[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] misra: add deviation for MISRA C Rule 11.3

  • To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Thu, 21 Aug 2025 16:47:35 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1755787655; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=ooDp5/VMTh979qC9zYvC3jDnRtcIb2fJaBdXnV3DnHg=; b=rDV7MRUCJ40h4sE3MzgXafJbZN5tSX2HgsSNWQjPFdMoja5AVSqrZscH0+JJP8eN1bwV 2gjHdKfpU7S/tQ/8ochYlQ59WmqV+pqItee3AeptsAjRrKw09xUEMYfZ9lXmx5g7eRCEq /b8kEiHMy4OdziaHhBZ3IB6VoMdGFF7a+g39a0j03S6HImBKfhhGKl5vGJ0q3SQYX0X/0 jecAcC628fvn8HR4EZkfMXxG96MVAz51gyFho5uEilL1wdK5sVMWO9meL9Fzu08oTHRc9 QpBeM3kt++9iOGAUO71vErYp3JOHCH0GOrj1dFLsYwymTFOjBcHXkhwKR2gUpcYrqklTM 37GCqNUyNeymUqTsvzUSOUgOJH3DLJFjH6mkdmKP6SP5r5jD60ZFwUgCormswgLgS7xAw hLHVfXS2Xj4RuJdvy+qv9+fN9CWQ1wI2DLc+/4qhsHuizFwgKCiavAVc8G0CDNot+L6WU j9oMi8N7JBlrlw7fGQeBE5VpJVJ7y6L36anBJrwHco15wOacgv0+cMNLoM/GKmAuHZAsV 4C6Y0XAn2br5de0VeFPzK+EPxVwFKkbkEO7eMMX6oek74+k4LiwhShSsdCT0bK/3bGyir s6uvwuslVdnppGz9dOCv619enFEHbRs8kzFxGw5cPgp4KvqJG8T1upD1oKfyFA4=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1755787655; b=D0dZrJhnT5VnJT0ZxcHQ96skrjQQJENYm59G8y96RTOF45jz4o8982huK7B6h/Xaeo3L KKG/1jC/mvvQntFjkjl2+SzQafFW5ZCXT4CuIkl3GqLLRMQNHR72FO7nZafC8Y5CK8niv pTINceKBQNu/EMvkyN41rNJxgyvP+NQVZYk5bYXXCbI5cXHQK4Yv/aErKNT1yTUsOJbmr b8LGVOod0b7DJgRBnyIzfDBXFimdyzOdvtlGdPj/2hugriZEs+mNa/CxDfsejhMueYos2 FOijYtvGtTeZ/hlTFI3bc4WSPnYYmfSCBJVsRA2YLKOSjfEJcILt/lxfpb8PEIuiQJRe4 BOQzkPvybRw1Yl7Crlc2dkHrFqqNCD+yRnauGE7TkGmnGFTSccHbUTz/m+2KjulzqHOPT krpiC6z9PNEd3mhVHlS0xMEfWHt0wKFHDXRUlVOyzoXTsjk6r6jd26Rk4lXnGMo5r8x6F l1b96KfJK+JqifsquKmb13ZcMaFStkCglMjmXkJwLD6ZSSoeM8j7iYG3XCb0CSS4ToF1b /IEomcRZP/Wbz4XvBLuc8QWnyLEb4Tm5fdX8MsVf7oPxaoGH/0a6qWO5x7Jja9ISlJBzy Ydat0r00rdMwnhlgzh1QOZzWDEHJnudvpCE+44EEvcsRNETj+Hn9cZ5ICWbzVZs=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 21 Aug 2025 14:47:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-08-21 16:28, Dmytro Prokopchuk1 wrote:

On 8/21/25 17:13, Dmytro Prokopchuk wrote:



On 8/21/25 12:18, Jan Beulich wrote:

On 20.08.2025 09:17, Dmytro Prokopchuk1 wrote:

MISRA C Rule 11.3 states: "A cast shall not be performed between a
pointer
to object type and a pointer to a different object type."

Violations of this rule arise due to the 'container_of' macro, which
casts
a member of a structure to its containing structure:
     container_of(ptr, type, member) ({                             \             typeof_field(type, member) *__mptr = (ptr);             \ 
            (type *)( (char *)__mptr - offsetof(type,member) );})

The 'container_of' macro is safe because it relies on the
standardized and
well-defined 'offsetof' macro to calculate the memory address of the
containing structure, while assuming proper alignment and ensuring no 
undefined behavior, provided that the input pointer is valid and
points to
the specified member.
Configure Eclair to suppress violation reports related to 'container_of macro. Update 'deviations.rst' file accordingly. Add Rule 11.3 to the 
monitored list.
No functional changes.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>


Looks largely okay; just one nit and a question:


--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -403,6 +403,14 @@ because the semantics of the 'noreturn'
attribute do not alter the calling conve
  }
  -doc_end
+-doc_begin="Convesions in the 'container_of' macro are safe because
it relies on


"Conversions" (also in deviations.rst)


--- a/automation/eclair_analysis/ECLAIR/monitored.ecl
+++ b/automation/eclair_analysis/ECLAIR/monitored.ecl
@@ -45,6 +45,7 @@
  -enable=MC3A2.R10.2
  -enable=MC3A2.R11.1
  -enable=MC3A2.R11.2
+-enable=MC3A2.R11.3
While the description mentions this change, it doesn't say why (e.g. "no violations left" or "only this and that violation left" or some such). 
ARM:  813V ->   16V
X86: 1422V -> 1035V

Looks OK for ARM (to be added in the monitoring list), but X86...
Anyway the number of reported errors has no side effect.

Jan, decision up to you (include into monitored.ecl or not).

Dmytro.


Actually, better way is to remove '-enable=MC3A2.R11.3' from the
monitored.ecl file and create separate patch (in future).



I agree


Dmytro.




--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -393,6 +393,14 @@ Deviations related to MISRA C:2012 Rules:
         (i.e., less strict) alignment requirement are safe.
       - Tagged as `safe` for ECLAIR.
+   * - R11.3
+     - Convesions in the 'container_of' macro are safe because it
relies on
+       the standardized and well-defined 'offsetof' macro to
calculate the memory


Actually another nit: Here as well as in the description, it would be
nice
to add parentheses, so indicate the function-ness of both macros (i.e. 
container_of() and offsetof()).

Jan


--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.