[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v1] misra: add deviation of Rule 10.1 for unary minus
- To: Julien Grall <julien@xxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Wed, 23 Apr 2025 23:09:56 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1745442596; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=obOWsfDCMqWc6RyXHL2DTYFra3Oay8yuQNaJUgktNVQ=; b=bKH92BNxQeoL57gLprA//Q7Atdglg/fTvHAXd5TpySKDByIN9txD+OgwKeUli5+6hZzE 0ILf4WpAoQJtFrIjAJrG5gqjnYJlgDuS1tLKUSHjfqcz9KlR0ApjxkzrN8xSWPV3JAkUn nEK41abosVH4ehm0XbQujSmvrako9EVo5uY92YKS9/qCBGUb41JroW27kCdJ3/qOvc6VA 6JtMpzSRW15W+iUqIfSnOlty+eCVBpijF1FcAFcc6NlHtZzct2uNMsStxkP/S6+WG8cG+ AXf6JkE1oMtfm9yeUBmtRZEwVFen5L8t3I5bb9LQ5kYof5j3i4E8r+goLNWBHQT1PeK+g Kb/z8ro7BS49pF8HaJPyMly9J9RHYvbRSJRh0XYOdcKamjcTsqAjh+Ek22tR5hndsH9ML o09EMi3m3yRa9YkJ2NhvJYe4cjKtULXL2S2EwU0T1wQG+8nonlZzyA5cYP4jR1rWTFxSg L0qe1y8IwkaRzWrOONX/tjk3BF+OgNsP3YLb6gBUKulqEt4zlTYp8Gig4BgBYMmEsUS6z chrEW3dM/KPU/Gitg7aOiPJF1cieL/j6vvW0XW32k/SJEs/WleWFAIY3nUrPnxHMxNc97 MJGxgXdTLFwqH1DhOb5qhcqXPnJRrnWiJaGolXSjr334AZMb3TPZKTCTPyeVuzE=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1745442596; b=ySIsKPhQda3RSyWGlp+1orZn74T/YVn8TT2rgty7bsTbcFniQKRnY7RUTSA+Q8ywaPFP 5/KXdSgSooyAv8sTKxb1jD+Ee6xokDcaYRhTcU8ELv8hZoJMQVGMQjkIyeR6OHjVKc3CC +JJrd655v7CjwGd8FRDkl+jRYAQ/mpOc+HTb31YlpM8Armpukd3G9Fe19FTvl+y0nPToE rldNpS0scivmlvul1g+cwb6saqcRwkNH/D5g2rGt71Y5Xd2JTdGHvL02ZO0dvWfHNxq3P ezk5W7sjGn1Z0dZSgzJTuo2GgLkiffXMs2oT1w+Jgv5ttoT/2LZ4NjJrYiNO3WPIc6IBa 9V0+Dd6+0d7PYizPjUpmw8+z2kdpF4qxn7m6JZdmWRVVFyG//cBuwOfK6tgH+7BtXx6Kz /C+g07mOB8vKEmqpbRbEq6mRrkSOKBoTn0oufd/9JY6orCcvqNjdslfv+Y1A66UILXBX3 0zCQ7b4Znz9AnJ7k+a3SCofqxMxALTj780YzoNGPATwFr0p2ocpJbYD6UlFKOpta9JsYA vDGq56TvoA9zGntcJDUIA8h+pJtXW4jdHd27OliPcqb7AyPiliPNqn5G96DZlzGeDvZUB ShASPxMY8Dy2hJBHoNeeoWaKDkepMgQ2ZFqaCwWx7bqpwdMyMHV5LkCZGtJNjcs=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: victorm.lira@xxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, Federico Serafini <federico.serafini@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>
- Delivery-date: Wed, 23 Apr 2025 21:10:03 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-04-23 22:48, Julien Grall wrote:
Hi Victor,
On 23/04/2025 18:54, victorm.lira@xxxxxxx wrote:
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
MISRA C Rule 10.1 states:
"Operands shall not be of an inappropriate essential type"
The unary minus operator applied to an unsigned quantity has
a semantics (wrap around) that is well-known to all Xen developers.
Thus, this operation is deemed safe.
No functional change.
Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Signed-off-by: Federico Serafini <federico.serafini@xxxxxxxxxxx>
Signed-off-by: Victor Lira <victorm.lira@xxxxxxx>
---
Changes v1:
- add rule title to commit message
---
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>
Cc: Michal Orzel <michal.orzel@xxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Julien Grall <julien@xxxxxxx>
Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Cc: Federico Serafini <federico.serafini@xxxxxxxxxxx>
Cc: Bertrand Marquis <bertrand.marquis@xxxxxxx>
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 6 ++++++
docs/misra/deviations.rst | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 303b06203a..2cfce850bd 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -347,6 +347,12 @@ constant expressions are required.\""
"any()"}
-doc_end
+-doc_begin="Unary minus operations on non-negative integers have a
semantics (wrap around) that is well-known to all Xen developers."
+-config=MC3A2.R10.1,etypes+={safe,
+ "stmt(node(unary_operator)&&operator(minus))",
+ "src_expr(definitely_in(0..))"}
+-doc_end
+
#
# Series 11
#
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index cfdd1a9838..c5897e31c5 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -321,6 +321,12 @@ Deviations related to MISRA C:2012 Rules:
If no bits are set, 0 is returned.
- Tagged as `safe` for ECLAIR.
+ * - R10.1
+ - Applying the unary minus operator to an unsigned quantity has
a
+ semantics (wrap around) that is well-known to all Xen
developers.
+ For this reason, the operation is safe.
I have realized we use similar wording in the rest of the deviations,
but this is rather fragile argument. "well-known" is very subjective
and could change over time.
How many violations do we have? Could we deviate them one by one?
Hi Julien,
around 10 on ARM, but more than 100 on x86 scattered around multiple
constructs (e.g. not only inside a handful of macros), so I don't think
it's feasible to deviate them one by one. I do agree that the wording is
subjective, but it is rather well-defined which toolchains and
architectures are used (C-language-toolchain.rst). Perhaps a wording
mentioning the specific assumptions implied here can address your
concerns?
Thanks,
Nicola
Cheers,
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
