.../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++ docs/misra/deviations.rst | 28 +++++++++++++++++++ 2 files changed, 56 insertions(+)
MISRA C:2012 Rule 16.3 states that an unconditional break statement
shall terminate every switch-clause.
Update ECLAIR configuration to take into account:
- continue, goto, return statements;
- functions that do not give the control back;
- fallthrough pseudo-keyword;
- macro BUG();
- comments.
Update docs/misra/deviations.rst accordingly.
Signed-off-by: Federico Serafini <federico.serafini@bugseng.com>
---
.../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++
docs/misra/deviations.rst | 28 +++++++++++++++++++
2 files changed, 56 insertions(+)
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 683f2bbfe8..e27d840fe4 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -327,6 +327,34 @@ therefore have the same behavior of a boolean"
-config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
-doc_end
+#
+# Series 16.
+#
+
+-doc_begin="Switch clauses ending with continue, goto, return statements are
+safe."
+-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
+-doc_end
+
+-doc_begin="Switch clauses ending with a call to a function that does not give
+the control back are safe."
+-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
+-doc_end
+
+-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
+safe."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
+-doc_end
+
+-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
+-doc_end
+
+-doc_begin="Switch clauses not ending with the break statement are safe if an
+explicit comment indicating the fallthrough intention is present."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
+-doc_end
+
#
# Series 20.
#
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index eda3c8100c..d593be81b9 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules:
therefore have the same behavior of a boolean.
- Project-wide deviation; tagged as `deliberate` for ECLAIR.
+ * - R16.3
+ - Switch clauses ending with continue, goto, return statements are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Switch clauses ending with a call to a function that does not give
+ the control back are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Switch clauses ending with failure method \"BUG()\" are safe.
+ - Tagged as `safe` for ECLAIR.
+
+ * - R16.3
+ - Existing switch clauses not ending with the break statement are safe if
+ an explicit comment indicating the fallthrough intention is present.
+ However, the use of such comments in new code is deprecated:
+ pseudo-keyword "fallthrough" shall be used.
+ - Tagged as `safe` for ECLAIR. The accepted comments are:
+ - /\* fall through \*/
+ - /\* fall through. \*/
+ - /\* fallthrough \*/
+ - /\* fallthrough. \*/
+ - /\* Fall through \*/
+ - /\* Fall through. \*/
+ - /\* Fallthrough \*/
+ - /\* Fallthrough. \*/
+
* - R20.7
- Code violating Rule 20.7 is safe when macro parameters are used:
(1) as function arguments;
--
2.34.1
On 15.12.2023 10:26, Federico Serafini wrote: > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" > -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} > -doc_end > > +# > +# Series 16. > +# > + > +-doc_begin="Switch clauses ending with continue, goto, return statements are > +safe." > +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} > +-doc_end > + > +-doc_begin="Switch clauses ending with a call to a function that does not give > +the control back are safe." > +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are > +safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} > +-doc_end > + > +-doc_begin="Switch clauses not ending with the break statement are safe if an > +explicit comment indicating the fallthrough intention is present." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} > +-doc_end > + > # > # Series 20. > # > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: > therefore have the same behavior of a boolean. > - Project-wide deviation; tagged as `deliberate` for ECLAIR. > > + * - R16.3 > + - Switch clauses ending with continue, goto, return statements are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with a call to a function that does not give > + the control back are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with failure method \"BUG()\" are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Existing switch clauses not ending with the break statement are safe if > + an explicit comment indicating the fallthrough intention is present. > + However, the use of such comments in new code is deprecated: > + pseudo-keyword "fallthrough" shall be used. > + - Tagged as `safe` for ECLAIR. The accepted comments are: > + - /\* fall through \*/ > + - /\* fall through. \*/ > + - /\* fallthrough \*/ > + - /\* fallthrough. \*/ > + - /\* Fall through \*/ > + - /\* Fall through. \*/ > + - /\* Fallthrough \*/ > + - /\* Fallthrough. \*/ I was puzzled by there being 4 bullet points here, but 5 additions to the other file. I don't think the wording here is sufficiently unambiguous towards the use of the pseudo-keyword. If that's to remain a single bullet point, imo the pseudo-keyword needs mentioning first, and only the talk should be about comments as an alternative. Jan
On 18/12/23 08:42, Jan Beulich wrote: > On 15.12.2023 10:26, Federico Serafini wrote: >> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl >> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl >> @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" >> -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} >> -doc_end >> >> +# >> +# Series 16. >> +# >> + >> +-doc_begin="Switch clauses ending with continue, goto, return statements are >> +safe." >> +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} >> +-doc_end >> + >> +-doc_begin="Switch clauses ending with a call to a function that does not give >> +the control back are safe." >> +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} >> +-doc_end >> + >> +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are >> +safe." >> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} >> +-doc_end >> + >> +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." >> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} >> +-doc_end >> + >> +-doc_begin="Switch clauses not ending with the break statement are safe if an >> +explicit comment indicating the fallthrough intention is present." >> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} >> +-doc_end >> + >> # >> # Series 20. >> # >> --- a/docs/misra/deviations.rst >> +++ b/docs/misra/deviations.rst >> @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: >> therefore have the same behavior of a boolean. >> - Project-wide deviation; tagged as `deliberate` for ECLAIR. >> >> + * - R16.3 >> + - Switch clauses ending with continue, goto, return statements are safe. >> + - Tagged as `safe` for ECLAIR. >> + >> + * - R16.3 >> + - Switch clauses ending with a call to a function that does not give >> + the control back are safe. >> + - Tagged as `safe` for ECLAIR. >> + >> + * - R16.3 >> + - Switch clauses ending with failure method \"BUG()\" are safe. >> + - Tagged as `safe` for ECLAIR. >> + >> + * - R16.3 >> + - Existing switch clauses not ending with the break statement are safe if >> + an explicit comment indicating the fallthrough intention is present. >> + However, the use of such comments in new code is deprecated: >> + pseudo-keyword "fallthrough" shall be used. >> + - Tagged as `safe` for ECLAIR. The accepted comments are: >> + - /\* fall through \*/ >> + - /\* fall through. \*/ >> + - /\* fallthrough \*/ >> + - /\* fallthrough. \*/ >> + - /\* Fall through \*/ >> + - /\* Fall through. \*/ >> + - /\* Fallthrough \*/ >> + - /\* Fallthrough. \*/ > > I was puzzled by there being 4 bullet points here, but 5 additions to the > other file. I don't think the wording here is sufficiently unambiguous towards > the use of the pseudo-keyword. If that's to remain a single bullet point, imo > the pseudo-keyword needs mentioning first, and only the talk should be about > comments as an alternative. I'll send a v3 to include Stefano's observations and an explicit bullet point for pseudo-keyword fallthrough. -- Federico Serafini, M.Sc. Software Engineer, BUGSENG (http://bugseng.com)
On Fri, 15 Dec 2023, Federico Serafini wrote: > MISRA C:2012 Rule 16.3 states that an unconditional break statement > shall terminate every switch-clause. > > Update ECLAIR configuration to take into account: > - continue, goto, return statements; > - functions that do not give the control back; > - fallthrough pseudo-keyword; > - macro BUG(); > - comments. > > Update docs/misra/deviations.rst accordingly. > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> This is much sharper and better than before, thanks Federico! > --- > .../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++ > docs/misra/deviations.rst | 28 +++++++++++++++++++ > 2 files changed, 56 insertions(+) > > diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl > index 683f2bbfe8..e27d840fe4 100644 > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" > -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} > -doc_end > > +# > +# Series 16. > +# > + > +-doc_begin="Switch clauses ending with continue, goto, return statements are > +safe." > +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} > +-doc_end > + > +-doc_begin="Switch clauses ending with a call to a function that does not give > +the control back are safe." > +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are > +safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} > +-doc_end > + > +-doc_begin="Switch clauses not ending with the break statement are safe if an > +explicit comment indicating the fallthrough intention is present." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} > +-doc_end > + > # > # Series 20. > # > diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst > index eda3c8100c..d593be81b9 100644 > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: > therefore have the same behavior of a boolean. > - Project-wide deviation; tagged as `deliberate` for ECLAIR. > > + * - R16.3 > + - Switch clauses ending with continue, goto, return statements are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with a call to a function that does not give > + the control back are safe. NIT: it might be good to add: (noreturn) to the statement for clarity but it is good enough already > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with failure method \"BUG()\" are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Existing switch clauses not ending with the break statement are safe if > + an explicit comment indicating the fallthrough intention is present. > + However, the use of such comments in new code is deprecated: > + pseudo-keyword "fallthrough" shall be used. ^NIT: the pseudo-keyword both changes could be done on commit Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > + - Tagged as `safe` for ECLAIR. The accepted comments are: > + - /\* fall through \*/ > + - /\* fall through. \*/ > + - /\* fallthrough \*/ > + - /\* fallthrough. \*/ > + - /\* Fall through \*/ > + - /\* Fall through. \*/ > + - /\* Fallthrough \*/ > + - /\* Fallthrough. \*/ > + > * - R20.7 > - Code violating Rule 20.7 is safe when macro parameters are used: > (1) as function arguments; > -- > 2.34.1 >
On 15/12/23 10:26, Federico Serafini wrote: > MISRA C:2012 Rule 16.3 states that an unconditional break statement > shall terminate every switch-clause. > > Update ECLAIR configuration to take into account: > - continue, goto, return statements; > - functions that do not give the control back; > - fallthrough pseudo-keyword; > - macro BUG(); > - comments. > > Update docs/misra/deviations.rst accordingly. > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> > --- > .../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++ > docs/misra/deviations.rst | 28 +++++++++++++++++++ > 2 files changed, 56 insertions(+) > > diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl > index 683f2bbfe8..e27d840fe4 100644 > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" > -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} > -doc_end > > +# > +# Series 16. > +# > + > +-doc_begin="Switch clauses ending with continue, goto, return statements are > +safe." > +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} > +-doc_end > + > +-doc_begin="Switch clauses ending with a call to a function that does not give > +the control back are safe." > +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are > +safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} > +-doc_end > + > +-doc_begin="Switch clauses not ending with the break statement are safe if an > +explicit comment indicating the fallthrough intention is present." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} > +-doc_end > + > # > # Series 20. > # > diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst > index eda3c8100c..d593be81b9 100644 > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: > therefore have the same behavior of a boolean. > - Project-wide deviation; tagged as `deliberate` for ECLAIR. > > + * - R16.3 > + - Switch clauses ending with continue, goto, return statements are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with a call to a function that does not give > + the control back are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with failure method \"BUG()\" are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Existing switch clauses not ending with the break statement are safe if > + an explicit comment indicating the fallthrough intention is present. > + However, the use of such comments in new code is deprecated: > + pseudo-keyword "fallthrough" shall be used. > + - Tagged as `safe` for ECLAIR. The accepted comments are: > + - /\* fall through \*/ > + - /\* fall through. \*/ > + - /\* fallthrough \*/ > + - /\* fallthrough. \*/ > + - /\* Fall through \*/ > + - /\* Fall through. \*/ > + - /\* Fallthrough \*/ > + - /\* Fallthrough. \*/ > + > * - R20.7 > - Code violating Rule 20.7 is safe when macro parameters are used: > (1) as function arguments; I forgot to mention that this is a V2. The older version and the discussion can be found at: https://lists.xenproject.org/archives/html/xen-devel/2023-12/msg00957.html -- Federico Serafini, M.Sc. Software Engineer, BUGSENG (http://bugseng.com)
© 2016 - 2024 Red Hat, Inc.