| Message ID | 1e44047e767431c32621ae44d3121bc2152b3cb5.1710145041.git.simone.ballarin@bugseng.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | xen: address violation of MISRA C:2012 Directive 4.10 | expand |
On 11.03.2024 09:59, Simone Ballarin wrote: > --- a/docs/misra/safe.json > +++ b/docs/misra/safe.json > @@ -52,6 +52,14 @@ > }, > { > "id": "SAF-6-safe", > + "analyser": { > + "eclair": "MC3R1.D4.10" > + }, > + "name": "Dir 4.10: file intended for multiple inclusion", > + "text": "Files intended for multiple inclusion are not supposed to comply with D4.10." > + }, There's an overlap with SAF-3-safe as added by patch 01. What's the reason separate entries are needed? > --- a/xen/arch/x86/include/asm/compat.h > +++ b/xen/arch/x86/include/asm/compat.h > @@ -2,6 +2,9 @@ > * compat.h > */ > > +#ifndef ASM_X86_COMPAT_H > +#define ASM_X86_COMPAT_H > + > #ifdef CONFIG_COMPAT > > #define COMPAT_BITS_PER_LONG 32 > @@ -18,3 +21,5 @@ int switch_compat(struct domain *); > #include <xen/errno.h> > static inline int switch_compat(struct domain *d) { return -EOPNOTSUPP; } > #endif > + > +#endif /* ASM_X86_COMPAT_H */ I'd be happy to ack this change; once again an indication that dissimilar changes would better not be munged in a single patch. Such a patch, btw, also shouldn't come with "x86/asm:" as a subject prefix - there's nothing assembly-ish here; asm/ as a directory name is Linux heritage, without that being a "component" in any way. > --- a/xen/arch/x86/include/asm/cpufeatures.h > +++ b/xen/arch/x86/include/asm/cpufeatures.h > @@ -1,7 +1,4 @@ > -/* > - * Explicitly intended for multiple inclusion. > - */ > - > +/* SAF-6-safe file intended for multiple inclusion */ > #include <xen/lib/x86/cpuid-autogen.h> With the blank line removed the comment, by convention of how these comments are placed, applies to the #include directive, which is wrong. > --- a/xen/arch/x86/include/asm/efibind.h > +++ b/xen/arch/x86/include/asm/efibind.h > @@ -1,2 +1,7 @@ > +#ifndef ASM_X86_EFIBIND_H > +#define ASM_X86_EFIBIND_H > + > #include <xen/types.h> > #include <asm/x86_64/efibind.h> > + > +#endif /* ASM_X86_EFIBIND_H */ This could go with the compat.h change above. > --- a/xen/include/Makefile > +++ b/xen/include/Makefile > @@ -104,10 +104,16 @@ $(obj)/compat/.xlat/%.lst: $(srcdir)/xlat.lst FORCE > xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(srcdir)/xlat.lst | uniq) > xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) > > +ARCHDIR = $(shell echo $(SRCARCH) | tr a-z A-Z) Didn't the earlier patch introduce ARCHDIR already, just elsewhere? This would better be done once in a central place then, maybe in scripts/Kbuild.include. > quiet_cmd_xlat_h = GEN $@ > -cmd_xlat_h = \ > - cat $(filter %.h,$^) >$@.new; \ > +define cmd_xlat_h > + echo "#ifndef ASM_$(ARCHDIR)_COMPAT_XLAT_H" > $@.new; \ > + echo "#define ASM_$(ARCHDIR)_COMPAT_XLAT_H" >> $@.new; \ > + cat $(filter %.h,$^) >> $@.new; \ > + echo "#endif /* ASM_$(ARCHDIR)_COMPAT_XLAT_H */" >> $@.new; \ > mv -f $@.new $@ > +endef I'm unclear about the move from "=" to "define". Readability isn't really helped, is it? Jan
diff --git a/docs/misra/safe.json b/docs/misra/safe.json index 363c9e21b0..13208d18ec 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -52,6 +52,14 @@ }, { "id": "SAF-6-safe", + "analyser": { + "eclair": "MC3R1.D4.10" + }, + "name": "Dir 4.10: file intended for multiple inclusion", + "text": "Files intended for multiple inclusion are not supposed to comply with D4.10." + }, + { + "id": "SAF-7-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/arch/x86/include/asm/compat.h b/xen/arch/x86/include/asm/compat.h index 818cad87db..36e7750843 100644 --- a/xen/arch/x86/include/asm/compat.h +++ b/xen/arch/x86/include/asm/compat.h @@ -2,6 +2,9 @@ * compat.h */ +#ifndef ASM_X86_COMPAT_H +#define ASM_X86_COMPAT_H + #ifdef CONFIG_COMPAT #define COMPAT_BITS_PER_LONG 32 @@ -18,3 +21,5 @@ int switch_compat(struct domain *); #include <xen/errno.h> static inline int switch_compat(struct domain *d) { return -EOPNOTSUPP; } #endif + +#endif /* ASM_X86_COMPAT_H */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index c3aad21c3b..a65754d553 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -1,7 +1,4 @@ -/* - * Explicitly intended for multiple inclusion. - */ - +/* SAF-6-safe file intended for multiple inclusion */ #include <xen/lib/x86/cpuid-autogen.h> /* Number of capability words covered by the featureset words. */ diff --git a/xen/arch/x86/include/asm/efibind.h b/xen/arch/x86/include/asm/efibind.h index bce02f3707..75684742be 100644 --- a/xen/arch/x86/include/asm/efibind.h +++ b/xen/arch/x86/include/asm/efibind.h @@ -1,2 +1,7 @@ +#ifndef ASM_X86_EFIBIND_H +#define ASM_X86_EFIBIND_H + #include <xen/types.h> #include <asm/x86_64/efibind.h> + +#endif /* ASM_X86_EFIBIND_H */ diff --git a/xen/include/Makefile b/xen/include/Makefile index a77c9ffb7e..e777921eb1 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -104,10 +104,16 @@ $(obj)/compat/.xlat/%.lst: $(srcdir)/xlat.lst FORCE xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(srcdir)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) +ARCHDIR = $(shell echo $(SRCARCH) | tr a-z A-Z) + quiet_cmd_xlat_h = GEN $@ -cmd_xlat_h = \ - cat $(filter %.h,$^) >$@.new; \ +define cmd_xlat_h + echo "#ifndef ASM_$(ARCHDIR)_COMPAT_XLAT_H" > $@.new; \ + echo "#define ASM_$(ARCHDIR)_COMPAT_XLAT_H" >> $@.new; \ + cat $(filter %.h,$^) >> $@.new; \ + echo "#endif /* ASM_$(ARCHDIR)_COMPAT_XLAT_H */" >> $@.new; \ mv -f $@.new $@ +endef $(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) FORCE $(call if_changed,xlat_h)
Amend generation script, add inclusion guards to address violations of MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order to prevent the contents of a header file being included more than once"). This patch amends the Makefile adding the required inclusion guards for xlat.h. Add deviation comment for files intended for multiple inclusion. Signed-off-by: Simone Ballarin <simone.ballarin@bugseng.com> Signed-off-by: Maria Celeste Cesario <maria.celeste.cesario@bugseng.com> --- Changes in v3: - fix inconsistent deviation ID - remove trailing underscores Changes in v2: - merge patches 7/13 and 13/13 of v1 as they had the same commit message - amend the Makefile to produce the required inclusion guard - use the format introduced with doc/misra/safe.json instead of a generic text-based deviation --- docs/misra/safe.json | 8 ++++++++ xen/arch/x86/include/asm/compat.h | 5 +++++ xen/arch/x86/include/asm/cpufeatures.h | 5 +---- xen/arch/x86/include/asm/efibind.h | 5 +++++ xen/include/Makefile | 10 ++++++++-- 5 files changed, 27 insertions(+), 6 deletions(-)