[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] misra: add deviation for MISRA C Rule 18.3
- To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Wed, 20 Aug 2025 15:03:11 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1755694992; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=CB/q5y7FPjAryA9XHIdlKTQPQlU5KjrEPv8xlhx/Jp0=; b=OMiYFol4Atxhea15OJR/cCWNvlL2GnQXt0gfF18fSdXMfzkAJoe36vFUVPEoZL7Widgx wBAzhL31DkjCQVFHu57SyehWxc+aCA5LBpfjx37c7i1A92E+prZ8DvkxxHKaK+KKuz5Ew RCfu6AbRig9CTNLijX66tZ2SK+M9LDmnYKJbn6hLWnLzixBalBGsWbQ9ahYWlufVm0X+C 0AkVHBWATxq56GK8dR1bElL//yoGUXRk2v+GvoZlFbTPvjmWluro6dwR3zHRY3uhLSiqs fgz26bpWiQ38tXk28b4idaOc1lmIwpvbE4VseUng9LEhb5MrrrmHACQZINKlalkVfK9tS 7eE7pVG0+hjetcBGg3gBdB1yD1gvWyBmTdgj+CGc7TOK4FOOj5G8tXIw1dIjcsg0ImF+Z 6U3fCLFKvDd9cS1CZIioElJkhnyVm5dfltSZ39EpKjTMcXqVIOvXkL/5tgKTAKHHnLQ9y 5lxPN4FscA40iuTtuXncG9WfUirk6+9LtQJEYHO/Yob1p4AhITTfbNGAtn4lFBa7V7Z3Z DCdjBh6VTyixVK7JzP09rEKarfRCRuM0nGSyj76M5IOd7BeHp5ya9x6KgWJgpiYvfqTrX cqrjmdDsB8tha/ZEOZQkGB7YAod2eNucEfQpGaVfH6Xd58ZT42x/WXmUFA10H1I=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1755694992; b=W7IhvnnCyIhs82IWL9liElbtNUPiUnb/46KO462GDmUz94T9JIJrr90FciJVm7G6Lx53 ctGv4m5Bt6eZQMPo201UFnh7cbGHbHjviPft404lWMUiBY3oEgGkd7JTc5NMxtIdrlFw2 aQ9t/us5SA6w24DYcfTySe7brcCmErwYPpjIllj/4918WnmG3NOfSteTzb6sDqUNJcYwo 5ySe9X+6iaMRM4SUzz+9lEbCuUPmLKY3umWOe65RQD7ik88UIuOnrVdS5XlVRjp9japik 1Kw8ftU8n/+L8rP2j6OQXDum6M43NAC9MECDPRlOrtoUtR0AEZoyeJ2CniVhR7IZZ/sYJ gcwP510VgiMyIAHOjr2ugi50LXYywfuuFsB4LH1GDslCnumbs/p5QBvK07QQsL8pkLK1H koiV+oi7AJxajeNwuivQYWCQytFP827OaocDEHaXC8nGCZKg/uuA4+v/3rVwm92ubCAUO CNhdnotQCBzs4DZiYYcJ6CRl/srkL5bJm4o3GpBRY9o7nTRgdQx2rTHCOs7/C4tV1B5qU BSOKh5Qv5PPAQ5MwE4u4KJzSPfIHx05ekXNGTn2TMZmAAc270tTwD9Gf6KfHnm7cx+VcF 2iLpleBiUCBkWVaL8hjeKKXW8shWCjtIMSTWPv3cE18d8e4//6xpEgcn5eJhJ3Q=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Wed, 20 Aug 2025 13:03:25 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-08-20 14:44, Dmytro Prokopchuk1 wrote:
MISRA C Rule 18.3 states:"The relational operators >, >=, < and <=
shall
not be applied to objects of pointer type except where they point into
the same object."
Comparisons in the 'find_text_region()' function are safe because
linker
symbols '_stext' and '_etext' represent fixed virtual addresses within
the same '.text' region, and the function 'addr' argument is explicitly
compared to known valid memory bounds ('text_start' and 'text_end')
derived from these linker symbols:
if ( (void *)addr >= iter->text_start &&
(void *)addr < iter->text_end )
Configure Eclair to suppress violation reports occured in the function
'find_text_region()'. Update 'deviations.rst' file accordingly.
No functional changes.
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
Reviewed-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
with two NITs below:
---
Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1993673043
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 6 ++++++
docs/misra/deviations.rst | 8 ++++++++
2 files changed, 14 insertions(+)
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 7f3fd35a33..32b596c9da 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -590,6 +590,12 @@ C99 Undefined Behaviour 45: Pointers that do not
point into, or just beyond, the
-config=MC3A2.R18.2,reports+={safe,
"any_area(any_loc(any_exp(macro(^page_to_mfn$))))"}
-doc_end
+-doc_begin="Comparisons in the 'find_text_region()' function are safe
because linker symbols '_stext' and '_etext' represent fixed
+virtual addresses within the same '.text' region, and the function
'addr' argument is explicitly compared to known valid memory
+bounds ('text_start' and 'text_end') derived from these linker
symbols."
Maybe ['text_start', 'text_end') here and below to emphasize that this
is a range?
+-config=MC3A2.R18.3,reports+={safe,
"any_area(any_loc(file(^xen/common/virtual_region\\.c$))&&context(name(find_text_region)))"}
+-doc_end
+
-doc_begin="Flexible array members are deliberately used and XEN
developers are aware of the dangers related to them:
unexpected result when the structure is given as argument to a
sizeof() operator and the truncation in assignment between structures."
-config=MC3A2.R18.7,reports+={deliberate, "any()"}
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index 2119066531..a726fb22a8 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -586,6 +586,14 @@ Deviations related to MISRA C:2012 Rules:
are safe.
- Tagged as `safe` for ECLAIR.
+ * - R18.3
+ - Comparisons in the 'find_text_region()' function are safe
because
+ linker symbols '_stext' and '_etext' represent fixed virtual
+ addresses within the same '.text' region, and the function
'addr'
s/function 'addr' argument/function parameter 'addr'/
+ argument is explicitly compared to known valid memory bounds
+ ('text_start' and 'text_end') derived from these linker
symbols.
+ - Tagged as `safe` for ECLAIR.
+
* - R20.4
- The override of the keyword \"inline\" in xen/compiler.h is
present so
that section contents checks pass when the compiler chooses not
to
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
