[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Roberto Bagnara <roberto.bagnara@xxxxxxxxxxx>
Date: Thu, 23 Jun 2022 23:14:40 +0200
Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <Michal.Orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Delivery-date: Thu, 23 Jun 2022 21:15:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


Hi Jan.

I know I will sound pedantic ;-)  but an important fact about
the MISRA standards is that reading the headline alone is almost
never enough.  In the specific of (advisory) Directive 4.6,
the Rationale says, among other things:

    It might be desirable not to apply this guideline when
    interfacing with The Standard Library or code outside
    the project’s control.

For this reason, size_t is typically set as an exception in the
tool configuration.  To properly deal with the many Standard Library
functions returning int, one can use a typedef named something
like "lib_int_t" to write, e.g.,

  const lib_int_t r = strncmp(...);

The lib_int_t typedef can be used with a suitable tool configuration,
just as I mentioned one would do with size_t.
Kind regards,

   Roberto

On 23/06/22 09:51, Jan Beulich wrote:

On 23.06.2022 09:37, Roberto Bagnara wrote:

Rule 8.1 only applies to C90 code, as all the violating instances are
syntax errors in C99 and later versions of the language.  So,
the following line does not contain a violation of Rule 8.1:

      unsigned x;

It does contain a violation of Directive 4.6, though, whose correct
handling depends on the intention (uint32_t, uin64_t, size_t, ...).


Interesting - this goes straight against a rule we have set in
./CODING_STYLE. I'm also puzzled by you including size_t in your list
of examples, when the spec doesn't. The sole "goal" of the directive
(which is advisory only anyway) is to be able to determine allocation
size. size_t size, however, varies as much as short, int, long, etc
do.

Jan

References:
- [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Michal Orzel
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Jan Beulich
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Michal Orzel
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Jan Beulich
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Bertrand Marquis
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Jan Beulich
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Bertrand Marquis
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Jan Beulich
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Stefano Stabellini
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Roberto Bagnara
- Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
  - From: Jan Beulich

Prev by Date: Re: [PATCH v3] xen: Add MISRA support to cppcheck make rule
Next by Date: Re: [PATCH] xen/arm: irq: Initialize the per-CPU IRQs while preparing the CPU
Previous by thread: Re: [PATCH 0/9] MISRA C 2012 8.1 rule fixes
Next by thread: [qemu-mainline test] 171282: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.