Message ID | alpine.DEB.2.22.394.2407121543250.3635@ubuntu-linux-20-04-desktop (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | docs/misra: add rule 12.2 | expand |
On 13.07.2024 00:45, Stefano Stabellini wrote: > As discussed during the last MISRA C meeting, add Rule 12.2 to the list > of MISRA C rules we accept, together with an explanation that we use gcc > -fsanitize=undefined alone to check for violations. Neither the "alone" here nor ... > --- a/docs/misra/rules.rst > +++ b/docs/misra/rules.rst > @@ -443,6 +443,14 @@ maintainers if you want to suggest a change. > - The macro NULL shall be the only permitted form of null pointer constant > - > > + * - `Rule 12.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_02.c>`_ > + - Required > + - The right hand operand of a shift operator shall lie in the range > + zero to one less than the width in bits of the essential type of > + the left hand operand > + - We rely exclusively on gcc -fsanitize=undefined to check for > + dangerious violations to this rule and to ensure compliance ... the "exclusively" here look quite right to me. That's true for shift counts which aren't build-time constant. For those which are we leverage ordinary compiler diagnostics. Preferably with a respective adjustment: Acked-by: Jan Beulich <jbeulich@suse.com> Jan
diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 2e11566e20..a7e2b646de 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -443,6 +443,14 @@ maintainers if you want to suggest a change. - The macro NULL shall be the only permitted form of null pointer constant - + * - `Rule 12.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_02.c>`_ + - Required + - The right hand operand of a shift operator shall lie in the range + zero to one less than the width in bits of the essential type of + the left hand operand + - We rely exclusively on gcc -fsanitize=undefined to check for + dangerious violations to this rule and to ensure compliance + * - `Rule 12.5 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_05.c>`_ - Mandatory - The sizeof operator shall not have an operand which is a function
As discussed during the last MISRA C meeting, add Rule 12.2 to the list of MISRA C rules we accept, together with an explanation that we use gcc -fsanitize=undefined alone to check for violations. Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>