On 31.08.2023 03:56, Stefano Stabellini wrote:
> On Wed, 30 Aug 2023, Simone Ballarin wrote:
>> On 29/08/23 00:27, Stefano Stabellini wrote:
>>> On Mon, 28 Aug 2023, Simone Ballarin wrote:
>>> --- a/xen/arch/x86/usercopy.c
>>> +++ b/xen/arch/x86/usercopy.c
>>> @@ -1,3 +1,4 @@
>>> +/* SAF-1-safe */
>>> /*
>>> * User address space access functions.
>>> *
>>> > Otherwise, maybe we should extend safe.json to also have an extra field
>>> with a list of paths. For instance see "files" below >
>>> {
>>> "version": "1.0",
>>> "content": [
>>> {
>>> "id": "SAF-0-safe",
>>> "analyser": {
>>> "eclair": "MC3R1.R8.6",
>>> "coverity": "misra_c_2012_rule_8_6_violation"
>>> },
>>> "name": "Rule 8.6: linker script defined symbols",
>>> "text": "It is safe to declare this symbol because it is
>>> defined in the linker script."
>>> },
>>> {
>>> "id": "SAF-1-safe",
>>> "analyser": {
>>> "eclair": "MC3R1.D4.10"
>>> },
>>> "name": "Dir 4.10: files that include themselves",
>>> "text": "Files purposely written to include themselves are not
>>> supposed to comply with D4.10.",
>>> "files": ["xen/arch/x86/usercopy.c"]
>>> },
>>> {
>>> "id": "SAF-2-safe",
>>> "analyser": {},
>>> "name": "Sentinel",
>>> "text": "Next ID to be used"
>>> }
>>> ]
>>> }
>>>
>> In general, I prefer the first option for such ad hoc deviation (the comment
>> at the beginning of the file): this way, anyone who touches the file will
>> immediately see the comment and think as its changes will affect the
>> deviation
>> (is it still safe? is it still necessary?).
>>
>> To help the developer more, I think it is better to also add the "name" in
>> the
>> comment, this is my proposal:
>>
>> /* SAF-4-safe Dir 4.10: files that include themselves*/
>
> Yes, this is fine, it was always intended to be possible to add the
> name of the deviation or a short comment in the in-code comment
But then either the directive number wants omitting, or the Misra version
needs to also be stated.
Jan
