docs/misra/safe.json | 8 ++++++++ xen/common/time.c | 3 ++- xen/drivers/passthrough/arm/smmu-v3.c | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-)
Rule 10.1: Operands shall not be of an
inappropriate essential type
The following are non-compliant:
- boolean used as a numeric value.
The result of the '__isleap' macro is a boolean.
Suppress analyser tool finding.
The result of 'NOW() > timeout' is a boolean,
which is compared to a numeric value. Fix this.
Regression was introdiced by commit:
be7f047e08 (xen/arm: smmuv3: Replace linux functions with xen functions.)
Remove pointless cast '(const unsigned short int *)'.
The source array and the destination pointer are both of the same type.
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
---
Changes since v4:
- described dropping cast reason
- updated SAF text
---
docs/misra/safe.json | 8 ++++++++
xen/common/time.c | 3 ++-
xen/drivers/passthrough/arm/smmu-v3.c | 2 +-
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index e3489dba8e..3584cb90c6 100644
--- a/docs/misra/safe.json
+++ b/docs/misra/safe.json
@@ -116,6 +116,14 @@
},
{
"id": "SAF-14-safe",
+ "analyser": {
+ "eclair": "MC3A2.R10.1"
+ },
+ "name": "Rule 10.1: use boolean as an array index",
+ "text": "Using a boolean type as an array index is safe."
+ },
+ {
+ "id": "SAF-15-safe",
"analyser": {},
"name": "Sentinel",
"text": "Next ID to be used"
diff --git a/xen/common/time.c b/xen/common/time.c
index 92f7b72464..c873b5731b 100644
--- a/xen/common/time.c
+++ b/xen/common/time.c
@@ -84,7 +84,8 @@ struct tm gmtime(unsigned long t)
}
tbuf.tm_year = y - 1900;
tbuf.tm_yday = days;
- ip = (const unsigned short int *)__mon_lengths[__isleap(y)];
+ /* SAF-14-safe use boolean as an array index */
+ ip = __mon_lengths[__isleap(y)];
for ( y = 0; days >= ip[y]; ++y )
days -= ip[y];
tbuf.tm_mon = y;
diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c
index df16235057..4058b18f2c 100644
--- a/xen/drivers/passthrough/arm/smmu-v3.c
+++ b/xen/drivers/passthrough/arm/smmu-v3.c
@@ -315,7 +315,7 @@ static int queue_poll_cons(struct arm_smmu_queue *q, bool sync, bool wfe)
while (queue_sync_cons_in(q),
(sync ? !queue_empty(&q->llq) : queue_full(&q->llq))) {
- if ((NOW() > timeout) > 0)
+ if (NOW() > timeout)
return -ETIMEDOUT;
if (wfe) {
--
2.43.0On 15.07.2025 11:31, Dmytro Prokopchuk1 wrote: > Rule 10.1: Operands shall not be of an > inappropriate essential type > > The following are non-compliant: > - boolean used as a numeric value. > > The result of the '__isleap' macro is a boolean. > Suppress analyser tool finding. > > The result of 'NOW() > timeout' is a boolean, > which is compared to a numeric value. Fix this. > Regression was introdiced by commit: > be7f047e08 (xen/arm: smmuv3: Replace linux functions with xen functions.) > > Remove pointless cast '(const unsigned short int *)'. > The source array and the destination pointer are both of the same type. > > Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com> I assume you put this in implicitly ... > --- > docs/misra/safe.json | 8 ++++++++ > xen/common/time.c | 3 ++- > xen/drivers/passthrough/arm/smmu-v3.c | 2 +- > 3 files changed, 11 insertions(+), 2 deletions(-) ... acking the Arm part? Except that it would have been Bertrand or Rahul to ack this? Jan
Hi, > On 17 Jul 2025, at 08:20, Jan Beulich <jbeulich@suse.com> wrote: > > On 15.07.2025 11:31, Dmytro Prokopchuk1 wrote: >> Rule 10.1: Operands shall not be of an >> inappropriate essential type >> >> The following are non-compliant: >> - boolean used as a numeric value. >> >> The result of the '__isleap' macro is a boolean. >> Suppress analyser tool finding. >> >> The result of 'NOW() > timeout' is a boolean, >> which is compared to a numeric value. Fix this. >> Regression was introdiced by commit: >> be7f047e08 (xen/arm: smmuv3: Replace linux functions with xen functions.) >> >> Remove pointless cast '(const unsigned short int *)'. >> The source array and the destination pointer are both of the same type. >> >> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com> > > I assume you put this in implicitly ... > >> --- >> docs/misra/safe.json | 8 ++++++++ >> xen/common/time.c | 3 ++- >> xen/drivers/passthrough/arm/smmu-v3.c | 2 +- >> 3 files changed, 11 insertions(+), 2 deletions(-) > > ... acking the Arm part? Except that it would have been Bertrand or Rahul > to ack this? This was definitely not meant to be like this in the code so the fix is right: For the SMMU part: Acked-by: Bertrand Marquis <bertrand.marquis@arm.com> Cheers Bertrand > > Jan
On 15.07.2025 11:31, Dmytro Prokopchuk1 wrote: > Rule 10.1: Operands shall not be of an > inappropriate essential type > > The following are non-compliant: > - boolean used as a numeric value. > > The result of the '__isleap' macro is a boolean. > Suppress analyser tool finding. > > The result of 'NOW() > timeout' is a boolean, > which is compared to a numeric value. Fix this. > Regression was introdiced by commit: > be7f047e08 (xen/arm: smmuv3: Replace linux functions with xen functions.) > > Remove pointless cast '(const unsigned short int *)'. > The source array and the destination pointer are both of the same type. > > Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
© 2016 - 2025 Red Hat, Inc.