[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] misra/eclair: set 'noreturn' attribute as safe during cast

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Tue, 29 Jul 2025 12:55:31 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1753786531; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=yyW1z1KFJYFLXz+z9yoIFdcdE7QGejx/abg19b/D2WQ=; b=vTP8FRpMF9p7EYOSli6rDmak8yoiqRTTlX3T3VaVHOg/Wp2lgQ6VzWXcgBjwF5wKXhQw hv3muYPJKhGbrWh21TSGMLdGuErQEgXqYYRdEde/tKMq9otpJuSgOISD6Dq/vEX3sEXPK FP3Fsf+mek+PQDy1MABFjzbQkw5Yd+wJzQonxfCAwiVi5I+En1kSBfykQmv33LnHtbQzp SrtzpIzPNwvIk9vqF0jxuP7ZC9GnyynT3jiEFlgL+m+vPWagDvEuC0DBteKHA4wuJO9yX 3PFYYbLXvEXKO/2tIDb2Q1eGeDNG+SNQUBfIWhiGtpNsgm5mE3nkNhcHdlGIL3iziqauP YmWqkNXV3TmfJglabOpYn1U2/AHyBV+JwqYt3wSlqN9O5Kxp9sCk4ALWg5pRjKc3qlR3g QMIJXqDkLgMEhdsDXUgjWx2AIlyO6Qkk9yhKLEk0A5qfGt4qRCsPdcszoJVEpeSUW5uKo qVmcRwu1bJe3PUAx9zbh0xhBB01xij3I5m/oa5KC335XafV+xRHZhaAoQNTdDjto17a/7 Mjgwl/+7ECjfBIMMkhVUrA+Hu7MgYziOKg8XpXjng18wN/5joddsXqdwh0v03z5tFqII1 RftBhXV2C4agDPX88sU4QFpP8bSbu/IHY/SF094JXfs/D47cv16bDLRgkgb0bRI=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1753786531; b=AJ6Z3Q9CafoVzyl/10PFG6O22/io+5OdWLpT+KGxCSxBBrjwnjA2fGT+q9dYyfQKArW9 p3iU1i3ZFiiNni++rZaIyNnQA5ipVlg/78hKE5B7oOfSmhsvR4vW0dKdU7V5bNXCfSVkm c3hFOyhkDmAYmlnAe5isORsaGfbhyb+23g4j4+VMpnNqYI6zfetPdI9Q0xXCOj0WvzK/9 fUC/IoJPGqWv/D5B6PASAddEbL4dovHtFqYBWoxs9cFKc9aIocGp4On3NePvaW7x+QhUV 0+gubQ0Cnr25n2ocUq3dFjCsUxG/OHXyIY9jpZ13aue0lYk1fV1RHTyCbzBykNUDV3DtS LNWi3sVnl/Gl+Axhsyz3kF3dIV/O5h/Oi3T8N89pYtOntdQ9aYict1aK0NqHdRITnhxg0 4mjiDZ3yBn0lQxffkaxIFaUgA8rcWqf+ZKOkY+Cg4zZB/ZevktY64oh0vrepNrac+E1ls X4RlQS5ZBngmf/Rg1ttuDomGNHDaDWh6Tult4SRkjLHHRsaQdWWrnoXUOxLRsDlg6iKjn JhAMKV0Nfcs92o25MiyoUpPfob5pTpER4dv6LC295hxRYX5rc6fBBkeDCkcBhQib24K91 tPpbGTxougGLli8WCF2kjCwtAhKdT97JIqTcF3MFQHnxryki/X/EPsg9rDu6tjk=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 29 Jul 2025 10:55:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-29 12:52, Jan Beulich wrote:

On 29.07.2025 12:04, Dmytro Prokopchuk1 wrote:



On 7/29/25 11:04, Jan Beulich wrote:

On 29.07.2025 00:15, Dmytro Prokopchuk1 wrote:

ECLAIR reports a non-compliant cast due to the presence
of the 'noreturn' attribute in the callee function.


Which callee function? Which cast? Please be concrete. You don't need
to enumerate all case, but one specific example wants pointing at.


The issue occurs when casting a function pointer with
the 'noreturn' attribute (void noreturn (*)(void *))
to a general function pointer type (void (*)(void *)).


And again - why "casting"? As per ...


Configure ECLAIR to treat 'noreturn' attributes as safe
in this conversion.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
Previous discussion thread:
https://patchew.org/Xen/181a03d5c7625d42c06cf9fa0cf48a9bc6825361.1753647875.git.dmytro._5Fprokopchuk1@xxxxxxxx/


... there was no cast involved, iirc. We specifically rejected your
attempt to add a cast there. It's a conversion the compiler does, aiui. 


Yes, you are right.
Word "cast" is not appropriate there.

Below is updated text:

     misra: allow 'noreturn' as safe for function pointer conversions

     The conversion from a function pointer with the
     'noreturn' attribute ('void noreturn (*)(void *)')
     to a function pointer type ('void (*)(void *)'
     causes type incompatibility according to
     MISRA C Rule 11.1, which forbids conversions
     between incompatible function pointer types.

     The violation occurs at the call site
         smp_call_function(halt_this_cpu, NULL, 0);
     where 'halt_this_cpu' with type 'void noreturn (*)(void *)'
     is passed to 'smp_call_function' expecting a function
     pointer of type 'void (*)(void *)'.

     The 'noreturn' attribute does not change the function
     calling convention or parameter handling at runtime,
     making the conversion safe.


Up to here things read much better now, thanks. Just one more request:
Please make better use of the 72 (or maybe even 75) characters that are
permitted per line.


     Configure ECLAIR to treat 'noreturn' attributes as safe.
Configure ECLAIR to treat implicit casts that lose the "noreturn" attribute on a function void (*fp)(void*) as safe. This is because the deviation actually just deviates void noreturn (*fp)(void*) -> void (*fp)(void*) 


This one is still way to imprecise, though. And I hope it's only this
description, not also the Eclair configuration item that's overly lax.

Jan


--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.