Message ID | alpine.DEB.2.22.394.2311131540490.160649@ubuntu-linux-20-04-desktop (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | docs/misra: add R11.1 R11.2 R11.3 R11.6 | expand |
On 14.11.2023 00:44, Stefano Stabellini wrote: > --- a/docs/misra/rules.rst > +++ b/docs/misra/rules.rst > @@ -383,6 +383,38 @@ maintainers if you want to suggest a change. > > CFLAGS="-Warith-conversion -Wno-error=arith-conversion" make -C xen > > + * - `Rule 11.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_01.c>`_ > + - Required > + - Conversions shall not be performed between a pointer to a > + function and any other type > + - All conversions to integer types are permitted if the destination > + type has enough bits to hold the entire value. Conversions to > + bool and void* are permitted. > + > + * - `Rule 11.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_02.c>`_ > + - Required > + - Conversions shall not be performed between a pointer to an > + incomplete type and any other type > + - All conversions to integer types are permitted if the destination > + type has enough bits to hold the entire value. Conversions to > + bool and void* are permitted. Assuming the rule's exception 2 really means void, not void*, the mentioning of void* here is still fine. > + * - `Rule 11.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_03.c>`_ > + - Required > + - A cast shall not be performed between a pointer to object type > + and a pointer to a different object type > + - All conversions to integer types are permitted if the destination > + type has enough bits to hold the entire value. Conversions to > + bool and void* are permitted. Here and ... > + * - `Rule 11.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_06.c>`_ > + - Required > + - A cast shall not be performed between pointer to void and an > + arithmetic type > + - All conversions to integer types are permitted if the destination > + type has enough bits to hold the entire value. Conversions to > + bool and void* are permitted. ... here, however I consider its mentioning misleading: "void" is neither an object type nor an arithmetic one. Jan
On Tue, 14 Nov 2023, Jan Beulich wrote: > On 14.11.2023 00:44, Stefano Stabellini wrote: > > --- a/docs/misra/rules.rst > > +++ b/docs/misra/rules.rst > > @@ -383,6 +383,38 @@ maintainers if you want to suggest a change. > > > > CFLAGS="-Warith-conversion -Wno-error=arith-conversion" make -C xen > > > > + * - `Rule 11.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_01.c>`_ > > + - Required > > + - Conversions shall not be performed between a pointer to a > > + function and any other type > > + - All conversions to integer types are permitted if the destination > > + type has enough bits to hold the entire value. Conversions to > > + bool and void* are permitted. > > + > > + * - `Rule 11.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_02.c>`_ > > + - Required > > + - Conversions shall not be performed between a pointer to an > > + incomplete type and any other type > > + - All conversions to integer types are permitted if the destination > > + type has enough bits to hold the entire value. Conversions to > > + bool and void* are permitted. > > Assuming the rule's exception 2 really means void, not void*, the mentioning > of void* here is still fine. > > > + * - `Rule 11.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_03.c>`_ > > + - Required > > + - A cast shall not be performed between a pointer to object type > > + and a pointer to a different object type > > + - All conversions to integer types are permitted if the destination > > + type has enough bits to hold the entire value. Conversions to > > + bool and void* are permitted. > > Here and ... > > > + * - `Rule 11.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_06.c>`_ > > + - Required > > + - A cast shall not be performed between pointer to void and an > > + arithmetic type > > + - All conversions to integer types are permitted if the destination > > + type has enough bits to hold the entire value. Conversions to > > + bool and void* are permitted. > > ... here, however I consider its mentioning misleading: "void" is neither > an object type nor an arithmetic one. Yes I think here it is misleading. I'll remove the mention of void* for Rule 11.6. I'll keep it for Rule 11.1 and 11.2. For Rule 11.3, I think I should remove the entire note as it is not helpful. --- [PATCH v2] docs/misra: add R11.1 R11.2 R11.3 R11.6 Add MISRA C Rules 11.1, 11.2, 11.3, 11.6 as discussed. Explicitly add in the notes that conversions to integer types are permitted if the destination type has enough bits to hold the entire value. GCC gives enough guarantees in terms of preserving the bit content in such situations. Also allow for bool conversions (e.g. to check if a function point is valid). Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com> diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index aa65eb4dd0..da343ab3ac 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -383,6 +383,36 @@ maintainers if you want to suggest a change. CFLAGS="-Warith-conversion -Wno-error=arith-conversion" make -C xen + * - `Rule 11.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_01.c>`_ + - Required + - Conversions shall not be performed between a pointer to a + function and any other type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool and void* are permitted. + + * - `Rule 11.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_02.c>`_ + - Required + - Conversions shall not be performed between a pointer to an + incomplete type and any other type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool and void* are permitted. + + * - `Rule 11.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_03.c>`_ + - Required + - A cast shall not be performed between a pointer to object type + and a pointer to a different object type + - + + * - `Rule 11.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_06.c>`_ + - Required + - A cast shall not be performed between pointer to void and an + arithmetic type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool are permitted. + * - `Rule 11.7 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_07.c>`_ - Required - A cast shall not be performed between pointer to object and a noninteger arithmetic type
On 14.11.2023 23:37, Stefano Stabellini wrote: > [PATCH v2] docs/misra: add R11.1 R11.2 R11.3 R11.6 > > Add MISRA C Rules 11.1, 11.2, 11.3, 11.6 as discussed. > > Explicitly add in the notes that conversions to integer types are > permitted if the destination type has enough bits to hold the entire > value. GCC gives enough guarantees in terms of preserving the bit > content in such situations. > > Also allow for bool conversions (e.g. to check if a function point is > valid). > > Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com> Acked-by: Jan Beulich <jbeulich@suse.com>
diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index aa65eb4dd0..8c49b81085 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -383,6 +383,38 @@ maintainers if you want to suggest a change. CFLAGS="-Warith-conversion -Wno-error=arith-conversion" make -C xen + * - `Rule 11.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_01.c>`_ + - Required + - Conversions shall not be performed between a pointer to a + function and any other type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool and void* are permitted. + + * - `Rule 11.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_02.c>`_ + - Required + - Conversions shall not be performed between a pointer to an + incomplete type and any other type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool and void* are permitted. + + * - `Rule 11.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_03.c>`_ + - Required + - A cast shall not be performed between a pointer to object type + and a pointer to a different object type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool and void* are permitted. + + * - `Rule 11.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_06.c>`_ + - Required + - A cast shall not be performed between pointer to void and an + arithmetic type + - All conversions to integer types are permitted if the destination + type has enough bits to hold the entire value. Conversions to + bool and void* are permitted. + * - `Rule 11.7 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_07.c>`_ - Required - A cast shall not be performed between pointer to object and a noninteger arithmetic type
Add MISRA C Rules 11.1, 11.2, 11.3, 11.6 as discussed. Explicitly add in the notes that conversions to integer types are permitted if the destination type has enough bits to hold the entire value. GCC gives enough guarantees in terms of preserving the bit content in such situations. Also allow for bool conversions (e.g. to check if a function point is valid). Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>