@@ -327,6 +327,34 @@ therefore have the same behavior of a boolean"
-config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
-doc_end
+#
+# Series 16.
+#
+
+-doc_begin="Switch clauses ending with continue, goto, return statements are
+safe."
+-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
+-doc_end
+
+-doc_begin="Switch clauses ending with a call to a function that does not give
+the control back (i.e., a function with attribute noreturn) are safe."
+-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
+-doc_end
+
+-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
+safe."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
+-doc_end
+
+-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
+-doc_end
+
+-doc_begin="Switch clauses not ending with the break statement are safe if an
+explicit comment indicating the fallthrough intention is present."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
+-doc_end
+
#
# Series 20.
#
@@ -276,6 +276,38 @@ Deviations related to MISRA C:2012 Rules:
therefore have the same behavior of a boolean.
- Project-wide deviation; tagged as `deliberate` for ECLAIR.
+ * - R16.3
+ - Switch clauses ending with continue, goto, return statements are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Switch clauses ending with a call to a function that does not give
+ the control back (i.e., a function with attribute noreturn) are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Switch clauses ending with pseudo-keyword \"fallthrough\" are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Switch clauses ending with failure method \"BUG()\" are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Existing switch clauses not ending with the break statement are safe if
+ an explicit comment indicating the fallthrough intention is present.
+ However, the use of such comments in new code is deprecated:
+ the pseudo-keyword "fallthrough" shall be used.
+ - Tagged as `safe` for ECLAIR. The accepted comments are:
+ - /\* fall through \*/
+ - /\* fall through. \*/
+ - /\* fallthrough \*/
+ - /\* fallthrough. \*/
+ - /\* Fall through \*/
+ - /\* Fall through. \*/
+ - /\* Fallthrough \*/
+ - /\* Fallthrough. \*/
+
* - R20.7
- Code violating Rule 20.7 is safe when macro parameters are used:
(1) as function arguments;
MISRA C:2012 Rule 16.3 states that an unconditional break statement shall terminate every switch-clause. Update ECLAIR configuration to take into account: - continue, goto, return statements; - functions with attribute noreturn; - pseudo-keyword fallthrough; - macro BUG(); - comments. Update docs/misra/deviations.rst accordingly. Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> --- Changes in v3: - added bullet point for pseudo-keyword fallthrough; - mentioned noreturn attribute; - fixed typo. --- Changes in v2: - applied suggestions coming from https://lists.xenproject.org/archives/html/xen-devel/2023-12/msg00957.html --- .../eclair_analysis/ECLAIR/deviations.ecl | 28 ++++++++++++++++ docs/misra/deviations.rst | 32 +++++++++++++++++++ 2 files changed, 60 insertions(+)