1. Patchew
  2. Xen
  3. View series

[XEN PATCH v4] misra: address violation of MISRA C Rule 10.1

Dmytro Prokopchuk1 posted 1 patch 3 months, 2 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/5da6c3af9bf59e6116fc57f48ec7612883771f0b.1752514332.git.dmytro._5Fprokopchuk1@epam.com
There is a newer version of this series
docs/misra/safe.json                  | 8 ++++++++
xen/common/time.c                     | 3 ++-
xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
3 files changed, 11 insertions(+), 2 deletions(-)
[XEN PATCH v4] misra: address violation of MISRA C Rule 10.1
Posted by Dmytro Prokopchuk1 3 months, 2 weeks ago 
Rule 10.1: Operands shall not be of an
inappropriate essential type

The following are non-compliant:
- boolean used as a numeric value.

The result of the '__isleap' macro is a boolean.
Suppress analyser tool finding.

The result of 'NOW() > timeout' is a boolean,
which is compared to a numeric value. Fix this.
Regression was introdiced by commit:
be7f047e08 (xen/arm: smmuv3: Replace linux functions with xen functions.)

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
---
Changes since v3:
- added a SAF comment instead of using ternary operator
- removed pointless cast
- updated commit message

CI: https://saas.eclairit.com:3787/fs/var/local/eclair/xen-project.ecdf/xen-project/people/dimaprkp4k/xen/ECLAIR_normal/deviate_10.1_rule/ARM64/10678198209/PROJECT.ecd;/by_service.html#service&kind
---
 docs/misra/safe.json                  | 8 ++++++++
 xen/common/time.c                     | 3 ++-
 xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index e3489dba8e..964f8344ce 100644
--- a/docs/misra/safe.json
+++ b/docs/misra/safe.json
@@ -116,6 +116,14 @@
         },
         {
             "id": "SAF-14-safe",
+            "analyser": {
+                "eclair": "MC3A2.R10.1"
+            },
+            "name": "Rule 10.1: use boolean as an array index",
+            "text": "Using a boolean type as an array index is safe because the array size equals exactly two."
+        },
+        {
+            "id": "SAF-15-safe",
             "analyser": {},
             "name": "Sentinel",
             "text": "Next ID to be used"
diff --git a/xen/common/time.c b/xen/common/time.c
index 92f7b72464..c873b5731b 100644
--- a/xen/common/time.c
+++ b/xen/common/time.c
@@ -84,7 +84,8 @@ struct tm gmtime(unsigned long t)
     }
     tbuf.tm_year = y - 1900;
     tbuf.tm_yday = days;
-    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
+    /* SAF-14-safe use boolean as an array index */
+    ip = __mon_lengths[__isleap(y)];
     for ( y = 0; days >= ip[y]; ++y )
         days -= ip[y];
     tbuf.tm_mon = y;
diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c
index df16235057..4058b18f2c 100644
--- a/xen/drivers/passthrough/arm/smmu-v3.c
+++ b/xen/drivers/passthrough/arm/smmu-v3.c
@@ -315,7 +315,7 @@ static int queue_poll_cons(struct arm_smmu_queue *q, bool sync, bool wfe)
 
 	while (queue_sync_cons_in(q),
 	      (sync ? !queue_empty(&q->llq) : queue_full(&q->llq))) {
-		if ((NOW() > timeout) > 0)
+		if (NOW() > timeout)
 			return -ETIMEDOUT;
 
 		if (wfe) {
-- 
2.43.0
Re: [XEN PATCH v4] misra: address violation of MISRA C Rule 10.1
Posted by Jan Beulich 3 months, 2 weeks ago 
On 14.07.2025 19:53, Dmytro Prokopchuk1 wrote:
> Rule 10.1: Operands shall not be of an
> inappropriate essential type
> 
> The following are non-compliant:
> - boolean used as a numeric value.
> 
> The result of the '__isleap' macro is a boolean.
> Suppress analyser tool finding.
> 
> The result of 'NOW() > timeout' is a boolean,
> which is compared to a numeric value. Fix this.
> Regression was introdiced by commit:
> be7f047e08 (xen/arm: smmuv3: Replace linux functions with xen functions.)
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
> ---
> Changes since v3:
> - added a SAF comment instead of using ternary operator
> - removed pointless cast
> - updated commit message
> 
> CI: https://saas.eclairit.com:3787/fs/var/local/eclair/xen-project.ecdf/xen-project/people/dimaprkp4k/xen/ECLAIR_normal/deviate_10.1_rule/ARM64/10678198209/PROJECT.ecd;/by_service.html#service&kind
> ---
>  docs/misra/safe.json                  | 8 ++++++++
>  xen/common/time.c                     | 3 ++-
>  xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
>  3 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/docs/misra/safe.json b/docs/misra/safe.json
> index e3489dba8e..964f8344ce 100644
> --- a/docs/misra/safe.json
> +++ b/docs/misra/safe.json
> @@ -116,6 +116,14 @@
>          },
>          {
>              "id": "SAF-14-safe",
> +            "analyser": {
> +                "eclair": "MC3A2.R10.1"
> +            },
> +            "name": "Rule 10.1: use boolean as an array index",
> +            "text": "Using a boolean type as an array index is safe because the array size equals exactly two."

Isn't this too strict? Use of a boolean would be fine as well for larger
arrays. In fact, we allow integers (without compile-time known bounds) to
be used as array indexes, too. Hence I see no reason to mention array
dimension here at all.

> --- a/xen/common/time.c
> +++ b/xen/common/time.c
> @@ -84,7 +84,8 @@ struct tm gmtime(unsigned long t)
>      }
>      tbuf.tm_year = y - 1900;
>      tbuf.tm_yday = days;
> -    ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
> +    /* SAF-14-safe use boolean as an array index */
> +    ip = __mon_lengths[__isleap(y)];

Thanks for dropping the cast, yet you doing so also needs to be mentioned
in the description (making clear this is deliberate, and why).

Jan

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.