Re: [PATCH] arm/gic_v3: fix MISRA C R2.1 violations in gicv3_do_LPI()

Tue, 09 Dec 2025 17:01:36 -0800 

On Mon, 29 Sep 2025, Dmytro Prokopchuk1 wrote:
> The function 'gicv3_do_LPI()' violates MISRA C 2012 Rule 2.1, which states:
> "A project shall not contain unreachable code." This is due to the use of
> the 'BUG()' macro, which causes the function to never return.
> 
> This behavior is intentional and safe within the specific build configuration
> defined by 'CONFIG_HAS_ITS'. The 'BUG()' macro handles irrecoverable error
> conditions where LPIs must not occur without an ITS enabled.
> 
> A SAF comment has been added to document the justification for this violation,
> stating that it is safe within the context of the Xen project.
> 
> Signed-off-by: Dmytro Prokopchuk <[email protected]>
> ---
> Test CI pipeline:
> https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2070455717
> ---
>  docs/misra/safe.json                  | 8 ++++++++
>  xen/arch/arm/include/asm/gic_v3_its.h | 1 +
>  2 files changed, 9 insertions(+)
> 
> diff --git a/docs/misra/safe.json b/docs/misra/safe.json
> index 3584cb90c6..4c227c1e8b 100644
> --- a/docs/misra/safe.json
> +++ b/docs/misra/safe.json
> @@ -124,6 +124,14 @@
>          },
>          {
>              "id": "SAF-15-safe",
> +            "analyser": {
> +                "eclair": "MC3A2.R2.1"
> +            },
> +            "name": "Rule 2.1: Unreachable code",
> +            "text": "It is safe because the BUG() macro is intentionally 
> used to terminate execution when LPIs are enabled without an ITS."
> +        },
> +        {
> +            "id": "SAF-16-safe",
>              "analyser": {},
>              "name": "Sentinel",
>              "text": "Next ID to be used"
> diff --git a/xen/arch/arm/include/asm/gic_v3_its.h 
> b/xen/arch/arm/include/asm/gic_v3_its.h
> index fc5a84892c..672dae7ac3 100644
> --- a/xen/arch/arm/include/asm/gic_v3_its.h
> +++ b/xen/arch/arm/include/asm/gic_v3_its.h
> @@ -229,6 +229,7 @@ static inline unsigned int vgic_v3_its_count(const struct 
> domain *d)
>      return 0;
>  }
>  
> +/* SAF-15-safe */
>  static inline void gicv3_do_LPI(unsigned int lpi)
>  {
>      /* We don't enable LPIs without an ITS. */

Please replace the BUG with ASSERT_UNRECHEABLE and it should resolve the
problem without needed the extra deviation

> -- 
> 2.43.0
>

Reply via email to