[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] misra: allow 'noreturn' as safe for function pointer conversions
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Tue, 29 Jul 2025 15:16:11 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1753794971; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=A2y+0+zpLJGgSxMDpG7Gfpf2CEvhKgip/uW4B4SZFww=; b=dGkpJtJVKiiFw24tEDtAohL1FGNGsePzcO5aEKu5+0fuKEjASz2TK5v0ei+Wx+URmbKt JXd+C9c+QYqq8FJ51hpGl1hMcftymR116IA9anpZWxbR5n5gK2c8nZjF/3CH+7qus+q0Y 01lc1NU3VMfgGbUHCI+LYsiQ9KjHOnKhYQpiP5rJaRarPv+UzzHQyvnAod0giROPG/FUl 8j+LM7e7ytOWTG4iJyhahR+qd30kxp4qml/t9jm0ySTwtvQQRLrmj/kT/5JnbH8nT9NS2 DCoFBagpd0tb3pyMYSAOMejTX+9/S4LsnnLQTzRMpgAq3iWuMWVW/dH/GmADL+hYWbj3S X2O2g3cgEWJI8URVHRPZRw4SlWD88UUznpq2yvopyOSq1pcFiMlzBBci1ES1mV6NUdTZN xY1PiJL1Q4J92q5V4SEC7uzzxK4LafW26UtPP6Aee3NQy34M3r3yK/A9IFtMnxwE0YJqd hDM6H/N3mJBg0k/vMekVauIxfrMzpBB5a/xsOFLEKxt/A/JQD2Lum1PtVYrsrBiueBs7c 5P+STPcg3Dh1mmolo+dWgMKdbSjRfEIezXudu/ojIB2uFhWJZpXg4sKVeokpgIoe8tQPN X4rKbITZRJMoGMFD/QigwU2okptox5ZTYnq7KwmpO1eKIEEofDffl8MF/20Mjgg=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1753794971; b=rhnDTEH9YxSODIJ/+rTm+Zpmzt4b0QvoqSR43DnerRf0H6Ii1yDVZhXaeVHTF6hBwGub dEnApiW/TQuKFkW7Z4ERzt/TnqW1ADMZv0kInnCc+0L7L2i6rHUOL1ZFVGmJ8AOJ/Lr0I W1ENMZC973gQv4AeoUUjPZsewByAnXfyLBxe2KzfyCg01zEwt7OS7XpWQed/Y226cvaPg 8RNL+UdAzZd4WWd7KMZKJ/XqSEOdsuE+iPYWBTH2h7PLIcXM/Qlan6JYfvPWXJTPGWVeJ eDFmRgwd6UhRvS4aHKSysqO7EWDbP59WDdKzt/VWH/gx93qcC2FLUeHMf2FZmSDLlyrvp JZ2UOx75IUMVk39LQ2YgpUa4lBOEJWL0z6VB6DWZx0w93mQKAYcdkQ84wZIwmGk/Ec3bX hPOjqs5ApTMPpwF/Cbz1LPCWl/z+bPws+5g7cVydtirXjJQDx1L7S/s1qBdzLk5Ve7O19 V1isx3IqobqU4+aIL4u/i/16/xWBmfHKMyE8bAsCcnIbVHeKm7RL34Z4Pod5M24PtgnuK qYULwXv1mq+2LtTp/hNWHFDmhht8U/y5qOd8tyyHIwhtkrHDz6t2v6ycZrK3V/RVajynZ ehCs9LUftz3v0YGGZMLd20WsZuDNGGBlaBNjF1MQu9uJ0hi6/QEljz1B9A8tYpE=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Tue, 29 Jul 2025 13:16:22 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-07-29 15:09, Jan Beulich wrote:
On 29.07.2025 15:02, Nicola Vetrini wrote:
On 2025-07-29 14:39, Jan Beulich wrote:
On 29.07.2025 14:21, Dmytro Prokopchuk1 wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -367,6 +367,13 @@ constant expressions are required.\""
}
-doc_end
+-doc_begin="The conversion from 'void noreturn (*)(void *)' to
'void
(*)(void *)' is safe
+because the semantics of the 'noreturn' attribute do not alter the
calling convention or behavior of the resulting code."
+-config=MC3A2.R11.1,casts+={safe,
+
"kind(bitcast)&&to(type(pointer(inner(return(builtin(void))&&all_param(1,
pointer(builtin(void)))))))&&from(expr(skip(!syntactic(),
+ ref(property(noreturn)))))"}
+-doc_end
As I understand it, this is about any function, not just void (void
*)
ones.
Hence throughout anything textual in this patch, may I ask that this
be
made
explicit by inserting e.g. "e.g." everywhere?
Technically yes, in practice other implicit function pointer
conversions
would be caught by -Wincompatible-pointer-types and similar flags so
they don't even come into play. However I agree that adding that is
clearer.
Perhaps a misunderstanding: With "any" I meant any which has a noreturn
attribute, when converted to one with otherwise the same signature. But
irrespective of the particular return type or parameter types (i.e.
specifically not just void (void *) ones).
Ah, sorry, I misunderstood. We check the destination type of the
conversion with
"to(type(pointer(inner(return(builtin(void))&&all_param(1,
pointer(builtin(void)))))))". In principle it could be avoided but I
think that at the moment it's ok as it is, then if it needs to be
extended when more cases emerge I can do that.
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
