[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Wed, 11 Oct 2023 14:46:46 +0200
Cc: sstabellini@xxxxxxxxxx, michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, jbeulich@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, roger.pau@xxxxxxxxxx, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Simone Ballarin <simone.ballarin@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Wed, 11 Oct 2023 12:47:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage for this
purpose is deviated.

Furthermore, the 'access_field' and 'typeof_field' macros are
introduced as a general way to deal with accesses to structs
without declaring a struct variable.

No functional change intended.

Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
---
Changes in v2:
- added entry in deviations.rst
---
 automation/eclair_analysis/ECLAIR/deviations.ecl | 9 +++++++++
 docs/misra/deviations.rst                        | 5 +++++
 xen/include/xen/compiler.h                       | 5 ++++-
 xen/include/xen/kernel.h                         | 2 +-
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index fa56e5c00a27..28d9c37bedb2 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -246,6 +246,15 @@ constant expressions are required.\""
   "any()"}
 -doc_end
 
+#
+# Series 11
+#
+
+-doc_begin="This construct is used to check if the type is scalar, and for 
this purpose the use of 0 as a null pointer constant is deliberate."
+-config=MC3R1.R11.9,reports+={deliberate, 
"any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))"
+}
+-doc_end
+
 #
 # Series 13
 #
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index ee7aed0609d2..1b00e4e3e9b7 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -199,6 +199,11 @@ Deviations related to MISRA C:2012 Rules:
        See automation/eclair_analysis/deviations.ecl for the full explanation.
      - Tagged as `safe` for ECLAIR.
 
+   * - R11.9
+     - __ACCESS_ONCE uses a 0 as a null pointer constant to check if a type is
+       scalar, therefore its usage for this purpose is allowed.
+     - Tagged as `deliberate` for ECLAIR.
+
    * - R13.5
      - All developers and reviewers can be safely assumed to be well aware of
        the short-circuit evaluation strategy for logical operators.
diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h
index dd99e573083f..15be9a750b23 100644
--- a/xen/include/xen/compiler.h
+++ b/xen/include/xen/compiler.h
@@ -109,13 +109,16 @@
 
 #define offsetof(a,b) __builtin_offsetof(a,b)
 
+/* Access the field of structure type, without defining a local variable */
+#define access_field(type, member) (((type *)NULL)->member)
+#define typeof_field(type, member) typeof(access_field(type, member))
 /**
  * sizeof_field(TYPE, MEMBER)
  *
  * @TYPE: The structure containing the field of interest
  * @MEMBER: The field to return the size of
  */
-#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
+#define sizeof_field(TYPE, MEMBER) sizeof(access_field(TYPE, MEMBER))
 
 #if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 201112L
 #define alignof __alignof__
diff --git a/xen/include/xen/kernel.h b/xen/include/xen/kernel.h
index 46b3c9c02625..2c5ed7736c99 100644
--- a/xen/include/xen/kernel.h
+++ b/xen/include/xen/kernel.h
@@ -51,7 +51,7 @@
  *
  */
 #define container_of(ptr, type, member) ({                      \
-        typeof( ((type *)0)->member ) *__mptr = (ptr);          \
+        typeof_field(type, member) *__mptr = (ptr);             \
         (type *)( (char *)__mptr - offsetof(type,member) );})
 
 /*
-- 
2.34.1

Follow-Ups:
- Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
  - From: Jan Beulich
- Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
  - From: Stefano Stabellini
- Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
  - From: andrew . cooper3

References:
- [XEN PATCH][for-4.19 v2 0/1] address violations of MISRA C:2012 Rule 11.9
  - From: Nicola Vetrini

Prev by Date: [XEN PATCH][for-4.19 v2 0/1] address violations of MISRA C:2012 Rule 11.9
Next by Date: Re: [PATCH for-4.19] x86/cpu-policy: Adjust CPUID_MAX_SERIALISED_LEAVES to placate MISRA
Previous by thread: [XEN PATCH][for-4.19 v2 0/1] address violations of MISRA C:2012 Rule 11.9
Next by thread: Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.