| Message ID | 2328b1a43f8bc4c9a9303c46f8eba2847c67a713.1712305581.git.nicola.vetrini@bugseng.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | address violations of MISRA C Rule 16.2 | expand |
On 05.04.2024 11:14, Nicola Vetrini wrote: > MISRA C Rule 16.2 states: > "A switch label shall only be used when the most closely-enclosing > compound statement is the body of a switch statement". > > The PROGRESS_VCPU local helper specifies a case that is directly > inside the compound statement of a for loop, hence violating the rule. > To avoid this, the construct is deviated with a text-based deviation. > > No functional change. > > Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com> Acked-by: Jan Beulich <jbeulich@suse.com> > I chose a text-based deviation, rather than exempting PROGRESS_VCPU, > because it's more refined and it's unlikely that more violations > are introduced, since the rule has only very few violations left on > both ARM and x86. This same kind of construct is likely to appear in arch-specific domain cleanup code, sooner or later. The same SAF comment can then be used there. Jan
diff --git a/docs/misra/safe.json b/docs/misra/safe.json index d361d0e65ceb..64178ba2ef7d 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -36,6 +36,14 @@ }, { "id": "SAF-4-safe", + "analyser": { + "eclair": "MC3R1.R16.2" + }, + "name": "MC3R1.R16.2: using a case label when the most closely-enclosing compound statement is not a switch statement", + "text": "A switch label enclosed by some compound statement that is not the body of a switch is permitted within local helper macros that are unlikely to be misused or misunderstood." + }, + { + "id": "SAF-5-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/common/domain.c b/xen/common/domain.c index ceb44c826685..1388b9e7cefa 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -457,6 +457,7 @@ static int domain_teardown(struct domain *d) for_each_vcpu ( d, v ) { + /* SAF-4-safe MISRA C Rule 16.2: switch label enclosed by for loop*/ PROGRESS_VCPU(teardown); rc = vcpu_teardown(v);
MISRA C Rule 16.2 states: "A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement". The PROGRESS_VCPU local helper specifies a case that is directly inside the compound statement of a for loop, hence violating the rule. To avoid this, the construct is deviated with a text-based deviation. No functional change. Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com> --- I chose a text-based deviation, rather than exempting PROGRESS_VCPU, because it's more refined and it's unlikely that more violations are introduced, since the rule has only very few violations left on both ARM and x86. --- docs/misra/safe.json | 8 ++++++++ xen/common/domain.c | 1 + 2 files changed, 9 insertions(+)