1. Patchew
  2. Xen
  3. View series

[PATCH] docs/misra: add rule 12.2

Stefano Stabellini posted 1 patch 4 months, 2 weeks ago
Failed in applying to current master (apply log)
[PATCH] docs/misra: add rule 12.2
Posted by Stefano Stabellini 4 months, 2 weeks ago 
As discussed during the last MISRA C meeting, add Rule 12.2 to the list
of MISRA C rules we accept, together with an explanation that we use gcc
-fsanitize=undefined alone to check for violations.

Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>

diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst
index 2e11566e20..a7e2b646de 100644
--- a/docs/misra/rules.rst
+++ b/docs/misra/rules.rst
@@ -443,6 +443,14 @@ maintainers if you want to suggest a change.
      - The macro NULL shall be the only permitted form of null pointer constant
      -
 
+   * - `Rule 12.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_02.c>`_
+     - Required
+     - The right hand operand of a shift operator shall lie in the range
+       zero to one less than the width in bits of the essential type of
+       the left hand operand
+     - We rely exclusively on gcc -fsanitize=undefined to check for
+       dangerious violations to this rule and to ensure compliance
+
    * - `Rule 12.5 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_05.c>`_
      - Mandatory
      - The sizeof operator shall not have an operand which is a function
Re: [PATCH] docs/misra: add rule 12.2
Posted by Jan Beulich 4 months, 1 week ago 
On 13.07.2024 00:45, Stefano Stabellini wrote:
> As discussed during the last MISRA C meeting, add Rule 12.2 to the list
> of MISRA C rules we accept, together with an explanation that we use gcc
> -fsanitize=undefined alone to check for violations.

Neither the "alone" here nor ...

> --- a/docs/misra/rules.rst
> +++ b/docs/misra/rules.rst
> @@ -443,6 +443,14 @@ maintainers if you want to suggest a change.
>       - The macro NULL shall be the only permitted form of null pointer constant
>       -
>  
> +   * - `Rule 12.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_02.c>`_
> +     - Required
> +     - The right hand operand of a shift operator shall lie in the range
> +       zero to one less than the width in bits of the essential type of
> +       the left hand operand
> +     - We rely exclusively on gcc -fsanitize=undefined to check for
> +       dangerious violations to this rule and to ensure compliance

... the "exclusively" here look quite right to me. That's true for shift
counts which aren't build-time constant. For those which are we leverage
ordinary compiler diagnostics. Preferably with a respective adjustment:

Acked-by: Jan Beulich <jbeulich@suse.com>

Jan

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.