diff mbox series

[XEN,v2,03/10] misra: add deviations for direct inclusion guards

Message ID 0c1fb82b539d939e7c6655a9a8f3d7fe8b213cef.1694510856.git.simone.ballarin@bugseng.com (mailing list archive)
State New, archived
Headers show
Series address violations of MISRA C:2012 Directive 4.10 | expand

Commit Message

Simone Ballarin Sept. 12, 2023, 9:36 a.m. UTC 
Add deviation comments to address violations of
MISRA C:2012 Directive 4.10 ("Precautions shall be taken in order
to prevent the contents of a header file being included more than
once").

Inclusion guards must appear at the beginning of the headers
(comments are permitted anywhere).

This patch adds deviation comments using the format specified
in docs/misra/safe.json for headers with just the direct
inclusion guard before the inclusion guard since they are
safe and not supposed to comply with the directive.

Signed-off-by: Simone Ballarin <simone.ballarin@bugseng.com>

---
The patch has been introduced in v2.
---
 docs/misra/safe.json                 | 8 ++++++++
 xen/arch/arm/include/asm/hypercall.h | 1 +
 xen/arch/x86/include/asm/hypercall.h | 1 +
 xen/include/xen/unaligned.h          | 1 +
 4 files changed, 11 insertions(+)

Comments

Jan Beulich Sept. 12, 2023, 9:52 a.m. UTC | #1 
On 12.09.2023 11:36, Simone Ballarin wrote:
> --- a/docs/misra/safe.json
> +++ b/docs/misra/safe.json
> @@ -36,6 +36,14 @@
>          },
>          {
>              "id": "SAF-4-safe",
> +            "analyser": {
> +                "eclair": "MC3R1.D4.10"
> +            },
> +            "name": "Dir 4.10: direct inclusion guard before",
> +            "text": "Headers with just the direct inclusion guard before the inclusion guard are safe."
> +        },
> +        {
> +            "id": "SAF-5-safe",
>              "analyser": {},
>              "name": "Sentinel",
>              "text": "Next ID to be used"
> diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h
> index ccd26c5184..24f8c61a73 100644
> --- a/xen/arch/arm/include/asm/hypercall.h
> +++ b/xen/arch/arm/include/asm/hypercall.h
> @@ -1,3 +1,4 @@
> +/* SAF-3-safe direct inclusion guard before */
>  #ifndef __XEN_HYPERCALL_H__
>  #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>  #endif
> diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h
> index ec2edc771e..dfdfe80021 100644
> --- a/xen/arch/x86/include/asm/hypercall.h
> +++ b/xen/arch/x86/include/asm/hypercall.h
> @@ -2,6 +2,7 @@
>   * asm-x86/hypercall.h
>   */
>  
> +/* SAF-3-safe direct inclusion guard before */
>  #ifndef __XEN_HYPERCALL_H__
>  #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>  #endif
> diff --git a/xen/include/xen/unaligned.h b/xen/include/xen/unaligned.h
> index 0a2b16d05d..190ada7800 100644
> --- a/xen/include/xen/unaligned.h
> +++ b/xen/include/xen/unaligned.h
> @@ -3,6 +3,7 @@
>   * without faulting, and at least reasonably efficiently.  Other architectures
>   * will need to have a custom asm/unaligned.h.
>   */
> +/* SAF-3-safe direct inclusion guard before */
>  #ifndef __ASM_UNALIGNED_H__
>  #error "xen/unaligned.h should not be included directly - include asm/unaligned.h instead"
>  #endif

Apart from the recurring off-by-1, will this have the intended effect of
Eclair still choking if there's then no inclusion guard following these
early constructs?

Jan
Simone Ballarin Sept. 12, 2023, 10:05 a.m. UTC | #2 
On 12/09/23 11:52, Jan Beulich wrote:
> On 12.09.2023 11:36, Simone Ballarin wrote:
>> --- a/docs/misra/safe.json
>> +++ b/docs/misra/safe.json
>> @@ -36,6 +36,14 @@
>>           },
>>           {
>>               "id": "SAF-4-safe",
>> +            "analyser": {
>> +                "eclair": "MC3R1.D4.10"
>> +            },
>> +            "name": "Dir 4.10: direct inclusion guard before",
>> +            "text": "Headers with just the direct inclusion guard before the inclusion guard are safe."
>> +        },
>> +        {
>> +            "id": "SAF-5-safe",
>>               "analyser": {},
>>               "name": "Sentinel",
>>               "text": "Next ID to be used"
>> diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h
>> index ccd26c5184..24f8c61a73 100644
>> --- a/xen/arch/arm/include/asm/hypercall.h
>> +++ b/xen/arch/arm/include/asm/hypercall.h
>> @@ -1,3 +1,4 @@
>> +/* SAF-3-safe direct inclusion guard before */
>>   #ifndef __XEN_HYPERCALL_H__
>>   #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>>   #endif
>> diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h
>> index ec2edc771e..dfdfe80021 100644
>> --- a/xen/arch/x86/include/asm/hypercall.h
>> +++ b/xen/arch/x86/include/asm/hypercall.h
>> @@ -2,6 +2,7 @@
>>    * asm-x86/hypercall.h
>>    */
>>   
>> +/* SAF-3-safe direct inclusion guard before */
>>   #ifndef __XEN_HYPERCALL_H__
>>   #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>>   #endif
>> diff --git a/xen/include/xen/unaligned.h b/xen/include/xen/unaligned.h
>> index 0a2b16d05d..190ada7800 100644
>> --- a/xen/include/xen/unaligned.h
>> +++ b/xen/include/xen/unaligned.h
>> @@ -3,6 +3,7 @@
>>    * without faulting, and at least reasonably efficiently.  Other architectures
>>    * will need to have a custom asm/unaligned.h.
>>    */
>> +/* SAF-3-safe direct inclusion guard before */
>>   #ifndef __ASM_UNALIGNED_H__
>>   #error "xen/unaligned.h should not be included directly - include asm/unaligned.h instead"
>>   #endif
> 
> Apart from the recurring off-by-1, will this have the intended effect of
> Eclair still choking if there's then no inclusion guard following these
> early constructs?
> 
> Jan
> 

No, if you put something between the direct inclusion guard and the 
inclusion guard, no violation will be generated.
Jan Beulich Sept. 12, 2023, 10:19 a.m. UTC | #3 
On 12.09.2023 12:05, Simone Ballarin wrote:
> On 12/09/23 11:52, Jan Beulich wrote:
>> On 12.09.2023 11:36, Simone Ballarin wrote:
>>> --- a/docs/misra/safe.json
>>> +++ b/docs/misra/safe.json
>>> @@ -36,6 +36,14 @@
>>>           },
>>>           {
>>>               "id": "SAF-4-safe",
>>> +            "analyser": {
>>> +                "eclair": "MC3R1.D4.10"
>>> +            },
>>> +            "name": "Dir 4.10: direct inclusion guard before",
>>> +            "text": "Headers with just the direct inclusion guard before the inclusion guard are safe."
>>> +        },
>>> +        {
>>> +            "id": "SAF-5-safe",
>>>               "analyser": {},
>>>               "name": "Sentinel",
>>>               "text": "Next ID to be used"
>>> diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h
>>> index ccd26c5184..24f8c61a73 100644
>>> --- a/xen/arch/arm/include/asm/hypercall.h
>>> +++ b/xen/arch/arm/include/asm/hypercall.h
>>> @@ -1,3 +1,4 @@
>>> +/* SAF-3-safe direct inclusion guard before */
>>>   #ifndef __XEN_HYPERCALL_H__
>>>   #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>>>   #endif
>>> diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h
>>> index ec2edc771e..dfdfe80021 100644
>>> --- a/xen/arch/x86/include/asm/hypercall.h
>>> +++ b/xen/arch/x86/include/asm/hypercall.h
>>> @@ -2,6 +2,7 @@
>>>    * asm-x86/hypercall.h
>>>    */
>>>   
>>> +/* SAF-3-safe direct inclusion guard before */
>>>   #ifndef __XEN_HYPERCALL_H__
>>>   #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>>>   #endif
>>> diff --git a/xen/include/xen/unaligned.h b/xen/include/xen/unaligned.h
>>> index 0a2b16d05d..190ada7800 100644
>>> --- a/xen/include/xen/unaligned.h
>>> +++ b/xen/include/xen/unaligned.h
>>> @@ -3,6 +3,7 @@
>>>    * without faulting, and at least reasonably efficiently.  Other architectures
>>>    * will need to have a custom asm/unaligned.h.
>>>    */
>>> +/* SAF-3-safe direct inclusion guard before */
>>>   #ifndef __ASM_UNALIGNED_H__
>>>   #error "xen/unaligned.h should not be included directly - include asm/unaligned.h instead"
>>>   #endif
>>
>> Apart from the recurring off-by-1, will this have the intended effect of
>> Eclair still choking if there's then no inclusion guard following these
>> early constructs?
> 
> No, if you put something between the direct inclusion guard and the 
> inclusion guard, no violation will be generated.

Hmm, that's not good. But the question was also the other way around: Will
there be a violation reported if the ordinary inclusion guard is missing
altogether? I.e. will the tool continue looking for the guard it expects
despite the SAF-<n>-safe comment?

Jan
Simone Ballarin Sept. 12, 2023, 3:58 p.m. UTC | #4 
On 12/09/23 12:19, Jan Beulich wrote:
> On 12.09.2023 12:05, Simone Ballarin wrote:
>> On 12/09/23 11:52, Jan Beulich wrote:
>>> On 12.09.2023 11:36, Simone Ballarin wrote:
>>>> --- a/docs/misra/safe.json
>>>> +++ b/docs/misra/safe.json
>>>> @@ -36,6 +36,14 @@
>>>>            },
>>>>            {
>>>>                "id": "SAF-4-safe",
>>>> +            "analyser": {
>>>> +                "eclair": "MC3R1.D4.10"
>>>> +            },
>>>> +            "name": "Dir 4.10: direct inclusion guard before",
>>>> +            "text": "Headers with just the direct inclusion guard before the inclusion guard are safe."
>>>> +        },
>>>> +        {
>>>> +            "id": "SAF-5-safe",
>>>>                "analyser": {},
>>>>                "name": "Sentinel",
>>>>                "text": "Next ID to be used"
>>>> diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h
>>>> index ccd26c5184..24f8c61a73 100644
>>>> --- a/xen/arch/arm/include/asm/hypercall.h
>>>> +++ b/xen/arch/arm/include/asm/hypercall.h
>>>> @@ -1,3 +1,4 @@
>>>> +/* SAF-3-safe direct inclusion guard before */
>>>>    #ifndef __XEN_HYPERCALL_H__
>>>>    #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>>>>    #endif
>>>> diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h
>>>> index ec2edc771e..dfdfe80021 100644
>>>> --- a/xen/arch/x86/include/asm/hypercall.h
>>>> +++ b/xen/arch/x86/include/asm/hypercall.h
>>>> @@ -2,6 +2,7 @@
>>>>     * asm-x86/hypercall.h
>>>>     */
>>>>    
>>>> +/* SAF-3-safe direct inclusion guard before */
>>>>    #ifndef __XEN_HYPERCALL_H__
>>>>    #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
>>>>    #endif
>>>> diff --git a/xen/include/xen/unaligned.h b/xen/include/xen/unaligned.h
>>>> index 0a2b16d05d..190ada7800 100644
>>>> --- a/xen/include/xen/unaligned.h
>>>> +++ b/xen/include/xen/unaligned.h
>>>> @@ -3,6 +3,7 @@
>>>>     * without faulting, and at least reasonably efficiently.  Other architectures
>>>>     * will need to have a custom asm/unaligned.h.
>>>>     */
>>>> +/* SAF-3-safe direct inclusion guard before */
>>>>    #ifndef __ASM_UNALIGNED_H__
>>>>    #error "xen/unaligned.h should not be included directly - include asm/unaligned.h instead"
>>>>    #endif
>>>
>>> Apart from the recurring off-by-1, will this have the intended effect of
>>> Eclair still choking if there's then no inclusion guard following these
>>> early constructs?
>>
>> No, if you put something between the direct inclusion guard and the
>> inclusion guard, no violation will be generated.
> 
> Hmm, that's not good. But the question was also the other way around: Will
> there be a violation reported if the ordinary inclusion guard is missing
> altogether? I.e. will the tool continue looking for the guard it expects
> despite the SAF-<n>-safe comment?
> 
> Jan
> 

The comment-based deviations currently work as follows:
each report (of the specified service) that has its location in the same 
line or in the line following the comment is deviated.

In this case, the location is the first token of the file: the "#ifndef" 
of the direct inclusion guard.

Every change made after the direct inclusion guard will not change the
location of the violation, so the deviation still applies.

The only change that will cause a violation would be adding something
(that is not a compliant inclusion guard) before the comment.
diff mbox series

Patch

diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index e8e200cb0a..0ec594f6bf 100644
--- a/docs/misra/safe.json
+++ b/docs/misra/safe.json
@@ -36,6 +36,14 @@ 
         },
         {
             "id": "SAF-4-safe",
+            "analyser": {
+                "eclair": "MC3R1.D4.10"
+            },
+            "name": "Dir 4.10: direct inclusion guard before",
+            "text": "Headers with just the direct inclusion guard before the inclusion guard are safe."
+        },
+        {
+            "id": "SAF-5-safe",
             "analyser": {},
             "name": "Sentinel",
             "text": "Next ID to be used"
diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h
index ccd26c5184..24f8c61a73 100644
--- a/xen/arch/arm/include/asm/hypercall.h
+++ b/xen/arch/arm/include/asm/hypercall.h
@@ -1,3 +1,4 @@ 
+/* SAF-3-safe direct inclusion guard before */
 #ifndef __XEN_HYPERCALL_H__
 #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
 #endif
diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h
index ec2edc771e..dfdfe80021 100644
--- a/xen/arch/x86/include/asm/hypercall.h
+++ b/xen/arch/x86/include/asm/hypercall.h
@@ -2,6 +2,7 @@ 
  * asm-x86/hypercall.h
  */
 
+/* SAF-3-safe direct inclusion guard before */
 #ifndef __XEN_HYPERCALL_H__
 #error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead"
 #endif
diff --git a/xen/include/xen/unaligned.h b/xen/include/xen/unaligned.h
index 0a2b16d05d..190ada7800 100644
--- a/xen/include/xen/unaligned.h
+++ b/xen/include/xen/unaligned.h
@@ -3,6 +3,7 @@ 
  * without faulting, and at least reasonably efficiently.  Other architectures
  * will need to have a custom asm/unaligned.h.
  */
+/* SAF-3-safe direct inclusion guard before */
 #ifndef __ASM_UNALIGNED_H__
 #error "xen/unaligned.h should not be included directly - include asm/unaligned.h instead"
 #endif