diff mbox series

[XEN] automation/eclair: add deviations for MISRA C:2012 Rule 16.3

Message ID 7b07ed4a2a87c2774b469eb0fa280c19f945b3a4.1702631924.git.federico.serafini@bugseng.com (mailing list archive)
State Superseded
Headers show
Series [XEN] automation/eclair: add deviations for MISRA C:2012 Rule 16.3 | expand

Commit Message

Federico Serafini Dec. 15, 2023, 9:26 a.m. UTC
MISRA C:2012 Rule 16.3 states that an unconditional break statement
shall terminate every switch-clause.

Update ECLAIR configuration to take into account:
  - continue, goto, return statements;
  - functions that do not give the control back;
  - fallthrough pseudo-keyword;
  - macro BUG();
  - comments.

Update docs/misra/deviations.rst accordingly.

Signed-off-by: Federico Serafini <federico.serafini@bugseng.com>
---
 .../eclair_analysis/ECLAIR/deviations.ecl     | 28 +++++++++++++++++++
 docs/misra/deviations.rst                     | 28 +++++++++++++++++++
 2 files changed, 56 insertions(+)

Comments

Federico Serafini Dec. 15, 2023, 9:41 a.m. UTC | #1
On 15/12/23 10:26, Federico Serafini wrote:
> MISRA C:2012 Rule 16.3 states that an unconditional break statement
> shall terminate every switch-clause.
> 
> Update ECLAIR configuration to take into account:
>    - continue, goto, return statements;
>    - functions that do not give the control back;
>    - fallthrough pseudo-keyword;
>    - macro BUG();
>    - comments.
> 
> Update docs/misra/deviations.rst accordingly.
> 
> Signed-off-by: Federico Serafini <federico.serafini@bugseng.com>
> ---
>   .../eclair_analysis/ECLAIR/deviations.ecl     | 28 +++++++++++++++++++
>   docs/misra/deviations.rst                     | 28 +++++++++++++++++++
>   2 files changed, 56 insertions(+)
> 
> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl
> index 683f2bbfe8..e27d840fe4 100644
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean"
>   -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
>   -doc_end
>   
> +#
> +# Series 16.
> +#
> +
> +-doc_begin="Switch clauses ending with continue, goto, return statements are
> +safe."
> +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with a call to a function that does not give
> +the control back are safe."
> +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
> +safe."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses not ending with the break statement are safe if an
> +explicit comment indicating the fallthrough intention is present."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
> +-doc_end
> +
>   #
>   # Series 20.
>   #
> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
> index eda3c8100c..d593be81b9 100644
> --- a/docs/misra/deviations.rst
> +++ b/docs/misra/deviations.rst
> @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules:
>          therefore have the same behavior of a boolean.
>        - Project-wide deviation; tagged as `deliberate` for ECLAIR.
>   
> +   * - R16.3
> +     - Switch clauses ending with continue, goto, return statements are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Switch clauses ending with a call to a function that does not give
> +       the control back are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Switch clauses ending with failure method \"BUG()\" are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Existing switch clauses not ending with the break statement are safe if
> +       an explicit comment indicating the fallthrough intention is present.
> +       However, the use of such comments in new code is deprecated:
> +       pseudo-keyword "fallthrough" shall be used.
> +     - Tagged as `safe` for ECLAIR. The accepted comments are:
> +         - /\* fall through \*/
> +         - /\* fall through. \*/
> +         - /\* fallthrough \*/
> +         - /\* fallthrough. \*/
> +         - /\* Fall through \*/
> +         - /\* Fall through. \*/
> +         - /\* Fallthrough \*/
> +         - /\* Fallthrough. \*/
> +
>      * - R20.7
>        - Code violating Rule 20.7 is safe when macro parameters are used:
>          (1) as function arguments;

I forgot to mention that this is a V2.
The older version and the discussion can be found at:
https://lists.xenproject.org/archives/html/xen-devel/2023-12/msg00957.html
Stefano Stabellini Dec. 15, 2023, 9:03 p.m. UTC | #2
On Fri, 15 Dec 2023, Federico Serafini wrote:
> MISRA C:2012 Rule 16.3 states that an unconditional break statement
> shall terminate every switch-clause.
> 
> Update ECLAIR configuration to take into account:
>   - continue, goto, return statements;
>   - functions that do not give the control back;
>   - fallthrough pseudo-keyword;
>   - macro BUG();
>   - comments.
> 
> Update docs/misra/deviations.rst accordingly.
> 
> Signed-off-by: Federico Serafini <federico.serafini@bugseng.com>

This is much sharper and better than before, thanks Federico!


> ---
>  .../eclair_analysis/ECLAIR/deviations.ecl     | 28 +++++++++++++++++++
>  docs/misra/deviations.rst                     | 28 +++++++++++++++++++
>  2 files changed, 56 insertions(+)
> 
> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl
> index 683f2bbfe8..e27d840fe4 100644
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean"
>  -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
>  -doc_end
>  
> +#
> +# Series 16.
> +#
> +
> +-doc_begin="Switch clauses ending with continue, goto, return statements are
> +safe."
> +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with a call to a function that does not give
> +the control back are safe."
> +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
> +safe."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses not ending with the break statement are safe if an
> +explicit comment indicating the fallthrough intention is present."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
> +-doc_end
> +
>  #
>  # Series 20.
>  #
> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
> index eda3c8100c..d593be81b9 100644
> --- a/docs/misra/deviations.rst
> +++ b/docs/misra/deviations.rst
> @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules:
>         therefore have the same behavior of a boolean.
>       - Project-wide deviation; tagged as `deliberate` for ECLAIR.
>  
> +   * - R16.3
> +     - Switch clauses ending with continue, goto, return statements are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Switch clauses ending with a call to a function that does not give
> +       the control back are safe.

NIT: it might be good to add:

  (noreturn)

to the statement for clarity but it is good enough already


> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Switch clauses ending with failure method \"BUG()\" are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Existing switch clauses not ending with the break statement are safe if
> +       an explicit comment indicating the fallthrough intention is present.
> +       However, the use of such comments in new code is deprecated:
> +       pseudo-keyword "fallthrough" shall be used.

          ^NIT: the pseudo-keyword

both changes could be done on commit

Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>


> +     - Tagged as `safe` for ECLAIR. The accepted comments are:
> +         - /\* fall through \*/
> +         - /\* fall through. \*/
> +         - /\* fallthrough \*/
> +         - /\* fallthrough. \*/
> +         - /\* Fall through \*/
> +         - /\* Fall through. \*/
> +         - /\* Fallthrough \*/
> +         - /\* Fallthrough. \*/
> +
>     * - R20.7
>       - Code violating Rule 20.7 is safe when macro parameters are used:
>         (1) as function arguments;
> -- 
> 2.34.1
>
Jan Beulich Dec. 18, 2023, 7:42 a.m. UTC | #3
On 15.12.2023 10:26, Federico Serafini wrote:
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean"
>  -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
>  -doc_end
>  
> +#
> +# Series 16.
> +#
> +
> +-doc_begin="Switch clauses ending with continue, goto, return statements are
> +safe."
> +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with a call to a function that does not give
> +the control back are safe."
> +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
> +safe."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
> +-doc_end
> +
> +-doc_begin="Switch clauses not ending with the break statement are safe if an
> +explicit comment indicating the fallthrough intention is present."
> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
> +-doc_end
> +
>  #
>  # Series 20.
>  #
> --- a/docs/misra/deviations.rst
> +++ b/docs/misra/deviations.rst
> @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules:
>         therefore have the same behavior of a boolean.
>       - Project-wide deviation; tagged as `deliberate` for ECLAIR.
>  
> +   * - R16.3
> +     - Switch clauses ending with continue, goto, return statements are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Switch clauses ending with a call to a function that does not give
> +       the control back are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Switch clauses ending with failure method \"BUG()\" are safe.
> +     - Tagged as `safe` for ECLAIR.
> +
> +   * - R16.3
> +     - Existing switch clauses not ending with the break statement are safe if
> +       an explicit comment indicating the fallthrough intention is present.
> +       However, the use of such comments in new code is deprecated:
> +       pseudo-keyword "fallthrough" shall be used.
> +     - Tagged as `safe` for ECLAIR. The accepted comments are:
> +         - /\* fall through \*/
> +         - /\* fall through. \*/
> +         - /\* fallthrough \*/
> +         - /\* fallthrough. \*/
> +         - /\* Fall through \*/
> +         - /\* Fall through. \*/
> +         - /\* Fallthrough \*/
> +         - /\* Fallthrough. \*/

I was puzzled by there being 4 bullet points here, but 5 additions to the
other file. I don't think the wording here is sufficiently unambiguous towards
the use of the pseudo-keyword. If that's to remain a single bullet point, imo
the pseudo-keyword needs mentioning first, and only the talk should be about
comments as an alternative.

Jan
Federico Serafini Dec. 18, 2023, 8:07 a.m. UTC | #4
On 18/12/23 08:42, Jan Beulich wrote:
> On 15.12.2023 10:26, Federico Serafini wrote:
>> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
>> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
>> @@ -327,6 +327,34 @@ therefore have the same behavior of a boolean"
>>   -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
>>   -doc_end
>>   
>> +#
>> +# Series 16.
>> +#
>> +
>> +-doc_begin="Switch clauses ending with continue, goto, return statements are
>> +safe."
>> +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
>> +-doc_end
>> +
>> +-doc_begin="Switch clauses ending with a call to a function that does not give
>> +the control back are safe."
>> +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
>> +-doc_end
>> +
>> +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
>> +safe."
>> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
>> +-doc_end
>> +
>> +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
>> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
>> +-doc_end
>> +
>> +-doc_begin="Switch clauses not ending with the break statement are safe if an
>> +explicit comment indicating the fallthrough intention is present."
>> +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
>> +-doc_end
>> +
>>   #
>>   # Series 20.
>>   #
>> --- a/docs/misra/deviations.rst
>> +++ b/docs/misra/deviations.rst
>> @@ -276,6 +276,34 @@ Deviations related to MISRA C:2012 Rules:
>>          therefore have the same behavior of a boolean.
>>        - Project-wide deviation; tagged as `deliberate` for ECLAIR.
>>   
>> +   * - R16.3
>> +     - Switch clauses ending with continue, goto, return statements are safe.
>> +     - Tagged as `safe` for ECLAIR.
>> +
>> +   * - R16.3
>> +     - Switch clauses ending with a call to a function that does not give
>> +       the control back are safe.
>> +     - Tagged as `safe` for ECLAIR.
>> +
>> +   * - R16.3
>> +     - Switch clauses ending with failure method \"BUG()\" are safe.
>> +     - Tagged as `safe` for ECLAIR.
>> +
>> +   * - R16.3
>> +     - Existing switch clauses not ending with the break statement are safe if
>> +       an explicit comment indicating the fallthrough intention is present.
>> +       However, the use of such comments in new code is deprecated:
>> +       pseudo-keyword "fallthrough" shall be used.
>> +     - Tagged as `safe` for ECLAIR. The accepted comments are:
>> +         - /\* fall through \*/
>> +         - /\* fall through. \*/
>> +         - /\* fallthrough \*/
>> +         - /\* fallthrough. \*/
>> +         - /\* Fall through \*/
>> +         - /\* Fall through. \*/
>> +         - /\* Fallthrough \*/
>> +         - /\* Fallthrough. \*/
> 
> I was puzzled by there being 4 bullet points here, but 5 additions to the
> other file. I don't think the wording here is sufficiently unambiguous towards
> the use of the pseudo-keyword. If that's to remain a single bullet point, imo
> the pseudo-keyword needs mentioning first, and only the talk should be about
> comments as an alternative.

I'll send a v3 to include Stefano's observations and an
explicit bullet point for pseudo-keyword fallthrough.
diff mbox series

Patch

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 683f2bbfe8..e27d840fe4 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -327,6 +327,34 @@  therefore have the same behavior of a boolean"
 -config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^<?domain>?::is_dying$))))","src_type(enum)"}
 -doc_end
 
+#
+# Series 16.
+#
+
+-doc_begin="Switch clauses ending with continue, goto, return statements are
+safe."
+-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"}
+-doc_end
+
+-doc_begin="Switch clauses ending with a call to a function that does not give
+the control back are safe."
+-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"}
+-doc_end
+
+-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are
+safe."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"}
+-doc_end
+
+-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"}
+-doc_end
+
+-doc_begin="Switch clauses not ending with the break statement are safe if an
+explicit comment indicating the fallthrough intention is present."
+-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"}
+-doc_end
+
 #
 # Series 20.
 #
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index eda3c8100c..d593be81b9 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -276,6 +276,34 @@  Deviations related to MISRA C:2012 Rules:
        therefore have the same behavior of a boolean.
      - Project-wide deviation; tagged as `deliberate` for ECLAIR.
 
+   * - R16.3
+     - Switch clauses ending with continue, goto, return statements are safe.
+     - Tagged as `safe` for ECLAIR.
+
+   * - R16.3
+     - Switch clauses ending with a call to a function that does not give
+       the control back are safe.
+     - Tagged as `safe` for ECLAIR.
+
+   * - R16.3
+     - Switch clauses ending with failure method \"BUG()\" are safe.
+     - Tagged as `safe` for ECLAIR.
+
+   * - R16.3
+     - Existing switch clauses not ending with the break statement are safe if
+       an explicit comment indicating the fallthrough intention is present.
+       However, the use of such comments in new code is deprecated:
+       pseudo-keyword "fallthrough" shall be used.
+     - Tagged as `safe` for ECLAIR. The accepted comments are:
+         - /\* fall through \*/
+         - /\* fall through. \*/
+         - /\* fallthrough \*/
+         - /\* fallthrough. \*/
+         - /\* Fall through \*/
+         - /\* Fall through. \*/
+         - /\* Fallthrough \*/
+         - /\* Fallthrough. \*/
+
    * - R20.7
      - Code violating Rule 20.7 is safe when macro parameters are used:
        (1) as function arguments;