[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [XEN PATCH][for-4.19 1/2] xen: introduce a deviation for Rule 11.9
On Thu, 5 Oct 2023, Nicola Vetrini wrote: > The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a > compile-time check to detect non-scalar types; its usage for this > purpose is documented in rules.rst as an exception. > > Furthermore, the 'access_field' and 'typeof_field' macros are > introduced as a general way to deal with accesses to structs > without declaring a struct variable. > > Cleanup of spurious MISRA deviations. > > No functional change intended. > > Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx> > --- > If NULL is not suitable for usage inside access_field, then 0 could > be put there and the macro deviated. I think that's OK but let's wait to see if anyone else has a different feedback > --- > .../eclair_analysis/ECLAIR/deviations.ecl | 23 +++++++------------ > docs/misra/rules.rst | 3 ++- > xen/include/xen/compiler.h | 5 +++- > xen/include/xen/kernel.h | 2 +- > 4 files changed, 15 insertions(+), 18 deletions(-) > > diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl > b/automation/eclair_analysis/ECLAIR/deviations.ecl > index d8170106b449..acd42386e0a9 100644 > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -110,10 +110,6 @@ neither functions nor pointers to functions." > > -config=MC3R1.R5.5,reports={safe,"all_area(decl(node(enum_decl||record_decl||field_decl||param_decl||var_decl)&&!type(canonical(address((node(function||function_no_proto))))))||macro(function_like()))"} > -doc_end > > --doc_begin="The use of these identifiers for both macro names and other > entities > -is deliberate and does not generate developer confusion." > --config=MC3R1.R5.5,reports+={safe, > "any_area(text(^\\s*/\\*\\s+SAF-[0-9]+-safe\\s+MC3R1\\.R5\\.5.*$, begin-1))"} > --doc_end > > -doc_begin="The definition of macros and functions ending in '_bit' that use > the > same identifier in 'bitops.h' is deliberate and safe." > @@ -156,11 +152,6 @@ particular use of it done in xen_mk_ulong." > > -config=MC3R1.R7.2,reports+={deliberate,"any_area(any_loc(macro(name(BUILD_BUG_ON))))"} > -doc_end > > --doc_begin="The following string literals are assigned to pointers to non > -const-qualified char." > --config=MC3R1.R7.4,reports+={safe, > "any_area(text(^\\s*/\\*\\s+SAF-[0-9]+-safe\\s+MC3R1\\.R7\\.4.*$, begin-1))"} > --doc_end > - > -doc_begin="Allow pointers of non-character type as long as the pointee is > const-qualified." > -config=MC3R1.R7.4,same_pointee=false > @@ -222,12 +213,6 @@ definition is compiled-out or optimized-out by the > compiler)" > # Series 9. > # > > --doc_begin="The following variables are written before being set, therefore > no > -access to uninitialized memory locations happens, as explained in the > deviation > -comment." > --config=MC3R1.R9.1,reports+={safe, > "any_area(text(^\\s*/\\*\\s+SAF-[0-9]+-safe\\s+MC3R1\\.R9\\.1.*$, begin-1))"} > --doc_end > - > -doc_begin="Violations in files that maintainers have asked to not modify in > the > context of R9.1." > -file_tag+={adopted_r9_1,"^xen/arch/arm/arm64/lib/find_next_bit\\.c$"} > @@ -274,6 +259,14 @@ still non-negative." > -config=MC3R1.R10.1,etypes+={safe, > "stmt(operator(logical)||node(conditional_operator||binary_conditional_operator))", > "dst_type(ebool||boolean)"} > -doc_end > > +# > +# Series 11 > +# > + > +-doc_begin="This macro is used to check if the type is scalar, and for this > purpose the use of 0 as a null pointer constant is deliberate." > +-config=MC3R1.R11.9,reports+={deliberate, > "any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))"} > +-doc_end > + > ### Set 3 ### > > # > diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst > index 3139ca7ae6dd..d5569696b3a8 100644 > --- a/docs/misra/rules.rst > +++ b/docs/misra/rules.rst > @@ -393,7 +393,8 @@ maintainers if you want to suggest a change. > * - `Rule 11.9 > <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_09.c>`_ > - Required > - The macro NULL shall be the only permitted form of null pointer > constant > - - > + - Using 0 as a null pointer constant to check if a type is scalar is > + allowed and always happens through the macro __ACCESS_ONCE. > > * - `Rule 12.5 > <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_05.c>`_ > - Mandatory > diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h > index dd99e573083f..15be9a750b23 100644 > --- a/xen/include/xen/compiler.h > +++ b/xen/include/xen/compiler.h > @@ -109,13 +109,16 @@ > > #define offsetof(a,b) __builtin_offsetof(a,b) > > +/* Access the field of structure type, without defining a local variable */ > +#define access_field(type, member) (((type *)NULL)->member) > +#define typeof_field(type, member) typeof(access_field(type, member)) > /** > * sizeof_field(TYPE, MEMBER) > * > * @TYPE: The structure containing the field of interest > * @MEMBER: The field to return the size of > */ > -#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER)) > +#define sizeof_field(TYPE, MEMBER) sizeof(access_field(TYPE, MEMBER)) > > #if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 201112L > #define alignof __alignof__ > diff --git a/xen/include/xen/kernel.h b/xen/include/xen/kernel.h > index 46b3c9c02625..2c5ed7736c99 100644 > --- a/xen/include/xen/kernel.h > +++ b/xen/include/xen/kernel.h > @@ -51,7 +51,7 @@ > * > */ > #define container_of(ptr, type, member) ({ \ > - typeof( ((type *)0)->member ) *__mptr = (ptr); \ > + typeof_field(type, member) *__mptr = (ptr); \ > (type *)( (char *)__mptr - offsetof(type,member) );}) > > /* > -- > 2.34.1 >
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |