On 2025-07-30 16:15, Andrew Cooper wrote:
On 30/07/2025 3:06 pm, Dmytro Prokopchuk1 wrote:
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index e78179fcb8..fba75be2ee 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -86,6 +86,14 @@ Deviations related to MISRA C:2012 Rules:
generate definitions for asm modules.
- Tagged as `deliberate` for ECLAIR.
+ * - R2.1
+ - Calls to the `__builtin_unreachable` function inside the
expansion of
+ the `ASSERT_UNREACHABLE()` macro may cause a function to be
marked as
+ non-returning. Since this only happens in debug
configurations,
+ the `noreturn` property for `__builtin_unreachable` is
overridden in
+ these contexts, resulting in the absence of reports that do
not have
+ an impact on safety, despite being true positives.
+
I'm not sure how best to phrase this, but it's probably worth saying
that Xen expects developers to write code which would fail safe in a
release build when the assertion was removed.
I.e. it's more than just "there may be code there". It's expected that
there is.
Yes, I had some trouble finding the proper wording here, so feel free to
improve it. It's just to highlight that the code would be truly
unreachable in debug builds, so an assessor expecting violations there
won't find them because of this configuration.
~Andrew
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
