[PATCH v2] docs/misra: add R21.6 R21.9 R21.10 R21.14 R21.15 R21.16

Stefano Stabellini posted 1 patch 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/alpine.DEB.2.22.394.2404251629570.3940@ubuntu-linux-20-04-desktop
There is a newer version of this series
docs/misra/rules.rst | 60 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 60 insertions(+)
[PATCH v2] docs/misra: add R21.6 R21.9 R21.10 R21.14 R21.15 R21.16
Posted by Stefano Stabellini 7 months ago
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
---
Changes in v2:
- remove trailing whitespaces
- add rules 21.9 and 21.10
- remove deviations.rst deviations (to be done separately if required)
- add a note explaning that Xen has no standard library
---
 docs/misra/rules.rst | 60 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
index b7b447e152..661879a3de 100644
--- a/docs/misra/rules.rst
+++ b/docs/misra/rules.rst
@@ -652,12 +652,72 @@ maintainers if you want to suggest a change.
        declared
      - See comment for Rule 21.1
 
+   * - `Rule 21.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_06.c>`_
+     - Required
+     - The Standard Library input/output routines shall not be used
+     - Xen doesn't provide, use, or link against any Standard Library.
+       Xen implements itself a few functions with names that match the
+       corresponding function names of the Standard Library for
+       developers' convenience. These functions are part of the Xen code
+       and subject to analysis.
+
+   * - `Rule 21.9 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_09.c>`_
+     - Required
+     - The library functions bsearch and qsort of <stdlib.h> shall not be used
+     - Xen doesn't provide, use, or link against any Standard Library.
+       Xen implements itself a few functions with names that match the
+       corresponding function names of the Standard Library for
+       developers' convenience. These functions are part of the Xen code
+       and subject to analysis.
+
+   * - `Rule 21.10 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_10.c>`_
+     - Required
+     - The Standard Library time and date routines shall not be used
+     - Xen doesn't provide, use, or link against any Standard Library.
+       Xen implements itself a few functions with names that match the
+       corresponding function names of the Standard Library for
+       developers' convenience. These functions are part of the Xen code
+       and subject to analysis.
+
    * - `Rule 21.13 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_13.c>`_
      - Mandatory
      - Any value passed to a function in <ctype.h> shall be representable as an
        unsigned char or be the value EOF
      -
 
+   * - `Rule 21.14 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_14.c>`_
+     - Required
+     - The Standard Library function memcmp shall not be used to compare
+       null terminated strings
+     - Xen doesn't provide, use, or link against any Standard Library.
+       Xen implements itself a few functions with names that match the
+       corresponding function names of the Standard Library for
+       developers' convenience. These functions are part of the Xen code
+       and subject to analysis.
+
+   * - `Rule 21.15 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_15.c>`_
+     - Required
+     - The pointer arguments to the Standard Library functions memcpy,
+       memmove and memcmp shall be pointers to qualified or unqualified
+       versions of compatible types
+     - Xen doesn't provide, use, or link against any Standard Library.
+       Xen implements itself a few functions with names that match the
+       corresponding function names of the Standard Library for
+       developers' convenience. These functions are part of the Xen code
+       and subject to analysis.
+
+   * - `Rule 21.16 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_16.c>`_
+     - Required
+     - The pointer arguments to the Standard Library function memcmp
+       shall point to either a pointer type, an essentially signed type,
+       an essentially unsigned type, an essentially Boolean type or an
+       essentially enum type
+     - void* arguments are allowed. Xen doesn't provide, use, or link
+       against any Standard Library.  Xen implements itself a few
+       functions with names that match the corresponding function names
+       of the Standard Library for developers' convenience. These
+       functions are part of the Xen code and subject to analysis.
+
    * - `Rule 21.17 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_17.c>`_
      - Mandatory
      - Use of the string handling functions from <string.h> shall not result in
-- 
2.25.1
Re: [PATCH v2] docs/misra: add R21.6 R21.9 R21.10 R21.14 R21.15 R21.16
Posted by Jan Beulich 7 months ago
On 26.04.2024 01:31, Stefano Stabellini wrote:
> --- a/docs/misra/rules.rst
> +++ b/docs/misra/rules.rst
> @@ -652,12 +652,72 @@ maintainers if you want to suggest a change.
>         declared
>       - See comment for Rule 21.1
>  
> +   * - `Rule 21.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_06.c>`_
> +     - Required
> +     - The Standard Library input/output routines shall not be used
> +     - Xen doesn't provide, use, or link against any Standard Library.
> +       Xen implements itself a few functions with names that match the
> +       corresponding function names of the Standard Library for
> +       developers' convenience. These functions are part of the Xen code
> +       and subject to analysis.
> +
> +   * - `Rule 21.9 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_09.c>`_
> +     - Required
> +     - The library functions bsearch and qsort of <stdlib.h> shall not be used
> +     - Xen doesn't provide, use, or link against any Standard Library.
> +       Xen implements itself a few functions with names that match the
> +       corresponding function names of the Standard Library for
> +       developers' convenience. These functions are part of the Xen code
> +       and subject to analysis.
> +
> +   * - `Rule 21.10 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_10.c>`_
> +     - Required
> +     - The Standard Library time and date routines shall not be used
> +     - Xen doesn't provide, use, or link against any Standard Library.
> +       Xen implements itself a few functions with names that match the
> +       corresponding function names of the Standard Library for
> +       developers' convenience. These functions are part of the Xen code
> +       and subject to analysis.
> +
>     * - `Rule 21.13 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_13.c>`_
>       - Mandatory
>       - Any value passed to a function in <ctype.h> shall be representable as an
>         unsigned char or be the value EOF
>       -

Up to here, did you consider adding a short reference to some common blob
(footnote or alike), rather than repeating the same text verbatim several
times?

> +   * - `Rule 21.14 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_14.c>`_
> +     - Required
> +     - The Standard Library function memcmp shall not be used to compare
> +       null terminated strings
> +     - Xen doesn't provide, use, or link against any Standard Library.
> +       Xen implements itself a few functions with names that match the
> +       corresponding function names of the Standard Library for
> +       developers' convenience. These functions are part of the Xen code
> +       and subject to analysis.
> +
> +   * - `Rule 21.15 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_15.c>`_
> +     - Required
> +     - The pointer arguments to the Standard Library functions memcpy,
> +       memmove and memcmp shall be pointers to qualified or unqualified
> +       versions of compatible types
> +     - Xen doesn't provide, use, or link against any Standard Library.
> +       Xen implements itself a few functions with names that match the
> +       corresponding function names of the Standard Library for
> +       developers' convenience. These functions are part of the Xen code
> +       and subject to analysis.
> +
> +   * - `Rule 21.16 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_16.c>`_
> +     - Required
> +     - The pointer arguments to the Standard Library function memcmp
> +       shall point to either a pointer type, an essentially signed type,
> +       an essentially unsigned type, an essentially Boolean type or an
> +       essentially enum type
> +     - void* arguments are allowed. Xen doesn't provide, use, or link
> +       against any Standard Library.  Xen implements itself a few
> +       functions with names that match the corresponding function names
> +       of the Standard Library for developers' convenience. These
> +       functions are part of the Xen code and subject to analysis.

For all three of these I'm not convinced the remark is appropriate. These
talk about specific properties of the functions, which aren't related to
risks associated with particular (and hence potentially varying) library
implementations.

Jan
Re: [PATCH v2] docs/misra: add R21.6 R21.9 R21.10 R21.14 R21.15 R21.16
Posted by Stefano Stabellini 6 months, 4 weeks ago
On Fri, 26 Apr 2024, Jan Beulich wrote:
> On 26.04.2024 01:31, Stefano Stabellini wrote:
> > --- a/docs/misra/rules.rst
> > +++ b/docs/misra/rules.rst
> > @@ -652,12 +652,72 @@ maintainers if you want to suggest a change.
> >         declared
> >       - See comment for Rule 21.1
> >  
> > +   * - `Rule 21.6 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_06.c>`_
> > +     - Required
> > +     - The Standard Library input/output routines shall not be used
> > +     - Xen doesn't provide, use, or link against any Standard Library.
> > +       Xen implements itself a few functions with names that match the
> > +       corresponding function names of the Standard Library for
> > +       developers' convenience. These functions are part of the Xen code
> > +       and subject to analysis.
> > +
> > +   * - `Rule 21.9 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_09.c>`_
> > +     - Required
> > +     - The library functions bsearch and qsort of <stdlib.h> shall not be used
> > +     - Xen doesn't provide, use, or link against any Standard Library.
> > +       Xen implements itself a few functions with names that match the
> > +       corresponding function names of the Standard Library for
> > +       developers' convenience. These functions are part of the Xen code
> > +       and subject to analysis.
> > +
> > +   * - `Rule 21.10 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_10.c>`_
> > +     - Required
> > +     - The Standard Library time and date routines shall not be used
> > +     - Xen doesn't provide, use, or link against any Standard Library.
> > +       Xen implements itself a few functions with names that match the
> > +       corresponding function names of the Standard Library for
> > +       developers' convenience. These functions are part of the Xen code
> > +       and subject to analysis.
> > +
> >     * - `Rule 21.13 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_13.c>`_
> >       - Mandatory
> >       - Any value passed to a function in <ctype.h> shall be representable as an
> >         unsigned char or be the value EOF
> >       -
> 
> Up to here, did you consider adding a short reference to some common blob
> (footnote or alike), rather than repeating the same text verbatim several
> times?

I can look into it


> > +   * - `Rule 21.14 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_14.c>`_
> > +     - Required
> > +     - The Standard Library function memcmp shall not be used to compare
> > +       null terminated strings
> > +     - Xen doesn't provide, use, or link against any Standard Library.
> > +       Xen implements itself a few functions with names that match the
> > +       corresponding function names of the Standard Library for
> > +       developers' convenience. These functions are part of the Xen code
> > +       and subject to analysis.
> > +
> > +   * - `Rule 21.15 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_15.c>`_
> > +     - Required
> > +     - The pointer arguments to the Standard Library functions memcpy,
> > +       memmove and memcmp shall be pointers to qualified or unqualified
> > +       versions of compatible types
> > +     - Xen doesn't provide, use, or link against any Standard Library.
> > +       Xen implements itself a few functions with names that match the
> > +       corresponding function names of the Standard Library for
> > +       developers' convenience. These functions are part of the Xen code
> > +       and subject to analysis.
> > +
> > +   * - `Rule 21.16 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_21_16.c>`_
> > +     - Required
> > +     - The pointer arguments to the Standard Library function memcmp
> > +       shall point to either a pointer type, an essentially signed type,
> > +       an essentially unsigned type, an essentially Boolean type or an
> > +       essentially enum type
> > +     - void* arguments are allowed. Xen doesn't provide, use, or link
> > +       against any Standard Library.  Xen implements itself a few
> > +       functions with names that match the corresponding function names
> > +       of the Standard Library for developers' convenience. These
> > +       functions are part of the Xen code and subject to analysis.
> 
> For all three of these I'm not convinced the remark is appropriate. These
> talk about specific properties of the functions, which aren't related to
> risks associated with particular (and hence potentially varying) library
> implementations.

Good point