[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4] misra: add deviations of MISRA C Rule 5.5

  • To: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • Date: Wed, 6 Aug 2025 16:56:42 +0000
  • Accept-language: en-US, uk-UA, ru-RU
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p4hP9oalgpWE7NMvy8cumy6l/xw7dk1i7U6ahzd4bpM=; b=pQIuGre/oHR83umCjXoS0twvAIU9djz+D9rWhwCHSCbKiXz4JO/L3oqBzEZW6Eo3ZudrLpF1yUs9jumExfuqnXTs2BBP7P5F2ji92NoWMinG3KyRrQeS6rHxiGTn6YQIyiIfkTD7Dx/vfeCis0Auh+p/7m/WBlyQFR0M0mncLfJ0CC4so8OyhMwByUcSJ4sU8Ei45rmDnAwfVTdZZ0/7il4I0+VPgqv7aCssxm8uV8xKhu9Zjde6IoScxnrqX7YO/M0Lag1co4tLt2uKdYHYyCOyipZU0Di6q0oqwJvxa4RYlgSATanqmWTk/amJWXRqEfbsOGouQACmcDv2H9oNbA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=j5sdVgSxHR8zF4z85TSPm8mgFSZXd0wCKM/S9oQrSVy5Je8ScBk0Lu1Rre1nCUYO3/jxrNRaB1SPouZbaZfCcUnrAocHfJhd1Dk4MqLehe4lLAOwwnd6YzVGVJwkeXlZL/7SfiGh7+4hczhcxMoJoWEoZ/jsRVccXgUaBDKMJ7DXp7tovYbL6+P6GceoRP9SMfWJrVcEMuMgF3zaucUkxAd9W3H1HQ9d/9TdNMyiyBkc+4Cz8qja+0SO/R572JJBs5h8QO6Nk1l5VUqMnDmNGLgrk9/SUGtIlK4HxKUiNkytYz5P/acQFg8UW6P8hTLFODa5xfPWrDWDe4fQSVX3Cg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 06 Aug 2025 17:01:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcAlvRPvsNJLdA4EKfF9mnriBuYbRM0WUAgAkQDIA=
  • Thread-topic: [PATCH v4] misra: add deviations of MISRA C Rule 5.5

On 8/1/25 01:32, Nicola Vetrini wrote:
> On 2025-07-31 22:43, Dmytro Prokopchuk1 wrote:
>> MISRA C Rule 5.5 states: "Identifiers shall be distinct from macro 
>> names".
>>
>> Update ECLAIR configuration to deviate clashes: specify the macros that
>> should be ignored. Update deviations.rst and rules.rst accordingly.
>>
>> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
> 
> Reviewed-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> # ECLAIR
> 
>> ---
>> Changes in v4:
>> - fixed formatting (aligned length chars per line)
>> - set 'ignored_macros' as a regex expression
>> - set a deviation restriction on xen/common/grant_table.c
>> - s/ensures/to ensure/
>> - fixed grammar errors
>>
>> Link to v3:
>> https://eur01.safelinks.protection.outlook.com/? 
>> url=https%3A%2F%2Fpatchew.org%2FXen%2Fe681e0c083d945f48e6d0add1aee32af16be224e.1753911247.git.dmytro._5Fprokopchuk1%40epam.com%2F&data=05%7C02%7Cdmytro_prokopchuk1%40epam.com%7Ce9d60ddeef764dfa381208ddd0823178%7Cb41b72d04e9f4c268a69f949f367c91d%7C1%7C0%7C638895979778846477%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=n0QPvqr8O8gos%2BYMpZ%2BMOG0spC46A7T56Vpz44wutlw%3D&reserved=0
>>
>> Test CI pipeline:
>> https://eur01.safelinks.protection.outlook.com/? 
>> url=https%3A%2F%2Fgitlab.com%2Fxen- 
>> project%2Fpeople%2Fdimaprkp4k%2Fxen%2F- 
>> %2Fpipelines%2F1960066579&data=05%7C02%7Cdmytro_prokopchuk1%40epam.com%7Ce9d60ddeef764dfa381208ddd0823178%7Cb41b72d04e9f4c268a69f949f367c91d%7C1%7C0%7C638895979778869002%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=z8DtrlxxN8nyrMNRXXW8IktFaru4f3f8N99iirhnbw0%3D&reserved=0
>> ---
>>  .../eclair_analysis/ECLAIR/deviations.ecl     | 10 +++++++++
>>  docs/misra/deviations.rst                     | 22 +++++++++++++++++++
>>  docs/misra/rules.rst                          | 17 ++++++++++++++
>>  3 files changed, 49 insertions(+)
>>
>> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/ 
>> automation/eclair_analysis/ECLAIR/deviations.ecl
>> index 483507e7b9..ab3400fc89 100644
>> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
>> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
>> @@ -117,6 +117,16 @@ it defines would (in the common case) be already 
>> defined. Peer reviewed by the c
>>  -config=MC3A2.R5.5,reports+={deliberate, 
>> "any_area(decl(kind(function))||any_loc(macro(name(memcpy||memset|| 
>> memmove))))&&any_area(any_loc(file(^xen/common/libelf/libelf-private\ 
>> \.h$)))"}
>>  -doc_end
>>
>> +-doc_begin="Clashes between bitops functions and macro names are 
>> deliberate.
>> +These macros are needed for input validation and error handling."
>> +-config=MC3A2.R5.5,ignored_macros+="^(__)?(test|set|clear|change| 
>> test_and_(set|clear|change))_bit$"
>> +-doc_end
>> +
>> +-doc_begin="Clashes between grant table functions and macro names in 
>> 'xen/common/grant_table.c' are deliberate.
>> +These macros address differences in argument count during compile- 
>> time, effectively discarding unused parameters to avoid warnings or 
>> errors related to them."
>> +-config=MC3A2.R5.5,ignored_macros+="name(update_gnttab_par|| 
>> parse_gnttab_limit)&&loc(file(^xen/common/grant_table\\.c$))"
>> +-doc_end
>> +
>>  -doc_begin="The type \"ret_t\" is deliberately defined multiple times,
>>  depending on the guest."
>>
>> - 
>> config=MC3A2.R5.6,reports+={deliberate,"any_area(any_loc(text(^.*ret_t.*$)))"}
>> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
>> index e78179fcb8..4c64a8be62 100644
>> --- a/docs/misra/deviations.rst
>> +++ b/docs/misra/deviations.rst
>> @@ -142,6 +142,28 @@ Deviations related to MISRA C:2012 Rules:
>>         memmove.
>>       - Tagged as `deliberate` for ECLAIR.
>>
>> +   * - R5.5
>> +     - Clashes between bitops ('__test_and_set_bit', 
>> '__test_and_clear_bit',
>> +       '__test_and_change_bit', 'test_bit', 'set_bit', 'clear_bit', 
>> 'change_bit',
>> +       'test_and_set_bit', 'test_and_clear_bit', 'test_and_change_bit')
>> +       functions and macro names are intentional. These are necessary 
>> for error
>> +       handling and input validation to ensure that the size of the 
>> object being
>> +       referenced by the memory address (passed as an argument to the 
>> macro)
>> +       meets the minimum requirements for the bit operation. This 
>> prevents unsafe
>> +       operations on improperly sized data types that could lead to 
>> undefined
>> +       behavior or memory corruption. The macros encapsulate this 
>> conditional
>> +       logic into a single, reusable form, simplifying the code and 
>> avoiding
>> +       function call overhead. Also this bit operations API was 
>> inherited from
>> +       Linux and should be kept for familiarity.
>> +     - ECLAIR has been configured to ignore these macros.
>> +
>> +   * - R5.5
>> +     - Clashes between grant table ('update_gnttab_par', 
>> 'parse_gnttab_limit')
>> +       functions and macro names are intentional. These macros address
>> +       differences in argument count during compile-time, effectively 
>> discarding
>> +       unused 2nd and 3rd parameters to avoid warnings or errors 
>> related to them.
>> +     - ECLAIR has been configured to ignore these macros.
>> +
>>     * - R5.6
>>       - The type ret_t is deliberately defined multiple times 
>> depending on the
>>         type of guest to service.
>> diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
>> index 3e014a6298..cba15933fe 100644
>> --- a/docs/misra/rules.rst
>> +++ b/docs/misra/rules.rst
>> @@ -196,6 +196,23 @@ maintainers if you want to suggest a change.
>>             #define f(x, y) f(x, y)
>>             void f(int x, int y);
>>
>> +       Clashes between bitops functions and macro names are allowed
>> +       because they are used for input validation and error handling.
>> +       Example::
>> +
>> +           static inline void set_bit(int nr, volatile void *addr)
>> +           {
>> +               asm volatile ( "lock btsl %1,%0"
>> +                              : "+m" (ADDR) : "Ir" (nr) : "memory");
>> +           }
>> +           #define set_bit(nr, addr) ({                            \
>> +               if ( bitop_bad_size(addr) ) __bitop_bad_size();     \
>> +               set_bit(nr, addr);                                  \
>> +           })
>> +
>> +       Clashes between grant table functions and macro names are allowed
>> +       because they are used for discarding unused parameters.
>> +
>>     * - `Rule 5.6 <https://eur01.safelinks.protection.outlook.com/? 
>> url=https%3A%2F%2Fgitlab.com%2FMISRA%2FMISRA-C%2FMISRA- 
>> C-2012%2FExample-Suite%2F- 
>> %2Fblob%2Fmaster%2FR_05_06.c&data=05%7C02%7Cdmytro_prokopchuk1%40epam.com%7Ce9d60ddeef764dfa381208ddd0823178%7Cb41b72d04e9f4c268a69f949f367c91d%7C1%7C0%7C638895979778883822%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=crVYwr4A0vyXcUXfQ2%2FJ5EObWfr0XGLgaQ0%2FLH9pMnM%3D&reserved=0>`_
>>       - Required
>>       - A typedef name shall be a unique identifier
> 

Hello Jan, Nicola.

Do you have any comments regarding this patch?
Does it require updates/fixes?

Dmytro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.