[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] misra: add deviation of Rule 17.7

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • Date: Mon, 25 Aug 2025 17:33:52 +0000
  • Accept-language: en-US, uk-UA, ru-RU
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3fm0xlYOpyRLwtuEFwHUpE4BUXCwejIqICQvfJJcZws=; b=v2Qqosdgnl25hGX9Jt42Fc/vyckifM9OKl0GKaodjh0n8rElKAJEJVCwPGwBaxOIeV1l4Hgw43nH82nKJbZcVjQyFZSS8/Z7ufidsshFT+I2T+pktu3AMh8c/uXHEhSuwDTXUF2puZkGnJhDfndbebMbwxiXY6FY6nBsPW74+3rOPZLU5IruCt3nFy8m6irsRLIbXcCx0AWRsdmu3qTBrkA0NV+cnw5UIpMYKFFzfMkYlH0tXpQMuCes8/KX9aPu2ZL3QsD+dyEtBfcgjwijomA/pGbc574NAvnKzuoBE0tJykncLNwz94pH+FKjF3BTKaZ1hSItWFBhV0dLHBzSOg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pyysQZwK5ay6XZXHp79P0cqt3Jr3ZpBoDeMektSPMRqIe8EBcN2Dpr0cX8MbLxQdvhZ/GhArgGeyYIIriFdCUrdgBx0bU43KRSLzqNQYOpJNTDQv2IV5a/MRtoG5YqY6jouGhqzIUHcWYdARuLEkCN+1f8UYFixmdmPjiSgXFHMuDxqCJmsaBdglbwvqbTL+jUqXGjSz+0R8N2g46jqoqNvQOVby/a4/JAZl1bli+TSdq9pmI+k5w7G1Fv0vZoyelv80r3QfuAydCrpHrt3Qk/0hlH0Mh+vLMXfKGHZqENd424+bVZngAWR0jO2NRR81/0I14PAD/1d0gYQ8MQ+FEA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 25 Aug 2025 17:34:15 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcFZ9zsboRH18vd0iLUvum4pfwBbRzK0qAgAAH1ACAAAJ8AIAAJzmAgAAMhACAADhBgA==
  • Thread-topic: [PATCH] misra: add deviation of Rule 17.7

On 8/25/25 17:12, Jan Beulich wrote:
> On 25.08.2025 15:27, Dmytro Prokopchuk1 wrote:
>>
>>
>> On 8/25/25 14:07, Jan Beulich wrote:
>>> On 25.08.2025 12:58, Dmytro Prokopchuk1 wrote:
>>>> On 8/25/25 13:30, Jan Beulich wrote:
>>>>> On 25.08.2025 11:05, Dmytro Prokopchuk1 wrote:
>>>>>> MISRA C Rule 17.7 states: "The value returned by a function having
>>>>>> non-void return type shall be used."
>>>>>>
>>>>>> Deviate functions like 'memcpy()', 'memset()', 'memmove()', 'snprintf()',
>>>>>> 'strlcpy()', 'strlcat()', as they return a value purely for convenience,
>>>>>> their primary functionality (e.g., memory or string operations) remains
>>>>>> unaffected, and their return values are generally non-critical and seldom
>>>>>> relied upon. Update 'deviations.rst' file accordingly.
>>>>>
>>>>> How come snprintf() is among this set? Its return value isn't quite just
>>>>> for convenience, imo.
>>>>
>>>> Yes, snprintf()'s return value isn't just for convenience. The deviation
>>>> justification is primarily based on the fact that its return value is
>>>> rarely used in the Xen source base. Most callers of snprintf() don't
>>>> care about return value. So, snprintf() is in this list.
>>>>
>>>> Maybe separate wording is required for the snprintf() ?
>>>
>>> Minimally. Personally I don't think it should be deviated globally.
>>
>> There are approximately 230 instances of snprintf() being used without
>> checking its return value (across ARM and x86) in around 20 different
>> source files. Deviation each of them could be complicated.
> 
> My grep yields somewhere between 50 and 60 hits in xen/, among them about 15
> in xen/tools/kconfig/, which I expect we can ignore. I also didn't mean to
> suggest to deviate them all individually. Some may actually want to use the
> return value, and I wouldn't be surprised if this ended up fixing a bug or
> two.
> 
> Jan

For memory-related functions (memcpy, memset, memmove), ignoring the 
return value is almost always safe, so I propose to leave these 
functions in the patch, remove snprintf, strlcpy, strlcat so far, and
precisely check usage of the last functions.

Is it OK?

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.