Message ID | 854747a97c4c7a70bfe1a30a038f2cc6aebfb566.1702555387.git.maria.celeste.cesario@bugseng.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | xen: address violations of MISRA C:2012 Rule 11.8 | expand |
On 14.12.2023 13:07, Simone Ballarin wrote: > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -292,6 +292,18 @@ constant expressions are required.\"" > # Series 11 > # > > +-doc_begin="Violations caused by container_of are due to pointer arithmetic operations > +with the provided offset. The resulting pointer is then immediately cast back to its > +original type, which preserves the qualifier. This use can be deemed as safe. > +Fixing this violation would require to increase code complexity and lower readability." > +-config=MC3R1.R11.8,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"} > +-doc_end > + > +-doc_begin="This function is made to explicitly cast an error-valued pointer to a void > +pointer type to make it clear that's what's going on, so the violation is deliberate." > +-config=MC3R1.R11.8,reports+={deliberate,"all_area(context(^ERR_CAST\\(.*$))"} > +-doc_end While the wording is okay here, ... > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -248,6 +248,19 @@ Deviations related to MISRA C:2012 Rules: > If no bits are set, 0 is returned. > - Tagged as `safe` for ECLAIR. > > + * - R11.8 > + - Violations caused by container_of are due to pointer arithmetic operations > + with the provided offset. The resulting pointer is then immediately cast back to its > + original type, which preserves the qualifier. This use can be deemed as safe. > + Fixing this violation would require to increase code complexity and lower readability. > + - Tagged as `safe` for ECLAIR. > + > + * - R11.8 > + - This function is made to explicitly cast an error-valued pointer to a > + void pointer type to make it clear that's what's going on, so the > + violation is deliberate. > + - Tagged ad `deliberate` for ECLAIR. ... "This function" here is entirely unclear. However, seeing ERR_CAST() has no users, wouldn't we be better off simply removing it? (Otherwise, nit: "Tagged as ...".) Jan
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 683f2bbfe8..d3e32a6ac8 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -292,6 +292,18 @@ constant expressions are required.\"" # Series 11 # +-doc_begin="Violations caused by container_of are due to pointer arithmetic operations +with the provided offset. The resulting pointer is then immediately cast back to its +original type, which preserves the qualifier. This use can be deemed as safe. +Fixing this violation would require to increase code complexity and lower readability." +-config=MC3R1.R11.8,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"} +-doc_end + +-doc_begin="This function is made to explicitly cast an error-valued pointer to a void +pointer type to make it clear that's what's going on, so the violation is deliberate." +-config=MC3R1.R11.8,reports+={deliberate,"all_area(context(^ERR_CAST\\(.*$))"} +-doc_end + -doc_begin="This construct is used to check if the type is scalar, and for this purpose the use of 0 as a null pointer constant is deliberate." -config=MC3R1.R11.9,reports+={deliberate, "any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))" } diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index eda3c8100c..98733d636d 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -248,6 +248,19 @@ Deviations related to MISRA C:2012 Rules: If no bits are set, 0 is returned. - Tagged as `safe` for ECLAIR. + * - R11.8 + - Violations caused by container_of are due to pointer arithmetic operations + with the provided offset. The resulting pointer is then immediately cast back to its + original type, which preserves the qualifier. This use can be deemed as safe. + Fixing this violation would require to increase code complexity and lower readability. + - Tagged as `safe` for ECLAIR. + + * - R11.8 + - This function is made to explicitly cast an error-valued pointer to a + void pointer type to make it clear that's what's going on, so the + violation is deliberate. + - Tagged ad `deliberate` for ECLAIR. + * - R11.9 - __ACCESS_ONCE uses an integer, which happens to be zero, as a compile time check. The typecheck uses a cast. The usage of zero or other