From nobody Fri Nov 22 08:23:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1718357036829893.9952531488917; Fri, 14 Jun 2024 02:23:56 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.740542.1147625 (Exim 4.92) (envelope-from ) id 1sI39o-0004Q8-GF; Fri, 14 Jun 2024 09:23:40 +0000 Received: by outflank-mailman (output) from mailman id 740542.1147625; Fri, 14 Jun 2024 09:23:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sI39o-0004Q1-BP; Fri, 14 Jun 2024 09:23:40 +0000 Received: by outflank-mailman (input) for mailman id 740542; Fri, 14 Jun 2024 09:23:38 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1sI39m-0004Pv-Ld for xen-devel@lists.xenproject.org; Fri, 14 Jun 2024 09:23:38 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c7a06279-2a2f-11ef-90a3-e314d9c70b13; Fri, 14 Jun 2024 11:23:37 +0200 (CEST) Received: from truciolo.homenet.telecomitalia.it (host-82-58-35-96.retail.telecomitalia.it [82.58.35.96]) by support.bugseng.com (Postfix) with ESMTPSA id 941834EE0756; Fri, 14 Jun 2024 11:23:36 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c7a06279-2a2f-11ef-90a3-e314d9c70b13 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Simone Ballarin , Doug Goldstein , Stefano Stabellini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall Subject: [XEN PATCH v3] automation/eclair: extend existing deviations of MISRA C Rule 16.3 Date: Fri, 14 Jun 2024 11:23:26 +0200 Message-Id: <71a69d25e7889ed6e8546b5cd18d423006d69ceb.1718356683.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1718357038120100001 Content-Type: text/plain; charset="utf-8" Update ECLAIR configuration to deviate more cases where an unintentional fallthrough cannot happen. Add Rule 16.3 to the monitored set and tag it as clean for arm. Signed-off-by: Federico Serafini Acked-by: Stefano Stabellini --- Changes from v2: - fixed grammar; - reprhased deviations regarding do-while-false and ASSERT_UNREACHABLE(). --- .../eclair_analysis/ECLAIR/deviations.ecl | 31 ++++++++++++++----- .../eclair_analysis/ECLAIR/monitored.ecl | 1 + automation/eclair_analysis/ECLAIR/tagging.ecl | 2 +- docs/misra/deviations.rst | 28 +++++++++++++++-- 4 files changed, 50 insertions(+), 12 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/= eclair_analysis/ECLAIR/deviations.ecl index 447c1e6661..3bdfc3a84d 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -364,14 +364,30 @@ therefore it is deemed better to leave such files as = is." -config=3DMC3R1.R16.2,reports+=3D{deliberate, "any_area(any_loc(file(x86_e= mulate||x86_svm_emulate)))"} -doc_end =20 --doc_begin=3D"Switch clauses ending with continue, goto, return statements= are -safe." --config=3DMC3R1.R16.3,terminals+=3D{safe, "node(continue_stmt||goto_stmt||= return_stmt)"} +-doc_begin=3D"Statements that change the control flow (i.e., break, contin= ue, goto, return) and calls to functions that do not return the control bac= k are \"allowed terminal statements\"." +-stmt_selector+=3D{r16_3_allowed_terminal, "node(break_stmt||continue_stmt= ||goto_stmt||return_stmt)||call(property(noreturn))"} +-config=3DMC3R1.R16.3,terminals+=3D{safe, "r16_3_allowed_terminal"} +-doc_end + +-doc_begin=3D"An if-else statement having both branches ending with an all= owed terminal statement is itself an allowed terminal statement." +-stmt_selector+=3D{r16_3_if, "node(if_stmt)&&(child(then,r16_3_allowed_ter= minal)||child(then,any_stmt(stmt,-1,r16_3_allowed_terminal)))"} +-stmt_selector+=3D{r16_3_else, "node(if_stmt)&&(child(else,r16_3_allowed_t= erminal)||child(else,any_stmt(stmt,-1,r16_3_allowed_terminal)))"} +-stmt_selector+=3D{r16_3_if_else, "r16_3_if&&r16_3_else"} +-config=3DMC3R1.R16.3,terminals+=3D{safe, "r16_3_if_else"} +-doc_end + +-doc_begin=3D"An if-else statement having an always true condition and the= true branch ending with an allowed terminal statement is itself an allowed= terminal statement." +-stmt_selector+=3D{r16_3_if_true, "r16_3_if&&child(cond,definitely_in(1..)= )"} +-config=3DMC3R1.R16.3,terminals+=3D{safe, "r16_3_if_true"} +-doc_end + +-doc_begin=3D"A switch clause ending with a statement expression which, in= turn, ends with an allowed terminal statement is safe." +-config=3DMC3R1.R16.3,terminals+=3D{safe, "node(stmt_expr)&&child(stmt,nod= e(compound_stmt)&&any_stmt(stmt,-1,r16_3_allowed_terminal||r16_3_if_else||r= 16_3_if_true))"} -doc_end =20 --doc_begin=3D"Switch clauses ending with a call to a function that does no= t give -the control back (i.e., a function with attribute noreturn) are safe." --config=3DMC3R1.R16.3,terminals+=3D{safe, "call(property(noreturn))"} +-doc_begin=3D"A switch clause ending with a do-while-false the body of whi= ch, in turn, ends with an allowed terminal statement is safe. +An exception to that is the macro ASSERT_UNREACHABLE() which is effective = in debug build only: a switch clause ending with ASSERT_UNREACHABLE() is no= t considered safe." +-config=3DMC3R1.R16.3,terminals+=3D{safe, "!macro(name(ASSERT_UNREACHABLE)= )&&node(do_stmt)&&child(cond,definitely_in(0))&&child(body,any_stmt(stmt,-1= ,r16_3_allowed_terminal||r16_3_if_else||r16_3_if_true))"} -doc_end =20 -doc_begin=3D"Switch clauses ending with pseudo-keyword \"fallthrough\" are @@ -383,8 +399,7 @@ safe." -config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(/BU= G\\(\\);/))))"} -doc_end =20 --doc_begin=3D"Switch clauses not ending with the break statement are safe = if an -explicit comment indicating the fallthrough intention is present." +-doc_begin=3D"Switch clauses ending with an explicit comment indicating th= e fallthrough intention are safe." -config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(^(?= s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} -doc_end =20 diff --git a/automation/eclair_analysis/ECLAIR/monitored.ecl b/automation/e= clair_analysis/ECLAIR/monitored.ecl index 4daecb0c83..45a60074f9 100644 --- a/automation/eclair_analysis/ECLAIR/monitored.ecl +++ b/automation/eclair_analysis/ECLAIR/monitored.ecl @@ -22,6 +22,7 @@ -enable=3DMC3R1.R14.1 -enable=3DMC3R1.R14.4 -enable=3DMC3R1.R16.2 +-enable=3DMC3R1.R16.3 -enable=3DMC3R1.R16.6 -enable=3DMC3R1.R16.7 -enable=3DMC3R1.R17.1 diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/automation/ecl= air_analysis/ECLAIR/tagging.ecl index a354ff322e..07de2e7b65 100644 --- a/automation/eclair_analysis/ECLAIR/tagging.ecl +++ b/automation/eclair_analysis/ECLAIR/tagging.ecl @@ -105,7 +105,7 @@ if(string_equal(target,"x86_64"), ) =20 if(string_equal(target,"arm64"), - service_selector({"additional_clean_guidelines","MC3R1.R14.4||MC3R1.R1= 6.6||MC3R1.R20.12||MC3R1.R2.1||MC3R1.R5.3||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R8= .6||MC3R1.R9.3"}) + service_selector({"additional_clean_guidelines","MC3R1.R14.4||MC3R1.R1= 6.3||MC3R1.R16.6||MC3R1.R20.12||MC3R1.R2.1||MC3R1.R5.3||MC3R1.R7.2||MC3R1.R= 7.3||MC3R1.R8.6||MC3R1.R9.3"}) ) =20 -reports+=3D{clean:added,"service(clean_guidelines_common||additional_clea= n_guidelines)"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 36959aa44a..41cdfbe5f5 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -309,12 +309,34 @@ Deviations related to MISRA C:2012 Rules: - Tagged as `deliberate` for ECLAIR. =20 * - R16.3 - - Switch clauses ending with continue, goto, return statements are sa= fe. + - Statements that change the control flow (i.e., break, continue, got= o, + return) and calls to functions that do not return the control back = are + \"allowed terminal statements\". - Tagged as `safe` for ECLAIR. =20 * - R16.3 - - Switch clauses ending with a call to a function that does not give - the control back (i.e., a function with attribute noreturn) are saf= e. + - An if-else statement having both branches ending with one of the al= lowed + terminal statemets is itself an allowed terminal statement. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - An if-else statement having an always true condition and the true + branch ending with an allowed terminal statement is itself an allow= ed + terminal statement. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - A switch clause ending with a statement expression which, in turn, = ends + with an allowed terminal statement (e.g., the expansion of + generate_exception()) is safe. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - A switch clause ending with a do-while-false the body of which, in = turn, + ends with an allowed terminal statement (e.g., PARSE_ERR_RET()) is = safe. + An exception to that is the macro ASSERT_UNREACHABLE() which is + effective in debug build only: a switch clause ending with + ASSERT_UNREACHABLE() is not considered safe. - Tagged as `safe` for ECLAIR. =20 * - R16.3 --=20 2.34.1