diff mbox series

add more MISRA C rules to docs/misra/rules.rst

Message ID alpine.DEB.2.22.394.2206091748210.756493@ubuntu-linux-20-04-desktop (mailing list archive)
State Superseded
Headers show
Series add more MISRA C rules to docs/misra/rules.rst | expand

Commit Message

Stefano Stabellini June 10, 2022, 12:48 a.m. UTC
Add the new MISRA C rules agreed by the MISRA C working group to
docs/misra/rules.rst.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>

---

I added the rules that we agreed upon this morning together with all the
notes we discussed, in particular:

- macros as macro parameters at invocation time for Rule 5.3
- the clarification of Rule 9.1
- gnu_inline exception for Rule 8.10

Comments

Bertrand Marquis June 10, 2022, 9:19 a.m. UTC | #1
Hi Stefano,

> On 10 Jun 2022, at 01:48, Stefano Stabellini <sstabellini@kernel.org> wrote:
> 
> Add the new MISRA C rules agreed by the MISRA C working group to
> docs/misra/rules.rst.

The notes are now used to give more explanations or document deviations.
We might need a proper entry in the table at some point but I think this
should be part of something bigger to handle deviations so ..

> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
> 

Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>

Cheers
Bertrand
Julien Grall June 10, 2022, 9:21 a.m. UTC | #2
Hi Stefano,

On 10/06/2022 01:48, Stefano Stabellini wrote:
> Add the new MISRA C rules agreed by the MISRA C working group to
> docs/misra/rules.rst.
> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>

Acked-by: Julien Grall <jgrall@amazon.com>

Cheers,

> 
> ---
> 
> I added the rules that we agreed upon this morning together with all the
> notes we discussed, in particular:
> 
> - macros as macro parameters at invocation time for Rule 5.3
> - the clarification of Rule 9.1
> - gnu_inline exception for Rule 8.10
> 
> 
> diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
> index 6ccff07765..5c28836bc8 100644
> --- a/docs/misra/rules.rst
> +++ b/docs/misra/rules.rst
> @@ -89,6 +89,28 @@ existing codebase are work-in-progress.
>          (xen/include/public/) are allowed to retain longer identifiers
>          for backward compatibility.
>   
> +   * - `Rule 5.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_02.c>`_
> +     - Required
> +     - Identifiers declared in the same scope and name space shall be
> +       distinct
> +     - The Xen characters limit for identifiers is 40. Public headers
> +       (xen/include/public/) are allowed to retain longer identifiers
> +       for backward compatibility.
> +
> +   * - `Rule 5.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_03.c>`_
> +     - Required
> +     - An identifier declared in an inner scope shall not hide an
> +       identifier declared in an outer scope
> +     - Using macros as macro parameters at invocation time is allowed,
> +       e.g. MAX(var0, MIN(var1, var2))
> +
> +   * - `Rule 5.4 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_04.c>`_
> +     - Required
> +     - Macro identifiers shall be distinct
> +     - The Xen characters limit for macro identifiers is 40. Public
> +       headers (xen/include/public/) are allowed to retain longer
> +       identifiers for backward compatibility.
> +
>      * - `Rule 6.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_06_02.c>`_
>        - Required
>        - Single-bit named bit fields shall not be of a signed type
> @@ -123,8 +145,75 @@ existing codebase are work-in-progress.
>          declarations of objects and functions that have internal linkage
>        -
>   
> +   * - `Rule 8.10 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_08_10.c>`_
> +     - Required
> +     - An inline function shall be declared with the static storage class
> +     - gnu_inline (without static) is allowed.
> +
>      * - `Rule 8.12 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_08_12.c>`_
>        - Required
>        - Within an enumerator list the value of an implicitly-specified
>          enumeration constant shall be unique
>        -
> +
> +   * - `Rule 9.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_09_01.c>`_
> +     - Mandatory
> +     - The value of an object with automatic storage duration shall not
> +       be read before it has been set
> +     - Rule clarification: do not use variables before they are
> +       initialized. An explicit initializer is not necessarily required.
> +       Try reducing the scope of the variable. If an explicit
> +       initializer is added, consider initializing the variable to a
> +       poison value.
> +
> +   * - `Rule 9.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_09_02.c>`_
> +     - Required
> +     - The initializer for an aggregate or union shall be enclosed in
> +       braces
> +     -
> +
> +   * - `Rule 13.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_13_06.c>`_
> +     - Mandatory
> +     - The operand of the sizeof operator shall not contain any
> +       expression which has potential side effects
> +     -
> +
> +   * - `Rule 14.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_14_01.c>`_
> +     - Required
> +     - A loop counter shall not have essentially floating type
> +     -
> +
> +   * - `Rule 16.7 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_16_07.c>`_
> +     - Required
> +     - A switch-expression shall not have essentially Boolean type
> +     -
> +
> +   * - `Rule 17.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_17_03.c>`_
> +     - Mandatory
> +     - A function shall not be declared implicitly
> +     -
> +
> +   * - `Rule 17.4 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_17_04.c>`_
> +     - Mandatory
> +     - All exit paths from a function with non-void return type shall
> +       have an explicit return statement with an expression
> +     -
> +
> +   * - `Rule 20.7 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_20_07.c>`_
> +     - Required
> +     - Expressions resulting from the expansion of macro parameters
> +       shall be enclosed in parentheses
> +     -
> +
> +   * - `Rule 20.13 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_20_13.c>`_
> +     - Required
> +     - A line whose first token is # shall be a valid preprocessing
> +       directive
> +     -
> +
> +   * - `Rule 20.14 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_20_14.c>`_
> +     - Required
> +     - All #else #elif and #endif preprocessor directives shall reside
> +       in the same file as the #if #ifdef or #ifndef directive to which
> +       they are related
> +     -
Jan Beulich June 10, 2022, 10:23 a.m. UTC | #3
On 10.06.2022 02:48, Stefano Stabellini wrote:
> +   * - `Rule 5.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_03.c>`_
> +     - Required
> +     - An identifier declared in an inner scope shall not hide an
> +       identifier declared in an outer scope
> +     - Using macros as macro parameters at invocation time is allowed,
> +       e.g. MAX(var0, MIN(var1, var2))

I think the connection between the example and the rule could be made more
clear, e.g. by adding "... even if both macros use identically named local
variables".

> +   * - `Rule 14.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_14_01.c>`_
> +     - Required
> +     - A loop counter shall not have essentially floating type

This looks to be missing "point"?

Jan
Roger Pau Monné June 10, 2022, 3:54 p.m. UTC | #4
On Thu, Jun 09, 2022 at 05:48:26PM -0700, Stefano Stabellini wrote:
> Add the new MISRA C rules agreed by the MISRA C working group to
> docs/misra/rules.rst.
> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
> 
> ---
> 
> I added the rules that we agreed upon this morning together with all the
> notes we discussed, in particular:
> 
> - macros as macro parameters at invocation time for Rule 5.3
> - the clarification of Rule 9.1
> - gnu_inline exception for Rule 8.10
> 
> 
> diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
> index 6ccff07765..5c28836bc8 100644
> --- a/docs/misra/rules.rst
> +++ b/docs/misra/rules.rst
> @@ -89,6 +89,28 @@ existing codebase are work-in-progress.
>         (xen/include/public/) are allowed to retain longer identifiers
>         for backward compatibility.
>  
> +   * - `Rule 5.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_02.c>`_
> +     - Required
> +     - Identifiers declared in the same scope and name space shall be
> +       distinct
> +     - The Xen characters limit for identifiers is 40. Public headers
> +       (xen/include/public/) are allowed to retain longer identifiers
> +       for backward compatibility.
> +
> +   * - `Rule 5.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_03.c>`_
> +     - Required
> +     - An identifier declared in an inner scope shall not hide an
> +       identifier declared in an outer scope
> +     - Using macros as macro parameters at invocation time is allowed,
> +       e.g. MAX(var0, MIN(var1, var2))

I think you want to use the {min,max}_t macros as examples, because
those do define local variables.

The rest LGTM:

Acked-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.
Stefano Stabellini June 10, 2022, 9:24 p.m. UTC | #5
On Fri, 10 Jun 2022, Jan Beulich wrote:
> On 10.06.2022 02:48, Stefano Stabellini wrote:
> > +   * - `Rule 5.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_03.c>`_
> > +     - Required
> > +     - An identifier declared in an inner scope shall not hide an
> > +       identifier declared in an outer scope
> > +     - Using macros as macro parameters at invocation time is allowed,
> > +       e.g. MAX(var0, MIN(var1, var2))
> 
> I think the connection between the example and the rule could be made more
> clear, e.g. by adding "... even if both macros use identically named local
> variables".

Yep, I'll add


> > +   * - `Rule 14.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_14_01.c>`_
> > +     - Required
> > +     - A loop counter shall not have essentially floating type
> 
> This looks to be missing "point"?

I am not sure what you mean. Do you mean "floating-point" instead of
"floating" ?

This is the actual headline for Rule 14.1. MISRA defines "Essential
types" (8.10.2), so in this case it is referring to the type
"essentially floating", which includes float, double and long double.

If you meant something different, I'll address it in the next version of
the patch.

Cheers,

Stefano
Jan Beulich June 13, 2022, 7:04 a.m. UTC | #6
On 10.06.2022 23:24, Stefano Stabellini wrote:
> On Fri, 10 Jun 2022, Jan Beulich wrote:
>> On 10.06.2022 02:48, Stefano Stabellini wrote:
>>> +   * - `Rule 14.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_14_01.c>`_
>>> +     - Required
>>> +     - A loop counter shall not have essentially floating type
>>
>> This looks to be missing "point"?
> 
> I am not sure what you mean. Do you mean "floating-point" instead of
> "floating" ?
> 
> This is the actual headline for Rule 14.1. MISRA defines "Essential
> types" (8.10.2), so in this case it is referring to the type
> "essentially floating", which includes float, double and long double.

Yes, I mean "floating-point". But now that I look more closely I actually
notice that the C standard also uses the term "floating type" in a number
of instances. So perhaps it's just me who considers this odd.

Jan
diff mbox series

Patch

diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
index 6ccff07765..5c28836bc8 100644
--- a/docs/misra/rules.rst
+++ b/docs/misra/rules.rst
@@ -89,6 +89,28 @@  existing codebase are work-in-progress.
        (xen/include/public/) are allowed to retain longer identifiers
        for backward compatibility.
 
+   * - `Rule 5.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_02.c>`_
+     - Required
+     - Identifiers declared in the same scope and name space shall be
+       distinct
+     - The Xen characters limit for identifiers is 40. Public headers
+       (xen/include/public/) are allowed to retain longer identifiers
+       for backward compatibility.
+
+   * - `Rule 5.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_03.c>`_
+     - Required
+     - An identifier declared in an inner scope shall not hide an
+       identifier declared in an outer scope
+     - Using macros as macro parameters at invocation time is allowed,
+       e.g. MAX(var0, MIN(var1, var2))
+
+   * - `Rule 5.4 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_05_04.c>`_
+     - Required
+     - Macro identifiers shall be distinct
+     - The Xen characters limit for macro identifiers is 40. Public
+       headers (xen/include/public/) are allowed to retain longer
+       identifiers for backward compatibility.
+
    * - `Rule 6.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_06_02.c>`_
      - Required
      - Single-bit named bit fields shall not be of a signed type
@@ -123,8 +145,75 @@  existing codebase are work-in-progress.
        declarations of objects and functions that have internal linkage
      -
 
+   * - `Rule 8.10 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_08_10.c>`_
+     - Required
+     - An inline function shall be declared with the static storage class
+     - gnu_inline (without static) is allowed.
+
    * - `Rule 8.12 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_08_12.c>`_
      - Required
      - Within an enumerator list the value of an implicitly-specified
        enumeration constant shall be unique
      -
+
+   * - `Rule 9.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_09_01.c>`_
+     - Mandatory
+     - The value of an object with automatic storage duration shall not
+       be read before it has been set
+     - Rule clarification: do not use variables before they are
+       initialized. An explicit initializer is not necessarily required.
+       Try reducing the scope of the variable. If an explicit
+       initializer is added, consider initializing the variable to a
+       poison value.
+
+   * - `Rule 9.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_09_02.c>`_
+     - Required
+     - The initializer for an aggregate or union shall be enclosed in
+       braces
+     -
+
+   * - `Rule 13.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_13_06.c>`_
+     - Mandatory
+     - The operand of the sizeof operator shall not contain any
+       expression which has potential side effects
+     -
+
+   * - `Rule 14.1 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_14_01.c>`_
+     - Required
+     - A loop counter shall not have essentially floating type
+     -
+
+   * - `Rule 16.7 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_16_07.c>`_
+     - Required
+     - A switch-expression shall not have essentially Boolean type
+     -
+
+   * - `Rule 17.3 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_17_03.c>`_
+     - Mandatory
+     - A function shall not be declared implicitly
+     -
+
+   * - `Rule 17.4 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_17_04.c>`_
+     - Mandatory
+     - All exit paths from a function with non-void return type shall
+       have an explicit return statement with an expression
+     -
+
+   * - `Rule 20.7 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_20_07.c>`_
+     - Required
+     - Expressions resulting from the expansion of macro parameters
+       shall be enclosed in parentheses
+     -
+
+   * - `Rule 20.13 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_20_13.c>`_
+     - Required
+     - A line whose first token is # shall be a valid preprocessing
+       directive
+     -
+
+   * - `Rule 20.14 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_20_14.c>`_
+     - Required
+     - All #else #elif and #endif preprocessor directives shall reside
+       in the same file as the #if #ifdef or #ifndef directive to which
+       they are related
+     -