| Message ID | 90044547484dac6fcb4748ae8758e38234b3261a.1719297249.git.federico.serafini@bugseng.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [XEN,v4] automation/eclair: extend existing deviations of MISRA C Rule 16.3 | expand |
On 25.06.2024 08:46, Federico Serafini wrote: > Update ECLAIR configuration to deviate more cases where an > unintentional fallthrough cannot happen. > > Tag Rule 16.3 as clean for arm. > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> > Acked-by: Stefano Stabellini <sstabellini@kernel.org> To add to my reply on the other series: As per above you even acked ... > --- a/docs/misra/deviations.rst > +++ b/docs/misra/deviations.rst > @@ -330,12 +330,34 @@ Deviations related to MISRA C:2012 Rules: > - Tagged as `deliberate` for ECLAIR. > > * - R16.3 > - - Switch clauses ending with continue, goto, return statements are safe. > + - Statements that change the control flow (i.e., break, continue, goto, > + return) and calls to functions that do not return the control back are > + \"allowed terminal statements\". > - Tagged as `safe` for ECLAIR. > > * - R16.3 > - - Switch clauses ending with a call to a function that does not give > - the control back (i.e., a function with attribute noreturn) are safe. > + - An if-else statement having both branches ending with one of the allowed > + terminal statemets is itself an allowed terminal statements. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - An if-else statement having an always true condition and the true > + branch ending with an allowed terminal statement is itself an allowed > + terminal statement. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - A switch clause ending with a statement expression which, in turn, ends > + with an allowed terminal statement (e.g., the expansion of > + generate_exception()) is safe. > + - Tagged as `safe` for ECLAIR. > + > + * - R16.3 > + - A switch clause ending with a do-while-false the body of which, in turn, > + ends with an allowed terminal statement (e.g., PARSE_ERR_RET()) is safe. > + An exception to that is the macro ASSERT_UNREACHABLE() which is > + effective in debug build only: a switch clause ending with > + ASSERT_UNREACHABLE() is not considered safe. > - Tagged as `safe` for ECLAIR. ... this explicit statement regarding ASSERT_UNREACHABLE(). Jan
On Tue, 25 Jun 2024, Jan Beulich wrote: > On 25.06.2024 08:46, Federico Serafini wrote: > > Update ECLAIR configuration to deviate more cases where an > > unintentional fallthrough cannot happen. > > > > Tag Rule 16.3 as clean for arm. > > > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> > > Acked-by: Stefano Stabellini <sstabellini@kernel.org> > > To add to my reply on the other series: As per above you even acked ... > > > --- a/docs/misra/deviations.rst > > +++ b/docs/misra/deviations.rst > > @@ -330,12 +330,34 @@ Deviations related to MISRA C:2012 Rules: > > - Tagged as `deliberate` for ECLAIR. > > > > * - R16.3 > > - - Switch clauses ending with continue, goto, return statements are safe. > > + - Statements that change the control flow (i.e., break, continue, goto, > > + return) and calls to functions that do not return the control back are > > + \"allowed terminal statements\". > > - Tagged as `safe` for ECLAIR. > > > > * - R16.3 > > - - Switch clauses ending with a call to a function that does not give > > - the control back (i.e., a function with attribute noreturn) are safe. > > + - An if-else statement having both branches ending with one of the allowed > > + terminal statemets is itself an allowed terminal statements. > > + - Tagged as `safe` for ECLAIR. > > + > > + * - R16.3 > > + - An if-else statement having an always true condition and the true > > + branch ending with an allowed terminal statement is itself an allowed > > + terminal statement. > > + - Tagged as `safe` for ECLAIR. > > + > > + * - R16.3 > > + - A switch clause ending with a statement expression which, in turn, ends > > + with an allowed terminal statement (e.g., the expansion of > > + generate_exception()) is safe. > > + - Tagged as `safe` for ECLAIR. > > + > > + * - R16.3 > > + - A switch clause ending with a do-while-false the body of which, in turn, > > + ends with an allowed terminal statement (e.g., PARSE_ERR_RET()) is safe. > > + An exception to that is the macro ASSERT_UNREACHABLE() which is > > + effective in debug build only: a switch clause ending with > > + ASSERT_UNREACHABLE() is not considered safe. > > - Tagged as `safe` for ECLAIR. > > ... this explicit statement regarding ASSERT_UNREACHABLE(). You are right... I read the statement about ASSERT_UNREACHABLE() only in the context of do-while-false. Let's continue the discussion in the other email thread.
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index ae2eaf50f7..c8bff0e057 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -380,14 +380,30 @@ therefore it is deemed better to leave such files as is." -config=MC3R1.R16.2,reports+={deliberate, "any_area(any_loc(file(x86_emulate||x86_svm_emulate)))"} -doc_end --doc_begin="Switch clauses ending with continue, goto, return statements are -safe." --config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} +-doc_begin="Statements that change the control flow (i.e., break, continue, goto, return) and calls to functions that do not return the control back are \"allowed terminal statements\"." +-stmt_selector+={r16_3_allowed_terminal, "node(break_stmt||continue_stmt||goto_stmt||return_stmt)||call(property(noreturn))"} +-config=MC3R1.R16.3,terminals+={safe, "r16_3_allowed_terminal"} +-doc_end + +-doc_begin="An if-else statement having both branches ending with an allowed terminal statement is itself an allowed terminal statement." +-stmt_selector+={r16_3_if, "node(if_stmt)&&(child(then,r16_3_allowed_terminal)||child(then,any_stmt(stmt,-1,r16_3_allowed_terminal)))"} +-stmt_selector+={r16_3_else, "node(if_stmt)&&(child(else,r16_3_allowed_terminal)||child(else,any_stmt(stmt,-1,r16_3_allowed_terminal)))"} +-stmt_selector+={r16_3_if_else, "r16_3_if&&r16_3_else"} +-config=MC3R1.R16.3,terminals+={safe, "r16_3_if_else"} +-doc_end + +-doc_begin="An if-else statement having an always true condition and the true branch ending with an allowed terminal statement is itself an allowed terminal statement." +-stmt_selector+={r16_3_if_true, "r16_3_if&&child(cond,definitely_in(1..))"} +-config=MC3R1.R16.3,terminals+={safe, "r16_3_if_true"} +-doc_end + +-doc_begin="A switch clause ending with a statement expression which, in turn, ends with an allowed terminal statement is safe." +-config=MC3R1.R16.3,terminals+={safe, "node(stmt_expr)&&child(stmt,node(compound_stmt)&&any_stmt(stmt,-1,r16_3_allowed_terminal||r16_3_if_else||r16_3_if_true))"} -doc_end --doc_begin="Switch clauses ending with a call to a function that does not give -the control back (i.e., a function with attribute noreturn) are safe." --config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} +-doc_begin="A switch clause ending with a do-while-false the body of which, in turn, ends with an allowed terminal statement is safe. +An exception to that is the macro ASSERT_UNREACHABLE() which is effective in debug build only: a switch clause ending with ASSERT_UNREACHABLE() is not considered safe." +-config=MC3R1.R16.3,terminals+={safe, "!macro(name(ASSERT_UNREACHABLE))&&node(do_stmt)&&child(cond,definitely_in(0))&&child(body,any_stmt(stmt,-1,r16_3_allowed_terminal||r16_3_if_else||r16_3_if_true))"} -doc_end -doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are @@ -399,8 +415,7 @@ safe." -config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} -doc_end --doc_begin="Switch clauses not ending with the break statement are safe if an -explicit comment indicating the fallthrough intention is present." +-doc_begin="Switch clauses ending with an explicit comment indicating the fallthrough intention are safe." -config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} -doc_end diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/automation/eclair_analysis/ECLAIR/tagging.ecl index b829655ca0..54772809ca 100644 --- a/automation/eclair_analysis/ECLAIR/tagging.ecl +++ b/automation/eclair_analysis/ECLAIR/tagging.ecl @@ -107,7 +107,7 @@ if(string_equal(target,"x86_64"), ) if(string_equal(target,"arm64"), - service_selector({"additional_clean_guidelines","MC3R1.R16.6||MC3R1.R2.1||MC3R1.R5.3||MC3R1.R7.3"}) + service_selector({"additional_clean_guidelines","MC3R1.R16.3||MC3R1.R16.6||MC3R1.R2.1||MC3R1.R5.3||MC3R1.R7.3"}) ) -reports+={clean:added,"service(clean_guidelines_common||additional_clean_guidelines)"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 16fc345756..b11a5623c7 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -330,12 +330,34 @@ Deviations related to MISRA C:2012 Rules: - Tagged as `deliberate` for ECLAIR. * - R16.3 - - Switch clauses ending with continue, goto, return statements are safe. + - Statements that change the control flow (i.e., break, continue, goto, + return) and calls to functions that do not return the control back are + \"allowed terminal statements\". - Tagged as `safe` for ECLAIR. * - R16.3 - - Switch clauses ending with a call to a function that does not give - the control back (i.e., a function with attribute noreturn) are safe. + - An if-else statement having both branches ending with one of the allowed + terminal statemets is itself an allowed terminal statements. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - An if-else statement having an always true condition and the true + branch ending with an allowed terminal statement is itself an allowed + terminal statement. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - A switch clause ending with a statement expression which, in turn, ends + with an allowed terminal statement (e.g., the expansion of + generate_exception()) is safe. + - Tagged as `safe` for ECLAIR. + + * - R16.3 + - A switch clause ending with a do-while-false the body of which, in turn, + ends with an allowed terminal statement (e.g., PARSE_ERR_RET()) is safe. + An exception to that is the macro ASSERT_UNREACHABLE() which is + effective in debug build only: a switch clause ending with + ASSERT_UNREACHABLE() is not considered safe. - Tagged as `safe` for ECLAIR. * - R16.3