Xen project Mailing List

[PATCH v2] misra: add deviation for MISRA C Rule 11.3

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>

Date: Sun, 24 Aug 2025 17:27:40 +0000

Accept-language: en-US, uk-UA, ru-RU

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ta1fZvw0Prwed4zFLSHqjbQtXhX+eSxrwrowmHnYric=; b=U5J8wOslolQdgtYSdiR752fl9ZsimZImRr4AYPsK97eUMVhTrlKVdopG3gKYFbvmlESYbAPez7RHBPAZgdrux3ighPTKZu9RCCEBcuBu4AadnaVXQwX6vs5MXt7PSFiuO4dTut0zop8B/q5xNGqmLfQm0IK9NLJyB1jZzWokamCGhP06nA2bJR0LFB2JQaNDZptKsByYQzGfGAXUHIqLgOZdR28q5jCHAyKzux0l/f3XpOhWDLL4H5ck2k56+E4NPiXPMprl3SGFrFasa4PxOSCKUEz37qaxDpu2Oof37pzttqEMdgzQQoGc0Eh/vB9cj/fsSQuXHkoc+G/ltWZ24w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Zlsk3+prIwpYlpH4Zk6nh3np/0qCPAdeb+DtgmS7+ITL/TFX2fbpxvMS2BXrQoywdZXytOn7bdobXdaHnEZmxZPoZSAxnpKahBHslsyvtZ3JyZl3lGNmIfYOKRD3f6H0WHeISKyQAfe3fO2T7PwBuqKUPh9hU525uGghniwf58oSl3RzaB1aEYEiVeJTZGXrBVDv3D/TkzqIalYuQ51Mh2SHU2PUBfBhFmYkH0QMKbnElvEWhRPoKcXFHJ2zF3DJs8SqWZ38mpqRd/b32tQCEutiEcWSrjV2j/M7wHVN2BMaBaDvpIwvGwgdOaHADUDBBwvAcTeCe2ZJJ/+EV8fAOA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Sun, 24 Aug 2025 17:27:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHcFRxkNZTwf+a94EKUOod0hf+3zw==

Thread-topic: [PATCH v2] misra: add deviation for MISRA C Rule 11.3

MISRA C Rule 11.3 states: "A cast shall not be performed between a pointer to object type and a pointer to a different object type." Violations of this rule arise due to the 'container_of()' macro, which casts a member of a structure to its containing structure: container_of(ptr, type, member) ({ \ typeof_field(type, member) *__mptr = (ptr); \ (type *)( (char *)__mptr - offsetof(type,member) );}) The 'container_of()' macro is safe because it relies on the standardized and well-defined 'offsetof()' macro to calculate the memory address of the containing structure, while assuming proper alignment and ensuring no undefined behavior, provided that the input pointer is valid and points to the specified member. Configure Eclair to suppress violation reports related to 'container_of()' macro. Update 'deviations.rst' file accordingly. No functional changes. Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx> --- Changes in v2: - removed '-enable=MC3A2.R11.3' from the monitored.ecl file - fixed typo: "Convesions" -> "Conversions" - added parentheses for macros container_of() and offsetof() Link to v1: https://patchew.org/Xen/d6a8682c98880d66ea99f882520b3defda0e3fe0.1755672275.git.dmytro._5Fprokopchuk1@xxxxxxxx/ --- automation/eclair_analysis/ECLAIR/deviations.ecl | 8 ++++++++ docs/misra/deviations.rst | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 7f3fd35a33..42b84429f0 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -403,6 +403,14 @@ because the semantics of the 'noreturn' attribute do not alter the calling conve } -doc_end +-doc_begin="Conversions in the 'container_of()' macro are safe because it relies on +the standardized and well-defined 'offsetof()' macro to calculate the memory address +of the containing structure, while assuming proper alignment and ensuring no +undefined behavior, provided that the input pointer is valid and points to the +specified member." +-config=MC3A2.R11.3,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"} +-doc_end + -doc_begin="Conversions from and to integral types are safe, in the assumption that the target type has enough bits to store the value. See also Section \"4.7 Arrays and Pointers\" of \"GCC_MANUAL\"" -config=MC3A2.R11.6,casts+={safe, diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 2119066531..db9e09c3cb 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -393,6 +393,14 @@ Deviations related to MISRA C:2012 Rules: (i.e., less strict) alignment requirement are safe. - Tagged as `safe` for ECLAIR. + * - R11.3 + - Conversions in the 'container_of()' macro are safe because it relies on + the standardized and well-defined 'offsetof()' macro to calculate the + memory address of the containing structure, while assuming proper + alignment and ensuring no undefined behavior, provided that the input + pointer is valid and points to the specified member. + - Tagged as `safe` for ECLAIR. + * - R11.6 - Conversions from and to integral types are safe, in the assumption that the target type has enough bits to store the value. -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.