[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] xen: address violations of Rule 11.9

commit 26cdd09801e5cd7c4bed25de2eac012ba67535a0
Author:     Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
AuthorDate: Fri Nov 17 18:11:11 2023 -0800
Commit:     Stefano Stabellini <stefano.stabellini@xxxxxxx>
CommitDate: Fri Nov 17 18:11:11 2023 -0800

    xen: address violations of Rule 11.9
    
    The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
    compile-time check to detect non-scalar types; its usage for this
    purpose is deviated.
    
    Furthermore, the 'typeof_field' macro is introduced as a general way
    to access the type of a struct member without declaring a variable
    of struct type. Both this macro and 'sizeof_field' are moved to
    'xen/macros.h'.
    
    No functional change intended.
    
    Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
 automation/eclair_analysis/ECLAIR/deviations.ecl |  9 +++++++++
 docs/misra/deviations.rst                        |  6 ++++++
 xen/include/xen/compiler.h                       |  8 --------
 xen/include/xen/kernel.h                         |  2 +-
 xen/include/xen/macros.h                         | 16 ++++++++++++++++
 5 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 279b282109..b7c6d85fbf 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -253,6 +253,15 @@ constant expressions are required.\""
   "any()"}
 -doc_end
 
+#
+# Series 11
+#
+
+-doc_begin="This construct is used to check if the type is scalar, and for 
this purpose the use of 0 as a null pointer constant is deliberate."
+-config=MC3R1.R11.9,reports+={deliberate, 
"any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))"
+}
+-doc_end
+
 #
 # Series 13
 #
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 949840b966..b5a46f7f87 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -206,6 +206,12 @@ Deviations related to MISRA C:2012 Rules:
        If no bits are set, 0 is returned.
      - Tagged as `safe` for ECLAIR.
 
+   * - R11.9
+     - __ACCESS_ONCE uses an integer, which happens to be zero, as a
+       compile time check. The typecheck uses a cast. The usage of zero or 
other
+       integers for this purpose is allowed.
+     - Tagged as `deliberate` for ECLAIR.
+
    * - R13.5
      - All developers and reviewers can be safely assumed to be well aware of
        the short-circuit evaluation strategy for logical operators.
diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h
index dd99e57308..a8be1f19cf 100644
--- a/xen/include/xen/compiler.h
+++ b/xen/include/xen/compiler.h
@@ -109,14 +109,6 @@
 
 #define offsetof(a,b) __builtin_offsetof(a,b)
 
-/**
- * sizeof_field(TYPE, MEMBER)
- *
- * @TYPE: The structure containing the field of interest
- * @MEMBER: The field to return the size of
- */
-#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
-
 #if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 201112L
 #define alignof __alignof__
 #endif
diff --git a/xen/include/xen/kernel.h b/xen/include/xen/kernel.h
index 46b3c9c026..2c5ed7736c 100644
--- a/xen/include/xen/kernel.h
+++ b/xen/include/xen/kernel.h
@@ -51,7 +51,7 @@
  *
  */
 #define container_of(ptr, type, member) ({                      \
-        typeof( ((type *)0)->member ) *__mptr = (ptr);          \
+        typeof_field(type, member) *__mptr = (ptr);             \
         (type *)( (char *)__mptr - offsetof(type,member) );})
 
 /*
diff --git a/xen/include/xen/macros.h b/xen/include/xen/macros.h
index f943319ab2..18842cd8a5 100644
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -60,6 +60,22 @@
 
 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array(x))
 
+/**
+ * typeof_field(type, member)
+ *
+ * @type: The structure containing the field of interest
+ * @member: The field whose type is returned
+ */
+#define typeof_field(type, member) typeof(((type *)NULL)->member)
+
+/**
+ * sizeof_field(type, member)
+ *
+ * @type: The structure containing the field of interest
+ * @member: The field to return the size of
+ */
+#define sizeof_field(type, member) sizeof(((type *)NULL)->member)
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* __MACROS_H__ */
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.