Nicola Vetrini
Yes, sure.
Below is the pipeline link:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1943820512
Dmytro
---
automation/eclair_analysis/ECLAIR/tagging.ecl | 3 +++
1 file
);
list_for_each_entry_rcu ( iter, &virtual_region_list, list )
{
-if ( (void *)addr >= iter->text_start &&
- (void *)addr < iter->text_end )
+ if ( addr >= (unsigned long)iter->text_start &&
+ addr < (unsigned
On 2025-07-23 16:37, Jan Beulich wrote:
... to be in line with Misra rule 8.2 requirements.
Fixes: 6ff0cfbfd4f7 ("mm: allow page scrubbing routine(s) to be arch
controlled")
Signed-off-by: Jan Beulich
Reviewed-by: Nicola Vetrini
---
The offending patch had been pending for
The rule states: "Function types shall be in prototype form
with named parameters". Add missing parameter names.
Fixes: 6ff0cfbfd4f7 ("mm: allow page scrubbing routine(s) to be arch
controlled")
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/include/asm/page.h | 4 ++-
21.11
-enable=MC3A2.R21.12
-enable=MC3A2.R21.13
+-enable=MC3A2.R21.14
+-enable=MC3A2.R21.15
+-enable=MC3A2.R21.16
-enable=MC3A2.R21.17
-enable=MC3A2.R21.18
-enable=MC3A2.R21.19
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-07-21 11:25, Jan Beulich wrote:
On 21.07.2025 10:16, Nicola Vetrini wrote:
On 2025-07-21 08:41, Jan Beulich wrote:
On 18.07.2025 22:25, Andrew Cooper wrote:
This moves the exception path to being out-of-line within the
function, rather
than in the .fixup section, which improves
olatile ( \
+ "xor %k[ok], %k[ok]\n\t"\
+"mov %k[ok], %%" #seg \
+: [ok] "=r" (all_segs_okay) ); \
Purely formally I think you need "=&r" here now.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-07-18 11:28, Dmytro Prokopchuk1 wrote:
On 7/18/25 12:17, Dmytro Prokopchuk wrote:
On 7/18/25 08:31, Jan Beulich wrote:
On 17.07.2025 22:47, Dmytro Prokopchuk1 wrote:
On 4/23/25 20:54, victorm.l...@amd.com wrote:
From: Nicola Vetrini
MISRA C Rules 21.1 ("#define and #undef
7;t expect these reports to have locations
outside those header files, so this should have the same effect but with
a narrower deviation.
Dmytro.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
orgotten about the change here. At least to me, _this_ is the
confusing
way to write things.
Once you add a comment though, you can as well leave the code unchanged
and use a SAF comment.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-07-12 03:13, Stefano Stabellini wrote:
On Fri, 11 Jul 2025, Nicola Vetrini wrote:
On 2025-07-09 23:38, Dmytro Prokopchuk1 wrote:
> MISRA C Rule 5.5 states that: "Identifiers shall
> be distinct from macro names".
>
> Update ECLAIR configuration to deviate:
>
t
functions and needed
+ to have a function-like macro that acts as a wrapper for the
function to be
+ called. Before calling the function, the macro adds additional
checks or
+ adjusts the number of parameters depending on the
configuration.
+ - Tagged as `deliberate` for
On 2025-07-09 13:41, Nicola Vetrini wrote:
On 2025-07-09 12:10, Jan Beulich wrote:
This addresses a Misra rule 8.4 ("A compatible declaration shall be
visible when an object or function with external linkage is defined")
violation.
Fixes: a16f2b3e0669 ("xen/pmstat: introdu
lich
Reviewed-by: Nicola Vetrini
Perhaps a comment with the offending function would have been helpful
(do_pm_op).
--- a/xen/drivers/acpi/pm-op.c
+++ b/xen/drivers/acpi/pm-op.c
@@ -5,6 +5,7 @@
#include
#include
#include
+#include
#include
#include
--
Nicola Vetrini, B.Sc.
Softw
,
therefore the address that needs to be printed in GitLab analysis logs
is that of the public url, rather than the location where they are stored.
Signed-off-by: Alessandro Zucchelli
Signed-off-by: Nicola Vetrini
---
Changes in V2:
- Use single variable for eclair_report host and port
last email in the thread). If you are
able to address those concerns, then maybe this can be upstreamed.
Thanks,
Nicola
On 4/23/25 20:54, victorm.l...@amd.com wrote:
From: Nicola Vetrini
MISRA C Rules 21.1 ("#define and #undef shall not be used on a
reserved identifier or reserved
On 2025-06-26 12:08, Anthony PERARD wrote:
On Thu, Jun 26, 2025 at 08:38:18AM +0200, Nicola Vetrini wrote:
diff --git a/automation/eclair_analysis/ECLAIR/action.settings
b/automation/eclair_analysis/ECLAIR/action.settings
index 1577368b613b..f822f0ea66d7 100644
--- a/automation/eclair_analysis
for asm-generic headers")
Reported-by: Jan Beulich
Signed-off-by: Nicola Vetrini
---
xen/scripts/Makefile.asm-generic | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/scripts/Makefile.asm-generic b/xen/scripts/Makefile.asm-generic
index f6850758c54b..4e628e116adf 10064
ially enum type"
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
Currently, the URL where the ECLAIR MISRA C scan reports are saved
is hardcoded; making it configurable allows multiple runners and storage
servers to be used without resorting to publishing all artifacts
to the same report server.
Signed-off-by: Alessandro Zucchelli
Signed-off-by: Nicola
On 2025-06-23 10:20, Jan Beulich wrote:
On 23.06.2025 09:51, Jan Beulich wrote:
On 21.06.2025 11:58, Nicola Vetrini wrote:
Dashes were wrongly not translated into underscores, thus generating
an unexpected guard identifier.
Fixes: ee79f378311b ("xen: add header guards to generated asm ge
nner.sed
+++ b/xen/tools/process-banner.sed
@@ -12,3 +12,8 @@ s_(.*)_"\1\\n"_
# Trailing \ on all but the final line.
$!s_$_ \\_
+
+# Append closing header guard
+$a\
+\
+#endif /* XEN_COMPILE_H */
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
Dashes were wrongly not translated into underscores, thus generating
an unexpected guard identifier.
Fixes: ee79f378311b ("xen: add header guards to generated asm generic headers")
Signed-off-by: Nicola Vetrini
---
xen/scripts/Makefile.asm-generic | 2 +-
1 file changed, 1 inser
On 2025-06-18 17:18, Roger Pau Monné wrote:
On Fri, Jun 06, 2025 at 02:27:09PM -0700, victorm.l...@amd.com wrote:
From: Nicola Vetrini
The marked functions never return to their caller, but lack the
`noreturn' attribute.
Functions that never return should be declared with a `nor
dom0 and domU */
+{
+.caps = CAP_PV | CAP_HWDOM | CAP_DOMU,
Just to double check - are we sure Misra / Eclair will like this
(ab)use
of an enum?
Jan
Likely not, but x86_64 is build with CONFIG_PV=n
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugsen
DLE(uint32));
#endif
int arch_acpi_set_pdc_bits(u32 acpi_id, u32 *, u32 mask);
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-06-06 09:26, Jan Beulich wrote:
On 06.06.2025 09:12, Nicola Vetrini wrote:
On 2025-06-06 01:39, Stefano Stabellini wrote:
On Thu, 5 Jun 2025, Jan Beulich wrote:
On 05.06.2025 01:35, Stefano Stabellini wrote:
From: Alessandro Zucchelli
MISRA C Rule 21.16 states the following: &quo
== 1 || mpf->mpf_specification == 4)) {
> + if (strncmp(mpf->mpf_signature, "_MP_", 4) == 0 &&
> +mpf->mpf_length == 1 &&
> +mpf_checksum((void *)mpf, 16) &&
> +(mpf->mpf_specification == 1 || mpf->mpf_specification == 4)) {
>smp_found_config = true;
>printk(KERN_INFO "SMP MP-table at %08lx\n", efi.mps);
>mpf_found = mpf;
There are extra (indentation) changes here which ought to be dropped.
Yes
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-06-05 09:17, Jan Beulich wrote:
On 05.06.2025 01:49, victorm.l...@amd.com wrote:
From: Nicola Vetrini
Function `reboot_machine' does not return, but lacks the `noreturn'
attribute,
therefore causing a violation of MISRA C Rule 2.1: "A project shall
not contain
u
On 2025-06-05 14:22, Nicola Vetrini wrote:
On 2025-06-05 09:17, Jan Beulich wrote:
On 05.06.2025 01:49, victorm.l...@amd.com wrote:
From: Nicola Vetrini
Function `reboot_machine' does not return, but lacks the `noreturn'
attribute,
therefore causing a violation of MISRA C Ru
.yaml?ref_type=heads
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On 2025-05-25 15:36, Nicola Vetrini wrote:
On 2025-05-25 12:52, Andrew Cooper wrote:
On 25/05/2025 8:34 am, Nicola Vetrini wrote:
On 2025-05-22 15:49, Andrew Cooper wrote:
On 22/05/2025 1:45 pm, Nicola Vetrini wrote:
On 2025-05-21 20:00, Andrew Cooper wrote:
On 21/05/2025 3:36 pm, Andrew
On 2025-05-25 12:52, Andrew Cooper wrote:
On 25/05/2025 8:34 am, Nicola Vetrini wrote:
On 2025-05-22 15:49, Andrew Cooper wrote:
On 22/05/2025 1:45 pm, Nicola Vetrini wrote:
On 2025-05-21 20:00, Andrew Cooper wrote:
On 21/05/2025 3:36 pm, Andrew Cooper wrote:
diff --git a/xen/arch/x86
On 2025-05-22 15:49, Andrew Cooper wrote:
On 22/05/2025 1:45 pm, Nicola Vetrini wrote:
On 2025-05-21 20:00, Andrew Cooper wrote:
On 21/05/2025 3:36 pm, Andrew Cooper wrote:
diff --git a/xen/arch/x86/include/asm/msr.h
b/xen/arch/x86/include/asm/msr.h
index 0d3b1d637488..4c4f18b3a54d 100644
On 2025-05-23 14:57, Andrew Cooper wrote:
On 23/05/2025 8:20 am, Nicola Vetrini wrote:
No functional change.
Signed-off-by: Nicola Vetrini
Ah, very nice and easy.
Acked-by: Andrew Cooper
Is this dependent on the updated Eclair, or can it go in now?
Hi Andrew,
it's independent o
1 - 100 of 1189 matches
Mail list logo
