| Message ID | 7b07ed4a2a87c2774b469eb0fa280c19f945b3a4.1702631924.git.federico.serafini@bugseng.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [XEN] automation/eclair: add deviations for MISRA C:2012 Rule 16.3 | expand |
On 15/12/23 10:26, Federico Serafini wrote: > MISRA C:2012 Rule 16.3 states that an unconditional break statement > shall terminate every switch-clause. > > Update ECLAIR configuration to take into account: > - continue, goto, return statements; > - functions that do not give the control back; > - fallthrough pseudo-keyword; > - macro BUG(); > - comments. > > Update docs/misra/deviations.rst accordingly. > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> > --- > .../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++ > docs/misra/deviations.rst | 28 +++++++++++++++++++ > 2 files changed, 56 insertions(+) > > diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl > index 683f2bbfe8..e27d840fe4 100644 > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" > -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} > -doc_end > > +# > +# Series 16. > +# > + > +-doc_begin="Switch clauses ending with continue, goto, return statements are > +safe." > +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} > +-doc_end > + > +-doc_begin="Switch clauses ending with a call to a function that does not give > +the control back are safe." > +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are > +safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} > +-doc_end > + > +-doc_begin="Switch clauses not ending with the break statement are safe if an > +explicit comment indicating the fallthrough intention is present." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} > +-doc_end > + > # > # Series 20. > # > diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst > index eda3c8100c..d593be81b9 100644 > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: > therefore have the same behavior of a boolean. > - Project-wide deviation; tagged as `deliberate` for ECLAIR. > > + * - R16.3 > + - Switch clauses ending with continue, goto, return statements are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with a call to a function that does not give > + the control back are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with failure method \"BUG()\" are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Existing switch clauses not ending with the break statement are safe if > + an explicit comment indicating the fallthrough intention is present. > + However, the use of such comments in new code is deprecated: > + pseudo-keyword "fallthrough" shall be used. > + - Tagged as `safe` for ECLAIR. The accepted comments are: > + - /\* fall through \*/ > + - /\* fall through. \*/ > + - /\* fallthrough \*/ > + - /\* fallthrough. \*/ > + - /\* Fall through \*/ > + - /\* Fall through. \*/ > + - /\* Fallthrough \*/ > + - /\* Fallthrough. \*/ > + > * - R20.7 > - Code violating Rule 20.7 is safe when macro parameters are used: > (1) as function arguments; I forgot to mention that this is a V2. The older version and the discussion can be found at: https://lists.xenproject.org/archives/html/xen-devel/2023-12/msg00957.html
On Fri, 15 Dec 2023, Federico Serafini wrote: > MISRA C:2012 Rule 16.3 states that an unconditional break statement > shall terminate every switch-clause. > > Update ECLAIR configuration to take into account: > - continue, goto, return statements; > - functions that do not give the control back; > - fallthrough pseudo-keyword; > - macro BUG(); > - comments. > > Update docs/misra/deviations.rst accordingly. > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> This is much sharper and better than before, thanks Federico! > --- > .../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++ > docs/misra/deviations.rst | 28 +++++++++++++++++++ > 2 files changed, 56 insertions(+) > > diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl > index 683f2bbfe8..e27d840fe4 100644 > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" > -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} > -doc_end > > +# > +# Series 16. > +# > + > +-doc_begin="Switch clauses ending with continue, goto, return statements are > +safe." > +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} > +-doc_end > + > +-doc_begin="Switch clauses ending with a call to a function that does not give > +the control back are safe." > +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are > +safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} > +-doc_end > + > +-doc_begin="Switch clauses not ending with the break statement are safe if an > +explicit comment indicating the fallthrough intention is present." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} > +-doc_end > + > # > # Series 20. > # > diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst > index eda3c8100c..d593be81b9 100644 > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: > therefore have the same behavior of a boolean. > - Project-wide deviation; tagged as `deliberate` for ECLAIR. > > + * - R16.3 > + - Switch clauses ending with continue, goto, return statements are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with a call to a function that does not give > + the control back are safe. NIT: it might be good to add: (noreturn) to the statement for clarity but it is good enough already > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with failure method \"BUG()\" are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Existing switch clauses not ending with the break statement are safe if > + an explicit comment indicating the fallthrough intention is present. > + However, the use of such comments in new code is deprecated: > + pseudo-keyword "fallthrough" shall be used. ^NIT: the pseudo-keyword both changes could be done on commit Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > + - Tagged as `safe` for ECLAIR. The accepted comments are: > + - /\* fall through \*/ > + - /\* fall through. \*/ > + - /\* fallthrough \*/ > + - /\* fallthrough. \*/ > + - /\* Fall through \*/ > + - /\* Fall through. \*/ > + - /\* Fallthrough \*/ > + - /\* Fallthrough. \*/ > + > * - R20.7 > - Code violating Rule 20.7 is safe when macro parameters are used: > (1) as function arguments; > -- > 2.34.1 >
On 15.12.2023 10:26, Federico Serafini wrote: > --- a/automation/eclair_analysis/ECLAIR/deviations.ecl > +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl > @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" > -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} > -doc_end > > +# > +# Series 16. > +# > + > +-doc_begin="Switch clauses ending with continue, goto, return statements are > +safe." > +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} > +-doc_end > + > +-doc_begin="Switch clauses ending with a call to a function that does not give > +the control back are safe." > +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are > +safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} > +-doc_end > + > +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} > +-doc_end > + > +-doc_begin="Switch clauses not ending with the break statement are safe if an > +explicit comment indicating the fallthrough intention is present." > +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} > +-doc_end > + > # > # Series 20. > # > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: > therefore have the same behavior of a boolean. > - Project-wide deviation; tagged as `deliberate` for ECLAIR. > > + * - R16.3 > + - Switch clauses ending with continue, goto, return statements are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with a call to a function that does not give > + the control back are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Switch clauses ending with failure method \"BUG()\" are safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - Existing switch clauses not ending with the break statement are safe if > + an explicit comment indicating the fallthrough intention is present. > + However, the use of such comments in new code is deprecated: > + pseudo-keyword "fallthrough" shall be used. > + - Tagged as `safe` for ECLAIR. The accepted comments are: > + - /\* fall through \*/ > + - /\* fall through. \*/ > + - /\* fallthrough \*/ > + - /\* fallthrough. \*/ > + - /\* Fall through \*/ > + - /\* Fall through. \*/ > + - /\* Fallthrough \*/ > + - /\* Fallthrough. \*/ I was puzzled by there being 4 bullet points here, but 5 additions to the other file. I don't think the wording here is sufficiently unambiguous towards the use of the pseudo-keyword. If that's to remain a single bullet point, imo the pseudo-keyword needs mentioning first, and only the talk should be about comments as an alternative. Jan
On 18/12/23 08:42, Jan Beulich wrote: > On 15.12.2023 10:26, Federico Serafini wrote: >> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl >> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl >> @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" >> -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} >> -doc_end >> >> +# >> +# Series 16. >> +# >> + >> +-doc_begin="Switch clauses ending with continue, goto, return statements are >> +safe." >> +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} >> +-doc_end >> + >> +-doc_begin="Switch clauses ending with a call to a function that does not give >> +the control back are safe." >> +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} >> +-doc_end >> + >> +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are >> +safe." >> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} >> +-doc_end >> + >> +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." >> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} >> +-doc_end >> + >> +-doc_begin="Switch clauses not ending with the break statement are safe if an >> +explicit comment indicating the fallthrough intention is present." >> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} >> +-doc_end >> + >> # >> # Series 20. >> # >> --- a/docs/misra/deviations.rst >> +++ b/docs/misra/deviations.rst >> @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: >> therefore have the same behavior of a boolean. >> - Project-wide deviation; tagged as `deliberate` for ECLAIR. >> >> + * - R16.3 >> + - Switch clauses ending with continue, goto, return statements are safe. >> + - Tagged as `safe` for ECLAIR. >> + >> + * - R16.3 >> + - Switch clauses ending with a call to a function that does not give >> + the control back are safe. >> + - Tagged as `safe` for ECLAIR. >> + >> + * - R16.3 >> + - Switch clauses ending with failure method \"BUG()\" are safe. >> + - Tagged as `safe` for ECLAIR. >> + >> + * - R16.3 >> + - Existing switch clauses not ending with the break statement are safe if >> + an explicit comment indicating the fallthrough intention is present. >> + However, the use of such comments in new code is deprecated: >> + pseudo-keyword "fallthrough" shall be used. >> + - Tagged as `safe` for ECLAIR. The accepted comments are: >> + - /\* fall through \*/ >> + - /\* fall through. \*/ >> + - /\* fallthrough \*/ >> + - /\* fallthrough. \*/ >> + - /\* Fall through \*/ >> + - /\* Fall through. \*/ >> + - /\* Fallthrough \*/ >> + - /\* Fallthrough. \*/ > > I was puzzled by there being 4 bullet points here, but 5 additions to the > other file. I don't think the wording here is sufficiently unambiguous towards > the use of the pseudo-keyword. If that's to remain a single bullet point, imo > the pseudo-keyword needs mentioning first, and only the talk should be about > comments as an alternative. I'll send a v3 to include Stefano's observations and an explicit bullet point for pseudo-keyword fallthrough.
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 683f2bbfe8..e27d840fe4 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean" -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"} -doc_end +# +# Series 16. +# + +-doc_begin="Switch clauses ending with continue, goto, return statements are +safe." +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} +-doc_end + +-doc_begin="Switch clauses ending with a call to a function that does not give +the control back are safe." +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} +-doc_end + +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are +safe." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} +-doc_end + +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} +-doc_end + +-doc_begin="Switch clauses not ending with the break statement are safe if an +explicit comment indicating the fallthrough intention is present." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} +-doc_end + # # Series 20. # diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index eda3c8100c..d593be81b9 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules: therefore have the same behavior of a boolean. - Project-wide deviation; tagged as `deliberate` for ECLAIR. + * - R16.3 + - Switch clauses ending with continue, goto, return statements are safe. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - Switch clauses ending with a call to a function that does not give + the control back are safe. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - Switch clauses ending with failure method \"BUG()\" are safe. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - Existing switch clauses not ending with the break statement are safe if + an explicit comment indicating the fallthrough intention is present. + However, the use of such comments in new code is deprecated: + pseudo-keyword "fallthrough" shall be used. + - Tagged as `safe` for ECLAIR. The accepted comments are: + - /\* fall through \*/ + - /\* fall through. \*/ + - /\* fallthrough \*/ + - /\* fallthrough. \*/ + - /\* Fall through \*/ + - /\* Fall through. \*/ + - /\* Fallthrough \*/ + - /\* Fallthrough. \*/ + * - R20.7 - Code violating Rule 20.7 is safe when macro parameters are used: (1) as function arguments;
MISRA C:2012 Rule 16.3 states that an unconditional break statement shall terminate every switch-clause. Update ECLAIR configuration to take into account: - continue, goto, return statements; - functions that do not give the control back; - fallthrough pseudo-keyword; - macro BUG(); - comments. Update docs/misra/deviations.rst accordingly. Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> --- .../eclair_analysis/ECLAIR/deviations.ecl | 28 +++++++++++++++++++ docs/misra/deviations.rst | 28 +++++++++++++++++++ 2 files changed, 56 insertions(+)