On 13.07.2024 00:45, Stefano Stabellini wrote: > As discussed during the last MISRA C meeting, add Rule 12.2 to the list > of MISRA C rules we accept, together with an explanation that we use gcc > -fsanitize=undefined alone to check for violations.
Neither the "alone" here nor ... > --- a/docs/misra/rules.rst > +++ b/docs/misra/rules.rst > @@ -443,6 +443,14 @@ maintainers if you want to suggest a change. > - The macro NULL shall be the only permitted form of null pointer > constant > - > > + * - `Rule 12.2 > <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_12_02.c>`_ > + - Required > + - The right hand operand of a shift operator shall lie in the range > + zero to one less than the width in bits of the essential type of > + the left hand operand > + - We rely exclusively on gcc -fsanitize=undefined to check for > + dangerious violations to this rule and to ensure compliance ... the "exclusively" here look quite right to me. That's true for shift counts which aren't build-time constant. For those which are we leverage ordinary compiler diagnostics. Preferably with a respective adjustment: Acked-by: Jan Beulich <jbeul...@suse.com> Jan
