[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9

To: andrew.cooper3@xxxxxxxxxx
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Thu, 12 Oct 2023 14:27:01 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, sstabellini@xxxxxxxxxx, michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, jbeulich@xxxxxxxx, roger.pau@xxxxxxxxxx, Simone Ballarin <simone.ballarin@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Thu, 12 Oct 2023 12:27:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 11/10/2023 18:56, andrew.cooper3@xxxxxxxxxx wrote:

On 11/10/2023 8:46 pm, Nicola Vetrini wrote:

diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index ee7aed0609d2..1b00e4e3e9b7 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -199,6 +199,11 @@ Deviations related to MISRA C:2012 Rules:

See automation/eclair_analysis/deviations.ecl for the fullexplanation.

      - Tagged as `safe` for ECLAIR.

+   * - R11.9

+ - __ACCESS_ONCE uses a 0 as a null pointer constant to check ifa type is

+       scalar, therefore its usage for this purpose is allowed.
+     - Tagged as `deliberate` for ECLAIR.


Really?

#define __ACCESS_ONCE(x)
    (void)(typeof(x))0; /* Scalar typecheck. */

That's not a pointer.

If someone were to pass in an x who's type was pointer-to-object, then
yes it is technically a NULL pointer constant for long enough for the
build to error out.

What justification is Eclair using to suggest that it is a pointer?

If you really really want to shut things up, it doesn't need to be 0 -
it could be 1 or any other integer, but this honestly feels like a bug
in Eclair to me.

~Andrew

The non-compliant uses found by the checker were due to functionpointers

e.g.

void (*fp)(int i);

violation for rule MC3R1.R11.9: (required) The macro `NULL' shall be theonly permitted form of integer null pointer constant. (untagged)p.c:12.3-12.7: (MACRO) Loc #1 [culprit: non-compliant use of nullpointer constant]

  A(fp) = NULL;
  <~~~>
p.c:6.8-6.19: for #1 [culprit: expanded from macro `_A']
 (void)(typeof(X))0; \
       <~~~~~~~~~~>
p.c:9.16-9.20: for #1 [culprit: expanded from macro `A']
#define A(X) (*_A(X))
               <~~~>

These uses do not cause a build fail, and we deemed this usage of 0 tobe correct(a neutral value that would allow __ACCESS_ONCE to support any type ofargument).While perhaps some other value does have the same property (e.g., 1), wefelt that it was

okay to let 0 remain there.

--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

References:
- [XEN PATCH][for-4.19 v2 0/1] address violations of MISRA C:2012 Rule 11.9
  - From: Nicola Vetrini
- [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
  - From: Nicola Vetrini
- Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
  - From: andrew . cooper3

Prev by Date: Rust Xen Guest Agent
Next by Date: [linux-linus test] 183344: tolerable FAIL - PUSHED
Previous by thread: Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
Next by thread: Re: [XEN PATCH][for-4.19 v2 1/1] xen: introduce a deviation for Rule 11.9
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.