@@ -393,6 +393,12 @@ Fixing this violation would require to increase code complexity and lower readab
-config=MC3A2.R11.8,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"}
-doc_end
+-doc_begin="Function __hvm_copy in xen/arch/x86/hvm/hvm.c is a double-use
+function, where the parameter needs to not be const because it can be set for
+write or not"
+-config=MC3A2.R11.8,reports+={safe,"any_area(any_loc(text(^.*__hvm_copy.*HVMCOPY_to_guest doesn't modify.*$)))"}
+-doc_end
+
-doc_begin="This construct is used to check if the type is scalar, and for this purpose the use of 0 as a null pointer constant is deliberate."
-config=MC3A2.R11.9,reports+={deliberate, "any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))"
}
@@ -353,6 +353,15 @@ Deviations related to MISRA C:2012 Rules:
Fixing this violation would require to increase code complexity and lower readability.
- Tagged as `safe` for ECLAIR.
+ * - R11.8
+ - Violations caused by function __hvm_copy occur when a const void
+ argument is passed, as the const qualifier is stripped. However, in such
+ cases, the function ensures that it does not modify the buffer
+ referenced by the argument, therefore, this use is deemed safe. Fixing
+ this violation would require to increase code complexity and lower
+ readability.
+ - Tagged as `safe` for ECLAIR.
+
* - R11.9
- __ACCESS_ONCE uses an integer, which happens to be zero, as a
compile time check. The typecheck uses a cast. The usage of zero or other
Rule 11.8 states as following: "A cast shall not remove any `const' or `volatile' qualification from the type pointed to by a pointer". Function `__hvm_copy' in `xen/arch/x86/hvm/hvm.c' is a double-use function, where the parameter needs to not be const because it can be set for write or not. As it was decided a new const-only function will lead to more developer confusion than it's worth, this violation is addressed by deviating the function. All cases of casting away const-ness are accompanied with a comment explaining why it is safe given the other flags passed in; such comment is used by the deviation in order to match the appropriate function call. No functional change. Signed-off-by: Alessandro Zucchelli <alessandro.zucchelli@bugseng.com> --- Changes from V3: Edit docs/misra/deviations.rst, according to the feedback received. Rebase against the current staging tree. Changes from V2: The deviation has been documented under docs/misra/deviations.rst. Changes from V1: The deviation has been refined to specify that every instance of casting away const-ness is accompanied by a comment explaining why it is safe. This comment is a requirement that has been incorporated into the text defining the deviation. --- automation/eclair_analysis/ECLAIR/deviations.ecl | 6 ++++++ docs/misra/deviations.rst | 9 +++++++++ 2 files changed, 15 insertions(+)