[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] xen: add deviations for Rule 11.8

commit 23a5fb3df7aaaa719cf7eccfb4d3ca24933c39a6
Author:     Maria Celeste Cesario <maria.celeste.cesario@xxxxxxxxxxx>
AuthorDate: Tue Dec 19 12:05:11 2023 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Dec 20 11:47:04 2023 +0100

    xen: add deviations for Rule 11.8
    
    The xen sources contain violations of MISRA C:2012 Rule 11.8 whose
    headline states:
    "A conversion shall not remove any const, volatile or _Atomic qualification
    from the type pointed to by a pointer".
    
    The macro 'container_of' violates the Rule because it casts away any
    qualifier to do pointer arithmetic, but making the macro definition 
compliant
    would add additional complexity, therefore a deviation is introduced.
    
    Signed-off-by: Maria Celeste Cesario  <maria.celeste.cesario@xxxxxxxxxxx>
    Signed-off-by: Simone Ballarin  <simone.ballarin@xxxxxxxxxxx>
    Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
 automation/eclair_analysis/ECLAIR/deviations.ecl | 7 +++++++
 docs/misra/deviations.rst                        | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 6806f0eea0..4b5140fe3f 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -303,6 +303,13 @@ constant expressions are required.\""
 # Series 11
 #
 
+-doc_begin="Violations caused by container_of are due to pointer arithmetic 
operations
+with the provided offset. The resulting pointer is then immediately cast back 
to its
+original type, which preserves the qualifier. This use is deemed safe.
+Fixing this violation would require to increase code complexity and lower 
readability."
+-config=MC3R1.R11.8,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"}
+-doc_end
+
 -doc_begin="This construct is used to check if the type is scalar, and for 
this purpose the use of 0 as a null pointer constant is deliberate."
 -config=MC3R1.R11.9,reports+={deliberate, 
"any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))"
 }
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 4bd56eb9cc..123c78e20a 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -255,6 +255,13 @@ Deviations related to MISRA C:2012 Rules:
        If no bits are set, 0 is returned.
      - Tagged as `safe` for ECLAIR.
 
+   * - R11.8
+     - Violations caused by container_of are due to pointer arithmetic 
operations
+       with the provided offset. The resulting pointer is then immediately 
cast back to its
+       original type, which preserves the qualifier. This use is deemed safe.
+       Fixing this violation would require to increase code complexity and 
lower readability.
+     - Tagged as `safe` for ECLAIR.
+
    * - R11.9
      - __ACCESS_ONCE uses an integer, which happens to be zero, as a
        compile time check. The typecheck uses a cast. The usage of zero or 
other
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.